Linux Foundation
Cyber Resilience Act Readiness in Open Source
Pages
39
Time to read
49 mins
Publication
Language
English
Pages
39
Time to read
49 mins
Publication
Language
English
This technical report examines the current state of awareness and preparedness regarding the Cyber Resilience Act (CRA) within the open source software (OSS) ecosystem. Based on survey responses from various stakeholders in the software industry, the report reveals significant gaps in understanding the CRA, with 62% of respondents reporting low familiarity and 51% uncertain about compliance deadlines. The CRA introduces comprehensive cybersecurity requirements for digital products in the European Union, impacting manufacturers, stewards, and developers. The study highlights the need for clearer guidance on the roles and responsibilities under the CRA, as many organizations struggle to differentiate between manufacturers and stewards. Additionally, the report identifies resource constraints faced by stewards and the economic implications of compliance, including an anticipated 6% price increase for manufacturers. Overall, the findings underscore the urgency for stakeholders to enhance their understanding and readiness for the CRA as its implementation date approaches in December 2027.