BSD Cafe Billboard

https://www.blackduck.com/content/dam/black-duck/en-us/reports/rep-ossra.pdf The “Open Source Security and Risk Analysis” (OSSRA) report has been the industry’s definitive look at the state of open source code for a decade. Each year, we analyze anonymized findings from commercial codebases audited by the Black Duck Audit Services team, and this provides an unmatched, real-world view of how open source is used—and sometimes misused—across every major industry. This year’s findings document a pivotal moment: The explosion of AI-assisted development has fundamentally altered the risk landscape for software and the baseline for compliance with new regulatory initiatives such as the EU Cyber Resilience Act (CRA) and the Digital Operational Resilience Act (DORA). PDF, 44 pages. Context Open source organisations weigh in on age attestation Availability Noted in Reddit: … easily found with Google – without completing Black Duck's form, which requires a business email address: https://www.google.com/search?q="2026+Open+Source+Security+and+Risk+Analysis+Report"+PDF&udm=14 …

BSDCan https://www.bsdcan.org/2026/ Talk Friday 2026-06-19: 14:30 - 15:20 DMS 1130What has (can) the EU Cyber Resilience Act done (do) for you?Peter Hansteenhttps://www.bsdcan.org/2026/timetable/timetable-What-has-can.htmlTo register https://www.bsdcan.org/2026/registration.html @bsdcan #cra #cyberresilience #freebsd #openbsd #netbsd

For the better part of two years, discussions surrounding the European Cyber Resilience Act (CRA) have been somewhat theoretical: mapping requirements, debating definitions, and analyzing how the requirements will impact our amazing ecosystem. But folks, it’s mid-2026, and the CRA is live. Theory is officially in the rearview mirror as implementation milestones roll out over the next two years. https://openssf.org/blog/2026/05/18/taking-stock-of-the-state-of-european-cyber-resilience-act-cra-compliance-an-urgent-wake-up-call-for-the-open-source-ecosystem/