Cyber Resilience Act: Schnelle Risikobewertung mit dem Open-Source-Tool QuBA-libre
#CRA
Die EU-#Kommission hat angekündigt, bis Anfang 2026 #Leitlinien zur Konkretisierung des EU #CRA zu veröffentlichen. Den Anfang macht nun eine am Montag im EU-Amtsblatt veröffentlichte technische Beschreibung der Kategorien von wichtigen und kritischen Produkten mit digitalen Elementen.
Diese unterstützt die Hersteller bei der Beantwortung der Frage, ob ihre digitalen Produkte als wichtige (Klasse I und II) oder kritische Produkte im Sinne des CRA einzuordnen sind:
https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=OJ:L_202502392
📣 Registration is now open for Code & Compliance 2026!
Join us on 29 January in Brussels, ahead of @fosdem, for the next edition of Code & Compliance, where open source communities, industry, and institutions come together to discuss the Cyber Resilience Act and shape the future of open source software compliance.
Be part of the conversations advancing open source governance, policy, and practical security solutions.
Register: https://hubs.la/Q03WGtF40
The #EU Cyber Resilience Act (Regulation (EU) 2024/2847) has now an Implementing Act:
https://digital-strategy.ec.europa.eu/en/factpages/cyber-resilience-act-implementation
This is a VERY useful and much simpler text to read, than the regulation text itself.
Take a special look at the FAQ! Lots of super useful questions are covered there: https://ec.europa.eu/newsroom/dae/redirection/document/122331 (PDF)
« Sans retenue » : le podcast de l’Observatoire de l’enfermement des étrangers – Épisode 5 : Intervenir dans les #CRA : le combat continue !
Ben jij #fabrikant van producten met digitale elementen?
Dan kun je nu bepalen of jouw product onder de kritieke of belangrijke producten van de Cyber Resilience Act (CRA) valt.
Sinds gisteren geldt de uitvoeringsverordening van de #CRA. Deze bepaalt op welke manieren je mag aantonen dat je aan de wettelijke eisen voldoet.
Bereid je voor als fabrikant en lees op onze website wanneer een product voldoet aan de CRA➡️ https://www.rdi.nl/onderwerpen/draadloze-apparatuur/handel-en-apparatuur/cra
Early Comments open on the EU #CyberResilienceAct.
This is a ripe opportunity for #opensource developers and product teams to peek behind the curtain, spot how new rules could affect their work, and weigh in before the standards are finalized!
Learn more from Linux Professional Institute (LPI) Editor Andrew Oram: https://lpi.org/xvay
#CyberResilienceAct #cybersecurity #CRA #EU #opensource #FOSS #softwaresecurity #ETSI #techpolicy #developers #productteam #SecurityEssentials
#ENISA wird Root #CNA: Damit das globale Schwachstellenmanagement vereinheitlicht werden kann, müssen in einem geordneten Verfahren #CVE-IDs von den "CVE Numbering Authorities (CNAs)" vergeben werden.
Hierarchisch über den CNAs angeordnet sind sog. Root-CNAs. Dazu gehören #MITRE, #CISA, Google, Red Hat aus den USA, das japanische JPCERT/CC, das spanische INCIBE Cert sowie der #Thales Konzern aus Frankreich - und nun mit Umsetzung des #CRA auch die ENISA:
https://www.enisa.europa.eu/news/stepping-up-our-role-in-vulnerability-management-enisa-becomes-cve-root #cybersecurity
1/x
*** Update on my personal CyberSec journey
I haven‘t posted a lot recently, which doesn‘t mean I was lazy. The last weeks entertained several CTFs (PlatyPwn, Huntress, hack.lu, UniR) and also some fun professional events and great people with a focus on the EU Cyber Resilience Act (project networks, qSkills, and an event I hosted at my employer).
More in comments.
#ctf #cybersecurity #platypwn #huntress #hacklu #eucra #cra #arm64 #angr #tryhackme #thm #adventofcyber #39c3 #pwncollege
Politis
« Je ne veux pas être déportée » : au CRA d’Oissel, la mécanique de l’enfermement
https://mcinformactions.net/je-ne-veux-pas-etre-deportee-au-cra-d-oissel-la-mecanique-de-l-enfermement
#CRA #Oissel #migrants #immigration
Mehr Konkretisierung für den EU Cyber Resilience Act (#CRA): Die grundlegenden #Cybersecurity-Anforderungen und die Anforderungen an ein aktives #Schwachstellenmanagement sind Teil des Normungsmandats M 606, das die #EU-Kommission an die europäischen Normungsorganisationen #CEN, #CENELEC und #ETSI erteilt hat.
Seitens der #DKE wurden nun aktuell mit Stand Dezember 2025 alle Normungsprojekte zum CRA zusammengefasst und um den jeweils aktuellen Projektstatus ergänzt:
Niedersachsen Metall lud ein:
KI im Unternehmen ist das Thema bei Impulsvorträgen und in Forenrunden.
Interessante Beiträge und Gespräche im wundervollen Schloss Herrenhausen zu #hannover #ki #niedersachsenmetall #digitalisierung #aiact #cra #dsgvo
The FOSDEM 2026 SBOM & Supply Chain Devroom is now accepting submissions! With rising #supplychain risks and new requirements like the EU #CRA, practical and interoperable #SBOM solutions are more important than ever. Share your work on automation, verification, AI-related SBOMs, real-world lessons, or new #FOSS tooling. Submit here: https://lists.fosdem.org/pipermail/fosdem/2025q4/003702.html #sbom #supplychain
It's been nearly a full year since the Cyber Resilience Act (CRA) came into force. The Act's primary obligations come into effect in 2027. Is your business prepared?
Read our article 'Cyber Resilence Act (CRA): What you need to know' to ensure your business is up to speed on the upcoming requirements.
https://www.codethink.co.uk/articles/what-is-cyber-resilience-act-cra/
Help shape how the #CRA impacts open source. New to the group or not sure where to start? Begin with our Deliverables Plan, your roadmap to understanding the work ahead and getting involved. In a new blog and video, we explain what’s included in the Deliverables Plan, how to read the status indicators, and showcase practical ways to contribute and make an impact.
🎥 Watch the video: https://www.youtube.com/watch?v=QamKa_fcyUo
📝 Learn more: https://orcwg.org/blog/how-to-contribute/
⏰ The call for proposals at Code & Compliance 2026 closes tomorrow!
Share your expertise and experiences with a highly engaged audience in Brussels.
🔗 Submit your talk now: https://www-eur.cvent.com/c/abstracts/f6fc6f69-b49f-4a3a-8238-49e285d2d05e
🚨 New article now available online!
More digital technologies bring greater convenience and efficiency, but also expand the attack surface and increase security risks. In the light of this, EU’S #CyberResilienceAct introduces requirements pertaining to vulnerability disclosure and mitigation. Jukka Ruohonen and Paul Timmers examine the act’s details and sketch out the directions for future research.
Read their paper “Vulnerability Coordination under the Cyber Resilience Act,” now available at https://www.acigjournal.com/Vulnerability-Coordination-under-the-Cyber-Resilience-Act,213350,0,2.html
🌐 Applied Cybersecurity & Internet Governance (#ACIG) is published by #NASK – National Research Institute
ALERT FROM THE #CRA 🇨🇦 ‼️‼️👇👇👇👇👇👇👇
“🚨 Scam alert! 🚨
Scammers are sending text messages claiming to be from us about benefits and credits, like the:
➡️ Home accessibility tax credit (HATC)
➡️ Disability tax credit (DTC)
➡️ Multigenerational home renovation tax credit (MHRTC)
➡️ Old age security pension (OAS)
Remember: we won’t send you a text or email with links asking you to click them.”
— Canada 🇨🇦 Revenue Agency
There are a lot of good parts to the Digital Omnibus proposed by the EC. There are also some bad parts to it. But the real pain is the procedure: 'omnibus' legislation is very, very bad. Do we really want USA-style Big Beautiful Bills in Europe with all kinds of small legislative changes to lots of different laws?
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst