The ORC community has continued refining the attestation concept through working sessions, research, and discussions at Code & Compliance and FOSDEM, including engagement with representatives from BSI and DG-CNECT. As regulatory expectations around the CRA become clearer, we are now able to provide a practical update on how the model is being developed, tested, and refined within the community.
Software bill of materials (SBOM) requirements are advancing rapidly, and the time for “wait and see” is quickly running out. The global regulatory landscape for software supply chain security is shifting from recommendations to mandates, yet many organizations remain unprepared. What you do now will determine whether your company is ready or left behind as SBOM mandates solidify.
Eclipse Theia 1.69 introduces Agent Capabilities - a new abstraction for toggling agent skills without the complexity - alongside smart shell command permissions, Claude Code integration improvements, Thinking Mode configuration, MCP Roots support, and extensive chat UX polish. 88 merged PRs in total.
The European Commission has published its draft guidance for the implementation of the Cyber Resilience Act (CRA) and opened it for public feedback until March 31st. This consultation represents an important opportunity for the open source ecosystem to help refine how the CRA will be interpreted and applied in practice.
In this RedMonk conversation, Kate Holterhoff speaks with Ansgar Lindwedel, Director of Software Defined Vehicle (SDV) Ecosystem Development at the Eclipse Foundation.
Members Eurotech and Codethink join the Eclipse Foundation in Hall 4, booth 4-554
On 24-25 February, the first Eclipse SDV Community Days of 2026 brought the community to Bonn, Germany. We've summarised the key takeaways and highlights.
Amazon and Cursor support investments in supply chain security, multi-region infrastructure, and long-term sustainability
The Eclipse Foundation would like to thank everyone who participated in this year’s election process and is pleased to announce the results of the 2026 Eclipse Foundation Contributing Member and Committer Member elections for representatives to the foundation’s board. These positions are a vitally important part of the Eclipse Foundation's governance.
For decades, Java has drawn a clear distinction between primitive types and reference types, with each category following its own rules in the language. One of those rules was simple: instanceof applies to reference types, not primitives. That separation has shaped how generations of Java developers reason about type checks and conversions.
Following a strong presence at FOSDEM and our second Code & Compliance event, conversations around the Cyber Resilience Act (CRA) continue to mature — shifting from awareness to practical implementation. The sessions and workshops helped advance key ORC deliverables, including the voluntary security attestations project and ongoing work around due diligence.
The Eclipse Foundation, one of the world’s largest open source software organisations, has announced the full agenda for Open Community Experience (OCX 2026), taking place 21–23 April 2026 at The EGG conference centre in Brussels, Belgium.
As the Open VSX ecosystem continues to grow, keeping the registry stable is a top priority. Behind the scenes, we are strengthening the infrastructure so that even during peak loads or major provider outages, developer workflows remain uninterrupted.
The Eclipse Ankaios project community announced the general availability of Eclipse Ankaios 1.0.0, the first major stable release.
The Eclipse S-CORE project team has announced the release of Eclipse S-CORE 0.6.0, the third milestone version of its open source automotive middleware platform developed under the Eclipse Software Defined Vehicle (SDV) initiative.
Supply chain security has become a critical topic in the security world in recent years, and while SBOMs are a foundational piece, they are still infrequently generated and even less frequently used in a way that meaningfully improves software supply chain security.
As long as an organisation participates in a single data space, ecosystem-specific trust frameworks work reasonably well: rules are defined, compliance is checked, and trust decisions stay inside a bounded context. The challenge begins when organisations need to operate across multiple data spaces at the same time, a scenario that is becoming the norm rather than the exception.
The adoption of the EU Cyber Resilience Act (CRA) represents a major shift in how cybersecurity responsibilities are defined across the software ecosystem. For the first time, the regulation explicitly recognises Open Source Software Stewards as a distinct category of legal actors, separate from manufacturers, and subject to a tailored set of obligations.
The Open VSX Registry has become widely used infrastructure for modern developer tools. That growth reflects strong trust from the ecosystem, and it brings a shared responsibility to keep the Registry reliable, predictable, and equitable for everyone who depends on it.