What did Log4Shell teach us about securing open source?
Join the ORC WG on Monday to explore the lessons from Log4Shell and what a CRA-ready Log4j looks like.
π March 16 at 12 pm EDT
β Add to your calendar: buff.ly/GZ8m6Gv
#CRA #CyberResilience #opensource #ORCWG #log4j #CRAMondays
Log4Shell exposed how deeply #opensource runs through the global software supply chain.
Join the next #CRAMondays (March 16 at 12 pm EDT) to discuss the lessonsβand what it takes to build a CRA-ready Log4j.
β Add to your calendar: bit.ly/3PuQozy
#CRA #CyberResilience #ORCWG #log4j
In this #CRAMondays session, weβll hear directly from leaders shaping software transparency standards: Steve Springett, Olle E Johansson, Philippe Ombredanne
Find out how Ecma and OWASP are creating practical solutions for secure, transparent supply chains.
π calendar.google.com/calendar/eve...
π« We know you love our #CRAMondays series - but weβre taking a break over the summer.
No worries, you can catch up on the recordings, and stay informed on the latest CRA-related topics. Check out our full playlist to gain a deeper understanding of #CRA issues: www.youtube.com/playlist?lis...
βIf I learned something during the last two years, it was all because of my misconceptions that I had.β
Fukami's #CRAMondays talk is a must-watch for anyone navigating EU tech policy and the Cyber Resilience Act (#CRA).
Watch now to learn from his experience: youtu.be/7CbHwsKVD80
Trying to understand how the Cyber Resilience Act (#CRA) affects open source?
Fukami, EU Policy Advisor at the OpenSSF, shared at the #CRAMondays session a visual map of the landscape β regulations, actors, responsibilities β and how it all connects.
π§ Watch the recording: youtu.be/7CbHwsKVD80
ποΈ Arnaud Le Hors will introduce the SLSA, its current status, and whatβs in the works at the #CRAMondays on 9 June.
SLSA is a security framework for describing and incrementally improving supply chain security, established by industry consensus within OpenSSF.
calendar.google.com/calendar/eve...
In this episode of #CRAMondays, Fukami, EU Policy Advisor at the OpenSSF, breaks down the NLF as the legal backbone supporting the enforcement of internal market rules in the EU.
π₯ Watch to get an understanding of how the NLF provides a common framework for future legislation: youtu.be/7CbHwsKVD80
π¬ βTech isn't the hardest part. Trust is.β
In a #CRAMondays session, Olle E. Johansson shared that building a trusted global organisation is step one, and only then should we build the tech.
Want to learn more? Check out the recording! youtu.be/zSsGLJTgWvU
#VulnerabilityManagement #OpenStandards
π Missed the last #CRAMondays?
Olle E. Johansson joined us for a session on the state of vulnerability management and why the world needs a federated, open, and globally trusted alternative to the NVD.
π₯ Watch now! youtu.be/zSsGLJTgWvU
#ORCWG #CRA #CyberResilienceAct
ποΈ The next edition of the #CRAMondays will take place on 12 May!
Weβre diving into the OWASP Software Assurance Maturity Model (SAMM) with Maxim Baele, a SAMM core team member who maintains the model.
β Add to your calendar! calendar.google.com/calendar/u/0...
π Dive into the CRA with us on Monday, 28 April!
1οΈβ£ 3pm CEST β Unpacking the CRA. π www.crowdcast.io/c/orc-28042025
2οΈβ£ 4pm CEST β Cyber Resilience SIG Call.
π calendar.google.com/calendar/u/0...
3οΈβ£ 5pm CEST β #CRAMondays with Olle E Johansson.
π calendar.google.com/calendar/eve...
π² Ready to join?
In our first edition of the #CRAMondays series, Sebastien Heurtematte provided an overview of OCCTET. The recording will be posted shortly.
In the meantime, check our ORC Community Calendar for the next CRA Monday sessions:
π calendar.google.com/calendar/u/0...
#CRA #CyberResilienceAct
