When carrying out the required due diligence for all components in a product, there’s a real risk of unintentionally contributing to a denial-of-service attack on the open source maintainers. Let’s work together to make sure it doesn’t happen. The Open Regulatory Compliance working group is starting to work on a best current practice, and we’d like to tell you more about this important project.
Attend the session "CRA, NIS2, DORA: What senior Java engineers must deliver before 2027" at OCX to gain practical guidance on making your Java systems SBOM-ready ahead of CRA enforcement.
Explore IoT virtualisation and distributed architectures at OC for Research at OCX 2026.
Over the FOSDEM week, one message became unmistakably clear: attestations and due diligence are no longer optional side topics; they are becoming foundational to the sustainability of open source in a regulated world.
If your products rely on Eclipse Platform technologies, this matters.
🧭 Eclipse Platform (aka RCP) components remain widely deployed, but the model sustaining them is under pressure.
From long term maintenance to EU Cyber Resilience Act compliance, relying on open source platform technologies for free is no longer a responsible option.
👇 Read the full article to understand the risk and the concrete ways to act 👇
A first glimpse into a new Eclipse SDV project proposal
2026 will be the year we turn momentum into milestones. The first milestone has already been reached: At CES in Las Vegas, 32 automotive companies signed the Memorandum of Understanding for open source collaboration.
Recent global outages reveal that even well-tested and certified software can fail at scale, underscoring a growing trust gap in the software supply chain. This will be explored in John Ellis’ OCX session, “Rebuilding trust: From open source to open accountability.”
As we publish this month’s ORC update, the community is right in the middle of Open Source Week in Brussels. With FOSDEM and a packed schedule of policy, compliance, and community discussions underway, the energy and relevance of our work has never been clearer. That momentum is echoed by the strong response to our Code & Compliance event, which sold out! This signals a community that is growing, engaged, and ready to build on its progress.
We are happy to announce the release of SUMO version 1.26.0. The download links are at https://sumo.dlr.de/Download.
The Open VSX Registry is core infrastructure in the developer supply chain, delivering extensions developers download, install, and rely on every day. As the ecosystem grows, maintaining that trust matters more than ever.
Bloomberg's move to Eclipse Temurin shows why foundation governance and vendor independence matter more than ever in enterprise open source strategy.
At CES 2026, 32 automotive open source leaders signed last year's Memorandum of Understanding to collaborate on software-defined vehicles.
Late January in Brussels has become an important moment for anyone working at the intersection of open source and European regulation. For the ORC community, this week is particularly relevant. The Cyber Resilience Act (CRA) is moving from interpretation to implementation, and many of the conversations happening during this week focus on what that means in practice.
From ongoing releases and a redesigned website to the growing success of the Eclipse Temurin, 2025 was a year of growth, stability, and renewed commitment to delivering high-quality, open source Java runtimes to the world.
Initiative 31 is an evaluation project supported by the Eclipse IDE Working Group, focused on the long term sustainability of Eclipse SWT, the Eclipse Platform, and the products built on top of them.
As 2025 comes to an end, it is the right time to look back at how the Oniro Working Group has evolved. If the first half of the year was about exploration and setting up our tools, the second half has been about putting those tools to the test.
Over the past year, we have built greater clarity around the Cyber Resilience Act (CRA) and its implications for open source development.
Read the 2025 year in review by the Eclipse Foundation's security team, check Tim Kliefoth's committer profile article, and more.