Sign up to save your podcasts
Or
Share Is NixOS ready for the CRA? (nixcon2025)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Is NixOS ready for the CRA? (nixcon2025)
The Cyber Resilience Act (CRA) is the EU's most important regulation for software in the last decade. While it makes an exception for open-source software and impact NixOS directly, any commercial product that includes NixOS has to comply with the CRA to allow offering in the EU.
In this talk, we give insights into the CRA’s requirements, showcase that Nix tooling with its focus on reproducibility is very well positioned for compliance, and point out the unsolved shortcomings. We focus on the update mechanism, SBOM tooling (together with matching CVEs from vulnerability mechanisms), and support durations.
about this event: https://talks.nixcon.org/nixcon-2025/talk/3XBNPB/
View all episodes
The Cyber Resilience Act (CRA) is the EU's most important regulation for software in the last decade. While it makes an exception for open-source software and impact NixOS directly, any commercial product that includes NixOS has to comply with the CRA to allow offering in the EU.
In this talk, we give insights into the CRA’s requirements, showcase that Nix tooling with its focus on reproducibility is very well positioned for compliance, and point out the unsolved shortcomings. We focus on the update mechanism, SBOM tooling (together with matching CVEs from vulnerability mechanisms), and support durations.
about this event: https://talks.nixcon.org/nixcon-2025/talk/3XBNPB/