Show threadGraham Perrin19h ago

RE: https://mastodon.social/@FreeBSDFoundation/116676767603367392

2026 Open Source Security and Risk Analysis Report – Software Governance in the AI Era – Black Duck Software, Inc.

https://www.blackduck.com/content/dam/black-duck/en-us/reports/rep-ossra.pdf

― a direct link to the freely-available report that's mentioned in the joint statement from Apereo Foundation, Open Source Initiative (OSI), Open Source Technology Improvement Fund (OSTIF), and FreeBSD Foundation.

"The “Open Source Security and Risk Analysis” (OSSRA) report has been the industry’s definitive look at the state of open source code for a decade. Each year, we analyze anonymized findings from commercial codebases audited by the Black Duck Audit Services team, and this provides an unmatched, real-world view of how open source is used—and sometimes misused—across every major industry. This year’s findings document a pivotal moment: The explosion of AI-assisted development has fundamentally altered the risk landscape for software and the baseline for compliance with new regulatory initiatives such as the EU Cyber Resilience Act (CRA) and the Digital Operational Resilience Act (DORA). …"

#AI #CRA #DORA #OSI #OSTIF #FreeBSD #OSSRA

grahamperrin20h ago

2026 Open Source Security and Risk Analysis Report – Software Governance in the AI Era – Black Duck Software, Inc.

https://www.blackduck.com/content/dam/black-duck/en-us/reports/rep-ossra.pdf

The “Open Source Security and Risk Analysis” (OSSRA) report has been the industry’s definitive look at the state of open source code for a decade. Each year, we analyze anonymized findings from commercial codebases audited by the Black Duck Audit Services team, and this provides an unmatched, real-world view of how open source is used—and sometimes misused—across every major industry. [...]

https://billboard.bsd.cafe/post/588

CyberNetsecIO1d ago

📰 EU Cyber Resilience Act: 24-Hour Breach Reporting Mandate Begins Sept 2026

🇪🇺 New EU Rule: The Cyber Resilience Act (CRA) will enforce a strict 24-hour reporting deadline for actively exploited vulnerabilities starting Sept 2026. Manufacturers of all connected products must comply or face massive fines. #CyberLaw #CRA #EN...

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/eu-cyber-resilience-acts-strict-reporting-obligations-to-begin-in-september-…

CBC Top Stories1d ago
Watchdog to investigate how CRA handles taxpayers' complaints
Canada's taxpayers' ombudsperson is launching an investigation into how the Canada Revenue Agency handles complaints, citing concerns about timeliness and fairness.
https://www.cbc.ca/news/politics/cra-complaint-process-investigation-9.7220441?cmp=rss
CBC Kitchener-Waterloo1d ago
Watchdog to investigate how CRA handles taxpayers' complaints
Canada's taxpayers' ombudsperson is launching an investigation into how the Canada Revenue Agency handles complaints, citing concerns about timeliness and fairness.
https://www.cbc.ca/news/politics/cra-complaint-process-investigation-9.7220441?cmp=rss
CBC Politics1d ago
Watchdog to investigate how CRA handles taxpayers' complaints
Canada's taxpayers' ombudsperson is launching an investigation into how the Canada Revenue Agency handles complaints, citing concerns about timeliness and fairness.
https://www.cbc.ca/news/politics/cra-complaint-process-investigation-9.7220441?cmp=rss
Don Curren 🇨🇦🇺🇦1d ago
“Research by Canadians for #Tax Fairness estimates that Canada’s largest #corporations and #wealthiest individuals have at least $682 billion stashed in #taxhavens, a 165 percent increase since 2014.” canadiandimension.com/articles/vie... #CRA #Canada #cdnpoli #cdnecon

Cutting CRA experts won’t save...
Cutting CRA experts won’t save money. It will leave billions behind

The government could choose to pursue the billions already being lost. It could choose to strengthen enforcement. It could choose to treat tax fairness as a real fiscal strategy instead of a talking point. Instead, it is choosing layoffs over collecting billions from large corporations and high-net-worth individuals.

Katharina Damschen2d ago

The EU Cyber Resilience Act (CRA) will make the creation of SBOMs (Software Bill of Materials) mandatory for all 'Products with digital Elements'.

I set out to automate the generation of an SBOM for a Gradle/Kotlin project using CycloneDX and scan it for vulnerabilities with Trivy. I read through both the CRA and the prEN 40000-1-3 standard and wrote a blog post about all of this:
https://katharina.damschen.net/post/2026-06-create-sbom-gradle-cra/

#CRA #cybersecurity #devsecops #kotlin #gradle

Ponder Stibbons 🇧🇷🇩🇪2d ago

Hey fediverse! Is there anyone here or elsewhere talking about #CyberResilienceAct from software devs & manufacturers perspective?

Any kind of solid blogs, LinkedIn feeds, or newsletters that skip the dry legal text would be appreciated.

I am currently looking especially for "Software BOM / PLM management systems" or approaches to keep track of what library versions are used from FOSS projects.

#CRA #Cybersecurity #SoftwareDevelopment #AppSec #DevSecOps

#pleaseboost

Peter N. M. Hansteen2d ago
BSDCan https://www.bsdcan.org/2026/ Talk Friday 2026-06-19: 14:30 - 15:20 DMS 1130
What has (can) the EU Cyber Resilience Act done (do) for you?
Peter Hansteen
https://www.bsdcan.org/2026/timetable/timetable-What-has-can.html
To register https://www.bsdcan.org/2026/registration.html @bsdcan #cra #cyberresilience #freebsd #openbsd #netbsd
BSDCan - BSDCan

BSDCan is a technical BSD conference held in Ottawa, Ontario, Canada.

BSDCan