As long as an organisation participates in a single data space, ecosystem-specific trust frameworks work reasonably well: rules are defined, compliance is checked, and trust decisions stay inside a bounded context. The challenge begins when organisations need to operate across multiple data spaces at the same time, a scenario that is becoming the norm rather than the exception.
AI-assisted development is no longer judged by how impressive it looks in a demo. For teams working on real systems, the question is whether AI still holds up once it meets real workflows, real constraints, and real delivery pressure.
The adoption of the EU Cyber Resilience Act (CRA) represents a major shift in how cybersecurity responsibilities are defined across the software ecosystem. For the first time, the regulation explicitly recognises Open Source Software Stewards as a distinct category of legal actors, separate from manufacturers, and subject to a tailored set of obligations.
The Open VSX Registry has become widely used infrastructure for modern developer tools. That growth reflects strong trust from the ecosystem, and it brings a shared responsibility to keep the Registry reliable, predictable, and equitable for everyone who depends on it.
Eclipse Theia 1.68 lands with Copilot integration, a significantly improved Architect Plan Mode, Skill Support, Shell Execution,an upgraded Coder Agent Mode (Next), improved UI Testing, and more. Read the highlights (and note it’s the RC for the 2026-02 community release).
In his OCX 26 session, “Rebuilding Trust: From open source to open accountability”, John Ellis will draw a clear distinction between meeting regulatory expectations and understanding whether software systems can still be trusted as they evolve.
Otavio Santana explains why JPA remains relevant, but no longer sits at the centre of every persistence decision and how Jakarta EE 12 reflects the realities of modern, polyglot systems.
When carrying out the required due diligence for all components in a product, there’s a real risk of unintentionally contributing to a denial-of-service attack on the open source maintainers. Let’s work together to make sure it doesn’t happen. The Open Regulatory Compliance working group is starting to work on a best current practice, and we’d like to tell you more about this important project.
The 5 most common bad habits in AI coding. Spoiler: it's not about your prompts. It's about what happens after that first generation.
We found one pattern connecting all five. Once you see it, you can't unsee it.
Attend the session "CRA, NIS2, DORA: What senior Java engineers must deliver before 2027" at OCX to gain practical guidance on making your Java systems SBOM-ready ahead of CRA enforcement.
Explore IoT virtualisation and distributed architectures at OC for Research at OCX 2026.
Over the FOSDEM week, one message became unmistakably clear: attestations and due diligence are no longer optional side topics; they are becoming foundational to the sustainability of open source in a regulated world.
If your products rely on Eclipse Platform technologies, this matters.
🧭 Eclipse Platform (aka RCP) components remain widely deployed, but the model sustaining them is under pressure.
From long term maintenance to EU Cyber Resilience Act compliance, relying on open source platform technologies for free is no longer a responsible option.
👇 Read the full article to understand the risk and the concrete ways to act 👇
A first glimpse into a new Eclipse SDV project proposal
The European Cyber Security Organisation (ECSO) and the Eclipse Foundation have formalised a Memorandum of Understanding (MoU), establishing a framework for close cooperation between the two organisations.
2026 will be the year we turn momentum into milestones. The first milestone has already been reached: At CES in Las Vegas, 32 automotive companies signed the Memorandum of Understanding for open source collaboration.
Recent global outages reveal that even well-tested and certified software can fail at scale, underscoring a growing trust gap in the software supply chain. This will be explored in John Ellis’ OCX session, “Rebuilding trust: From open source to open accountability.”
As we publish this month’s ORC update, the community is right in the middle of Open Source Week in Brussels. With FOSDEM and a packed schedule of policy, compliance, and community discussions underway, the energy and relevance of our work has never been clearer. That momentum is echoed by the strong response to our Code & Compliance event, which sold out! This signals a community that is growing, engaged, and ready to build on its progress.
We are happy to announce the release of SUMO version 1.26.0. The download links are at https://sumo.dlr.de/Download.