Keynote: Cutting Through the Fog: Clarifying CRA Compliance in C... Eddie Knight & Michael Lieberman
Eddie Knight, Michael Lieberman
KubeCon + CloudNativeCon Europe 2025 · Keynote
The European Union's **Cyber Resilience Act (CRA)** is poised to fundamentally reshape the landscape of cybersecurity for **products with digital elements** across the globe. In this KubeCon EU keynote, Eddie Knight and Michael Lieberman expertly navigate the complexities of this far-reaching legislation, aiming to demystify its implications for a predominantly open-source-centric audience. Despite a recent Linux Foundation survey indicating that 62% of attendees were unfamiliar with the CRA, the speakers assert that this regulation, ultimately intended to protect consumers and businesses from cyber threats, presents a significant opportunity for global cybersecurity improvement, rather than a cause for fear.
AI review
This keynote provides an exceptionally clear and detailed breakdown of the EU's Cyber Resilience Act (CRA), a critical piece of legislation poised to reshape global software security. The speakers, deeply embedded in open-source security, expertly demystify the CRA's scope, definitions, and, crucially, clarify the legal liabilities for open-source maintainers versus commercial manufacturers. They offer actionable insights into compliance, highlight the phased implementation timeline, and detail the support structures being built by organizations like the Linux Foundation and OpenSSF to aid…