2026-03-16 –, Room bUm Box
The ORT Server is a platform building on the renown OSS Review Toolkit to automate software compliance checks in a scalable and enterprise-ready way. This talk gives an overview of how to use the ORT Server to deal with obligations of the Cyber Resilience Act (CRA) specifically.
It is challenging esp. for small to medium enterprises (SMEs) to understand and deal with the obligations from the Cyber Resilience Act (CRA). While commercial solutions exist, these usually come at a high cost and the risk of a vendor lock-in. This talk provides an overview of how the open source ORT Server platform can help here.
The talk will start with a bit of history of the OSS Review Toolkit and ORT Server projects, how they relate to each other, who the target audiences are, and highlight some technical differences between the two solutions.
While the ORT Server also has a REST API, the talk will then focus on using its dedicated UI for making the complex compliance topic and legal workflows more accessible to less technical users. At a concrete example project, the talk will guide through how to deal with vulnerabilities and other policy rule violations found in a way that fulfills CRA requirements.
Finally, an outlook will be given over the upcoming and planned features for ORT Server, extending it a general platform to automate software compliance checks including and beyond other regulations like NIS2 and DORA.
Sebastian Schuberth is an Open Source evangelist and automation enthusiast. He has more than 20 years of experience with contributions to and maintenance of Open Source projects on the one hand, and crafting proprietary software on the other hand.
Consequently, Sebastian aims to bridge the gap between the Open Source and commercial worlds by working with companies to properly make use of Open Source software, contributing back, and applying Inner Source principles. As a founder of the OSS Review Toolkit project, a central part of his work at Double Open is to provide a SaaS solution to automate software compliance checks to fulfill requirements like those from the Cyber Resilience Act (CRA) and other regulations.
