The EU’s Cyber Resilience Act (CRA) requirements for companies to report vulnerabilities and incidents are here in 2026. As we get closer to the 2027 deadline, security teams need to start taking proactive steps towards monitoring, reporting, and acting on their vulnerability backlog.

In this Office Hours we’ll be diving into how security teams can think about building vulnerability management programs to meet the CRA guidelines, along with new topics that have arisen as we get closer to the deadline.

• How to build and structure a vulnerability management program using tools like DefectDojo
• Actions you can take today to meet compliance and regulatory requirements
• How the Open Source Stewards definition will affect the maintenance of open source projects

Speakers

Greg Anderson

CEO & Co-Founder

DefectDojo