E10: Security in the age of the CRA

Are you an open source developer or maintainer feeling the pressure of upcoming regulations like the EU Cyber Resilience Act (CRA)? Wondering how to proactively meet future expectations from your downstream users? Look no further! I recently spent some time fiddling with the OpenSSF Best Practices, OpenSSF Scorecard, and the OpenSSF Security Insights specification on two of my own projects and found them much easier than I had expected. These tools will help strengthen your project’s security posture, help demonstrate compliance without the headache, all while being quite practical and lightweight.