For April Fools, I told the ETSI CYBER EUSR rapporteur group on web browsers that the European Commission was giving us until April 15th to submit our final draft. Got them good! Well, some requests for clarification but actually no laughs… (Real timeline: edit through May, then more review stages)
Come to this free event this Thursday in CTTC in Castelldefels (Barcelona) to hear me talk about the Cyber Resilience Act and web browsers.
Registra't aqui: cyberstand.eu/events/cra-s...
(Background music: Jennifer by Els Catarres)
Ve a aquest esdeveniment gratis aquest dijous a CTTC a Castelldefels per a sentir-me xerrar del Cyber Resilience Act i els navegadors web.
Ven a este evento gratis este jueves en CTTC en Castefa para escucharme charlar del Cyber Resilience Act y los navegadores web.
JavaScript's date object has been tricky for years, but that is changing.
The NEW Temporal API brings,
🌍 Easily handle time zones
📆 Precise date math
🕒 Parse ISO strings without errors
⌛ Durations, date ranges, and more.
Start experimenting 👇
developer.mozilla.org/en-US/docs/...
This standard is still in development, at labs.etsi.org/rep/stan4cra... , with weekly meetings freely accessible to open source developers, as well as ETSI members. Please get in touch with me if you want to be involved.
I spoke at FOSDEM about the new European web browser security standard, under development in ETSI, as part of the Cyber Resilience Act. Video here: mirror.as35701.net/video.fosdem...
In addition to development in GitLab, we have regular calls. The next one is tomorrow, Feb 3rd at 3 PM (CET). If you want to join this or a future call, please DM me and we can discuss how that works.
Be the first to file an issue! No one from outside ETSI administration has done so yet, so this is a prize you can claim. labs.etsi.org/rep/stan4cra...
At ETSI, we're developing a new European standard about web browser security to support the Cyber Resilience Act. Come read the draft at labs.etsi.org/rep/stan4cra...
The draft standard now entering a public review phase, so *we need your opinions, thoughts and analysis to improve it*. This article explains where things are, and how to get involved.
www.agoria.be/en/services/...
For this reason, there's an ongoing standardization effort translate these principles into more clear requirements to meet, to make it easier to demonstrate compliance.
The Cyber Resilience Act mandates that commercial software handle vulnerabilities well. What does that mean exactly? The CRA names sound principles in Annex I Part II, but applying them in practice is another thing.
My FOSDEM talk:
The Cyber Resilience Act and web browsers
The Cyber Resilience Act defines web browsers as an important product requiring special attention to cybersecurity requirements. What does this mean? How can you participate in defining in what it means for a web browser to be secure?
OK thanks I'll rename it brb
RESCHEDULED: Please join Daniel Thompson-Yvetot and me on Tuesday the 27th, at 1 PM Central European Time for an interactive deep dive into the draft standard for BROWSERS under the Cyber Resilience Act (CRA). www.stan4cra.eu/event-detail...
Rescheduled for Tuesday, the 27th at 1 PM. Hope to see you there!
This event is postponed. I'll post here again when it is rescheduled.
Our work in this area is funded by the European Commission and EFTA.
Find the current draft in docbox.etsi.org/CYBER/CYBER/...
File any issues in labs.etsi.org/rep/stan4cra...
Please join @denjell.bsky.social and me on Thursday, 3:30 PM Central European Time for a deep dive into the draft standard for BROWSERS under the Cyber Resilience Act (CRA). www.stan4cra.eu/event-detail...
Thank you for everyone’s support while I focused on my health over the past few months.
If you want to get involved, or have ideas for how to spread the word and get others involved, I’d love to be in touch. Please DM me here, or see other contact methods at littledan.dev
This work is co-funded by the EC and EFTA.
Another path to involvement is to become a paid (!) contributor to these standards via a CYBERSTAND.eu grant. Find more information at cyberstand.eu/10th-specific-service-procedure-sme-perspective . Please apply even if you’re not sure if you are qualified!
- In FOSDEM on January 31st in Brussels, in the “CRA in practice” dev room will be open Saturday from 15:00-19:00 in room UA2.114 (Baudoux) fosdem.org/2026/schedul...
- In Zagreb on January 20th, there will be a “CRA Standards Unlocked” event cyberstand.eu/events/cra-s... , one of several events over the coming months around Europe: cyberstand.eu/events
If you’re interested in getting involved, there are a number of free-to-join, publicly streamed conferences coming up which discuss CRA and the “vertical” standards for particular high-risk products including web browsers:
This effort isn’t about mandating new practices from an ivory tower, but rather collecting best practices deployed today and encouraging their consistent usage more broadly. We need browser engineers and web security experts to be involved to accurately document these security best practices.
We’re very interested in feedback. The easiest way to provide feedback is in a GitLab issue. File issues in labs.etsi.org/rep/stan4cra... . Anyone can sign up for an account and post issues. Please apply the template carefully to give the committee all it needs to address on your comment.
This browser security standard is in active development, with the work in progress published on ETSI’s website. You can find the current draft in docbox.etsi.org/CYBER/CYBER/... . Look for “browser” within that directory.
ETSI (a European Standards Organization, like Ecma or W3C but specifically authorized to write standards referenced by EU law) is developing a standard for one way to demonstrate that a browser meets these additional cybersecurity requirements.