CRA readiness gaps persist across global open source and manufacturing stakeholders
Trend
Summary
Hide ▲
Show ▼
OpenSSF found stagnating CRA readiness across global manufacturers, developers, and open source stakeholders, leaving a large share of the ecosystem exposed to December 2027 compliance risk. 66% of respondents were not familiar at all or only slightly familiar with the Cyber Resilience Act, and 41% had not determined whether it applies to them. The same poll found that only 32% of manufacturers produce SBOMs for all products, underscoring operational gaps in supply-chain transparency.
Related Happenings
OpenSSF flags CRA readiness gap
Regulatory/Legal (General)
First: 08.06.2026 12:00
Last: 08.06.2026 12:00
Sources 1
How related:
A leading open source security body has warned of “stagnating awareness and structural unreadiness” in the community ahead of a key December 2027 deadline for compliance with the Cyber Resilience Act (CRA).
About this happening:
OpenSSF warned that **global manufacturers, developers, and open source stakeholders** remain materially unprepared for **Cyber Resilience Act (CRA)** compliance ahead of the **De...
OpenSSF flags CRA readiness gap
Regulatory/Legal (General)How related: A leading open source security body has warned of “stagnating awareness and structural unreadiness” in the community ahead of a key December 2027 deadline for compliance with the Cyber Resilience Act (CRA).
About this happening: OpenSSF warned that **global manufacturers, developers, and open source stakeholders** remain materially unprepared for **Cyber Resilience Act (CRA)** compliance ahead of the **De...
Widespread end-of-life package exposure across major open-source registries
Trend
First: 05.05.2026 17:00
Last: 05.05.2026 17:00
Sources 1
About this happening:
End-of-life open source packages remain widespread across **major registries**, leaving **enterprise dependency graphs** exposed to versions with no patch path and limited CVE cov...
Widespread end-of-life package exposure across major open-source registries
TrendAbout this happening: End-of-life open source packages remain widespread across **major registries**, leaving **enterprise dependency graphs** exposed to versions with no patch path and limited CVE cov...
UK Business and Trade Committee proposal on software provider liability
Regulatory/Legal (General)
First: 26.11.2025 17:00
Last: 26.11.2025 17:00
Sources 1
About this happening:
The **UK’s Business and Trade Committee** has proposed legislation to make software providers legally responsible for insecure products, a shift that could raise compliance burden...
UK Business and Trade Committee proposal on software provider liability
Regulatory/Legal (General)About this happening: The **UK’s Business and Trade Committee** has proposed legislation to make software providers legally responsible for insecure products, a shift that could raise compliance burden...
Timeline
-
08.06.2026 12:00 2 articles · 8h ago
OpenSSF warns the open source ecosystem is unprepared for Cyber Resilience Act compliance
Initial DisclosureOpenSSF warned that global manufacturers, developers, and other stakeholders remain materially unprepared for the Cyber Resilience Act ahead of the December 2027 compliance deadline, citing 66% survey respondents who were not familiar at all or only slightly familiar with the rule, 41% who had not determined whether it applies to them, 45% who were uncertain about deadlines, 56% who were unaware of penalties, and only 32% of manufacturers producing SBOMs for all products. The report also highlighted operational risk from passive reliance on upstream security fixes, widespread use of private forks, and growing CVE pressure across more than 12,000 open source projects indexed on the Linux Foundation Exchange (LFX).
Show sources
- Two-Thirds of Open Source Community Unaware of Cyber Resilience Act — www.infosecurity-magazine.com — 08.06.2026 12:00
- Two-Thirds of Open Source Community Unaware of Cyber Resilience Act — www.infosecurity-magazine.com — 08.06.2026 12:00