Resources

• Text of the CRA in English

• Open Source Security Foundation (OpenSSF) provides an extensive set of tools, guides, and best practices for improving a project’s security posture.

  • In particular, see OpenSSF’s CRA Brief Guide for OSS Developers.

• Linux Foundation Europe and Linux Foundation Research have published various materials on the CRA, such as:

  • Pathways to Cybersecurity Best Practices in Open Source, describing three LF-hosted projects’ approaches to improving CRA compliance

• Linux Foundation Education has published several free training courses on the CRA and secure development practices for open source developers, including:

  • Understanding the EU Cyber Resilience Act (CRA) (LFEL1001)

  • Developing Secure Software (LFD121)

  • Secure Software Development:

    • Requirements, Design and Reuse (LFD104x)

    • Implementation (LFD105x)

    • Verification and More Specialized Topics (LFD106x)