Add citations to CRA Brief Guide for OSS Developers

This makes the "Cyber Resilience Act (CRA) Brief Guide for Open
Source Software (OSS) Developers" document at
https://best.openssf.org/CRA-Brief-Guide-for-OSS-Developers
more visible.

This is for the "soft release" planned for 2025-07-01.

Signed-off-by: David A. Wheeler <[email protected]>

Author: david-a-wheeler

README.md

@@ -76,7 +76,7 @@ Our work is organized into several discrete-yet-related projects that help us ac
 
 | Effort                  |     Description           |       Git Repo        | Slack Channel | Mailing List |
 | ------------------      | ------------------------  |  -------------------  |  -----------  |  ----------  |
-| Best Practices Guides   | Longer reference documents on implementing specific secure techniques   | - [Compiler Annotations for C and C++ (incubating)](https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Annotations-for-C-and-C++.html), </p> - [Compiler Options Hardening Guide for C and C++](https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++), </p> - [Existing Guidelines for Developing and Distributing Secure Software](https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Existing%20Guidelines%20for%20Developing%20and%20Distributing%20Secure%20Software.md), </p> - [Package Manager Best Practices (incubating)](https://github.com/ossf/package-manager-best-practices), </p> - [npm Best Practices Guide](https://github.com/ossf/package-manager-best-practices/blob/main/published/npm.md), </p> - [Source Code Management Platform Configuration Best Practices](docs/SCM-BestPractices/README.md), </p> - [Secure Coding Guide for Python](https://github.com/ossf/wg-best-practices-os-developers/tree/main/docs/Secure-Coding-Guide-for-Python), | - [#wg-best-practices-compilers](https://openssf.slack.com/archives/C07LH7RH8MT), </p> - [#wg-best-practices-scm](https://openssf.slack.com/archives/C058EC1EZ5Y) | |
+| Best Practices Guides   | Longer reference documents on implementing specific secure techniques   | - [Compiler Annotations for C and C++ (incubating)](https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Annotations-for-C-and-C++.html), </p> - [Compiler Options Hardening Guide for C and C++](https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++), </p> - [Existing Guidelines for Developing and Distributing Secure Software](https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Existing%20Guidelines%20for%20Developing%20and%20Distributing%20Secure%20Software.md), </p> - [Package Manager Best Practices (incubating)](https://github.com/ossf/package-manager-best-practices), </p> - [npm Best Practices Guide](https://github.com/ossf/package-manager-best-practices/blob/main/published/npm.md), </p> - [Source Code Management Platform Configuration Best Practices](docs/SCM-BestPractices/README.md), </p> - [Cyber Resilience Act (CRA) Brief Guide for Open Source Software (OSS) Developers](https://best.openssf.org/CRA-Brief-Guide-for-OSS-Developers). </p> - [Secure Coding Guide for Python](https://github.com/ossf/wg-best-practices-os-developers/tree/main/docs/Secure-Coding-Guide-for-Python), | - [#wg-best-practices-compilers](https://openssf.slack.com/archives/C07LH7RH8MT), </p> - [#wg-best-practices-scm](https://openssf.slack.com/archives/C058EC1EZ5Y) | |
 |  Concise Guides SIGs   |  Quick Guidance around Open Source Software Development Good Practices | - [Concise Guide for Developing More Secure Software](https://best.openssf.org/Concise-Guide-for-Developing-More-Secure-Software), </p> - [Concise Guide for Evaluating Open Source Software](https://best.openssf.org/Concise-Guide-for-Evaluating-Open-Source-Software) |  | [Mailing List](https://lists.openssf.org/g/openssf-wg-best-practices) |
 | Education SIG - (incubating) | To provide industry standard secure software development training materials that will educate learners of all levels and backgrounds on how to create, compose, deploy, and maintain software securely using best practices in cyber and application security. | [EDU.SIG](https://github.com/ossf/education/) (course links are there) | [stream-01-security-education](https://openssf.slack.com/archives/C03FW3YGXH9)  |  [Mailing List](https://lists.openssf.org/g/openssf-sig-education)  |
 |[OpenSSF Best Practices Badge - formerly CII Best Practices badge](https://www.bestpractices.dev/) | Identifies FLOSS best practices & implements a badging system for those practices, | [best-practices-badge](https://github.com/coreinfrastructure/best-practices-badge) | | |

docs/index.md

@@ -14,6 +14,7 @@ This is a list of materials (documents, services, and so on) released by the
 * [Correctly Using Regular Expressions for Secure Input Validation](https://best.openssf.org/Correctly-Using-Regular-Expressions)
 * [Simplifying Software Component Updates](https://best.openssf.org/Simplifying-Software-Component-Updates)
 * [The Memory Safety Continuum](https://memorysafety.openssf.org/memory-safety-continuum)
+* [Cyber Resilience Act (CRA) Brief Guide for Open Source Software (OSS) Developers](https://best.openssf.org/CRA-Brief-Guide-for-OSS-Developers)
 
 Note: You can also see the larger list of
 [Guides released by the OpenSSF](https://openssf.org/resources/guides/).
@@ -37,7 +38,6 @@ guidance about memory safety through our memory safety SIG, and so on.
 Examples of ongoing work include:
 
 * [Secure Coding One Stop Shop for Python](Secure-Coding-Guide-for-Python/readme.md)
-* [Cyber Resilience Act (CRA) Brief Guide for Open Source Software (OSS) Developers](https://best.openssf.org/CRA-Brief-Guide-for-OSS-Developers) - planned soft release 2025-07-01, announcements 2025-07-15
 
 We typically use the [Simplest Possible Process (SPP)](https://best.openssf.org/spp/Simplest-Possible-Process) to publish our results on the web.