We’re excited to announce that Ruby Central has become a member of the Eclipse Foundation's newly launched Open Regulatory Compliance (ORC) Working Group. This membership gives us a voice at a critical time as the open source community faces increasing regulatory pressures, particularly with the European Cyber Resilience Act.

What is the Eclipse Foundation?

The Eclipse Foundation is one of the largest independent nonprofit organizations focused on open source software development. With over 385 members, it provides a platform for software developers, innovators, and businesses worldwide to collaborate on open source projects that drive innovation across various industries.

The Eclipse Foundation hosts Adoptium, Software Defined Vehicle, Jakarta EE, Eclipse IDE, and 420+ open source projects, including runtimes, tools, specifications, and frameworks for enterprise, cloud, edge, automotive, AI, embedded, IoT, systems engineering, open processor designs, and more. Now, with the launch of the Open Regulatory Compliance (ORC) Working Group, it’s addressing the growing need for regulatory compliance in the open source ecosystem.

Reasons for the ORC Working Group

As open source adoption grows, so do the associated risks and challenges. The open source ecosystem is now under increasing pressure to comply with global regulations surrounding security and data privacy.

One of the most pressing issues is the European Cyber Resilience Act (CRA), which introduces strict security requirements for third-party components used in software development. Many open source projects rely on these third-party dependencies, and it can be challenging to track and ensure the security of every component.

The ORC Working Group was formed to help open source projects navigate this evolving regulatory landscape. By working closely with its members, the group is developing best practices, frameworks, and tools that will help projects like Ruby Central’s RubyGems and Bundler meet new compliance standards. 

Additionally, the ORC’s work will help inform governments, the public, and regulatory bodies about how these new regulations will impact open source development and innovation.

What does this mean for Ruby Central?

As regulatory requirements become more complex, it’s crucial that all third-party dependencies within RubyGems, Bundler, and our other open source projects comply with the latest security standards. 

Through our participation in the ORC Working Group, Ruby Central is committed to preparing the Ruby ecosystem for these changes. We’ll have access to resources to help our team navigate security and compliance challenges so that our projects remain resilient. Additionally, we’ll have a voice in shaping processes that will help the wider open source community track vulnerabilities, manage dependencies more securely, and meet the requirements of laws like the CRA.

We look forward to helping shape the future of open source security and compliance. But we can’t do it alone—the more organizations that join the ORC, the stronger our impact will be.

To find more information about the ORC Working Group and how to join, you can visit the participation page on their website.