FOSS Backstage 2025

Implementing the EU Cyber Resilience Act
2025-03-10 , Auditorium

The Cyber Resilience Act establishes new stakeholder roles and responsibilities, based on which the Linux Foundation is reshaping the relationship between its upstream projects and downstream manufacturers. In this presentation, we provide an overview of our CRA compliance efforts and how upstream and downstream can work together in the future.


All votes have passed on the Cyber Resilience Act (CRA). It will now become the law after a short transition period, introducing new roles and responsibilities of various stakeholders in the security of software supply chains. To help this adaptation, the Linux Foundation is developing guidance for its small and large open source projects and the wider community in implementing the CRA. In this session, we will present our assessment of the state of the art of cybersecurity best practices in leading open source projects and our analysis of the gaps to the requirements of the CRA. Then, we will introduce our three multi-year work streams covering the required adaptation of the open source ecosystem for compliance with the CRA: 1) formalizing community best practices into standards, 2) building awareness within the open source ecosystem, and 3) implementing the required processes and tooling. Many of these changes will require deeper collaboration between the manufacturers of products with digital elements and the upstream communities and stewards. We will provide an overview of the Linux Foundation’s CRA implementation roadmap developed and discuss how the CRA shapes the future of the relationship between manufacturers and upstream communities.

Mirko Boehm is a free and open source software contributor, community builder, licensing expert and researcher, with contributions to major open source projects like the KDE Desktop, the Open Invention Network, the Open Source Initiative and others. He has a PhD in innovation economics and is a visiting lecturer and researcher on free and open source software at the Technical University of Berlin. Mirko has a wide range of experience as an entrepreneur, corporate manager, software developer and German Air Force officer. He joined the Linux Foundation in June 2023 as senior director for community development for Linux Foundation Europe, where he focuses on driving engagement and collaboration between all European open source stakeholders. Mirko speaks English and German and lives in the Berlin area.

This speaker also appears in: