Create 2026 Q2 TAC Report for Global Cyber Policy WG#618
Conversation
Added the 2026 Q2 TAC Report for the Global Cyber Policy Working Group, detailing the group's activities, structure, and ongoing projects. Signed-off-by: Daniel Appelquist <dan@torgo.com>
Added a note about the creation of a physical 'CRA-Fish' mascot by the OpenSSF team. Signed-off-by: Daniel Appelquist <dan@torgo.com>
|
|
||
| The awareness SIG is led by [Megan Knight](https://github.com/businesscasualkesha) of Arm. The scope is activities that drive awareness of the work of this group and of the regulatory landscape in general. The SIG has been marshalling blog posts and the upcoming conference schedule. The Awareness SIG minutes are kept in the [main working group minutes document](https://docs.google.com/document/d/1iAplSQheMgemdMnEw74uPj3oi_6rLLbFFXhg4svqIDo/edit). | ||
|
|
||
| Activities and Publications: |
There was a problem hiding this comment.
I propose to delete this Activities and Publications section. I think we captured all relevant updates above. I've scanned Notes doc and didn't find anything to add...
There was a problem hiding this comment.
@torgo propose to DELETE Lines 51-54. Because we're mentioning key outcomes in the bullet points up there ^^
Co-authored-by: Roman Zhukov <rzhukov@redhat.com> Signed-off-by: Daniel Appelquist <dan@torgo.com>
Co-authored-by: Roman Zhukov <rzhukov@redhat.com> Signed-off-by: Daniel Appelquist <dan@torgo.com>
Co-authored-by: Roman Zhukov <rzhukov@redhat.com> Signed-off-by: Daniel Appelquist <dan@torgo.com>
|
|
||
| [all needs an edit] | ||
|
|
||
| * we held xx tech talks: |
There was a problem hiding this comment.
I think Roman already mentioned the one from April the upcoming one
There was a problem hiding this comment.
@torgo yes, Madalin is correct, I just roll everything up into bullet points (Line 29-35) ^^.
So, propose to DELETE Lines 36-47.
|
|
||
| The SIG's main work this year has been on raising awareness of relevant standards efforts, disseminating information to members about these efforts, and highligting when public consultations are open / helping members participate in these consultations. | ||
|
|
||
| The SIG's main work this year has been on raising awareness of relevant standards efforts, disseminating information to members about these efforts, and highligting when public consultations are open / helping members participate in these consultations. |
There was a problem hiding this comment.
there is a duplication between lines 60 and 62
|
|
||
| The SIG's main work this year has been on raising awareness of relevant standards efforts, disseminating information to members about these efforts, and highligting when public consultations are open / helping members participate in these consultations. | ||
|
|
||
| We are developing [Comments to the draft Communication on Commission guidance on the application of the CRA](https://docs.google.com/spreadsheets/d/1UNVJ5o3snT1oV_bqLWSmlBYm1DCvysQJcwvBszPjzes/edit) |
There was a problem hiding this comment.
line 64 needs to be removed
instead you may highlight all our answers to the public consultations:
Public Consultation on the NIS 2 Directive
Public Consultation on the EU Cybersecurity Act
Draft Commission guidance on the Cyber Resilience Act
European Open Digital Ecosystem Strategy
Public Procurement Directive revision
Public Consultation on the proposal for a revision of Regulation (EU) No 1025/2012
ENISA Technical Advisory for Secure Use of Package Managers
SBOM Landscape Analysis – Towards an Implementation Guide
RED DA Repeal
ENISA Survey on SBOM State of the Art
Call for evidence for Digital Omnibus
|
|
||
| - we developed [CRA Guidelines for Maintainers and Developers](https://policy.openssf.org/CRA/maintainers.html) which is getting adoption (1 example - by Sylva project) | ||
| - we're doing a "CRA Roadshow" for communities to help navigating CRA, recently - for Yocto project and its members with an amazing feedback afterwards | ||
| - we held 1 CRA Tech Talk on Conformity and Certification, next one upcoming - Maintainers Guide |
There was a problem hiding this comment.
- The new 2026 CRA Awareness and Readiness Report is out highlighting unfamiliarity (still) with the CRA with only 41% of manufacturers expect to be fully compliant by December 2027 as well as the $250k cost of maintaining private forks.
Co-authored-by: Roman Zhukov <rzhukov@redhat.com> Signed-off-by: Daniel Appelquist <dan@torgo.com>
Co-authored-by: Roman Zhukov <rzhukov@redhat.com> Signed-off-by: Daniel Appelquist <dan@torgo.com>
Co-authored-by: Roman Zhukov <rzhukov@redhat.com> Signed-off-by: Daniel Appelquist <dan@torgo.com>
|
@torgo I think there's a few placeholders waiting to be deleted, otherwise in general the update looks good to me! |
4 participants
Added the 2026 Q2 TAC Report for the Global Cyber Policy Working Group, detailing the group's activities, structure, and ongoing projects.