Eclipse Foundation announces collaboration for CRA compliance

The Eclipse Foundation, the organizationbehind the Eclipse IDE and many other software projects, announceda collaboration between several different open-source-software foundations tocreate a specification describing secure software development best practices.This work is motivated by the European Union's Cyber Resilience Act (CRA).

The leading open source communities and foundations have foryears developed and practised secure software developmentprocesses. These are processes that have often defined or setindustry best practices around things such as coordinateddisclosure, peer review, and release processes. These processeshave been documented by each of these communities, albeitsometimes using different terminology and approaches. Wehypothesise that the cybersecurity process technicaldocumentation that already exists amongst the open sourcecommunities can provide a useful starting point for developingthe cybersecurity processes required for regulatory compliance.

(Thanks to Martin Michlmayr.)