Mike Vizard talks with Christopher Robinson of OpenSSF about the EU Cyber Resilience Act and why many software organizations are still unprepared for upcoming compliance obligations. Robinson explains how the CRA affects manufacturers selling products with digital elements into the European Union, including vulnerability reporting, cybersecurity requirements, documentation and potential financial penalties. The conversation also explores why organizations need to reduce software risk, understand dependencies, improve security practices and use business-focused risk language to gain executive support.