Eclipse Foundation and ORC Working Group launch ORC Learning Hub for CRA readiness
The Eclipse Foundation, working with the Open Regulatory Compliance (ORC) Working Group, launched the ORC Learning Hub to provide education tied to the European Union Cyber Resilience Act (CRA). The program targets roles involved in building, maintaining, securing, and governing open source software ahead of September 2026.
The CRA sets mandatory cybersecurity requirements for products with digital elements sold in the EU, including those built with or dependent on open source software. The act adds responsibilities for manufacturers and distributors, and it introduces open source software stewards as a new actor responsible for secure development practices, transparency, and vulnerability management across the software supply chain.
Developed by the ORC Working Group and hosted by the Eclipse Foundation, the ORC Learning Hub provides open source–focused training designed to help organisations understand how the CRA applies in real-world scenarios and what actions they need to take. A modular program guides organisations through CRA readiness step by step, including a focus on SBOMs and vulnerability management in open source.
The learning program begins with Modules 1 and 2 available today: “Introduction to the CRA for Open Source Software” and “Introduction to the CRA for Manufacturers.” Additional modules on SBOMs, due diligence, and vulnerability management were scheduled for later release. Mike Milinkovich, executive director of the Eclipse Foundation, said, “The CRA changes the rules for how software is developed and delivered globally,” said Mike Milinkovich, executive director of the Eclipse Foundation. “Because open source is part of almost every modern application and system, CRA readiness has to happen where software is actually built. The ORC Learning Hub helps developers, maintainers, project stewards, and software teams understand what the CRA requires and put that knowledge into practice.” One neutral forward-looking sentence: the hub includes additional modules covering SBOMs, due diligence, and vulnerability management that will be released after Modules 1 and 2.
Provided by Globe Newswire on behalf of Eclipse Foundation. Click to read original content.