No. 70: License Violations Likely to Cut Into Your Profits
A manufacturer blatantly violates the licenses of the FOSS components in its cars. Using the software and the car becomes illegal. The owner must not drive the car and files a lawsuit. Remedies of the legal defect include compliance, price reduction, replacing the car and sales reversal.
Read next
No. 69: Who Defines Minimum Security for Default Products?
Courts will do it! Cybersecurity experts throw a lot of security measures at the wall and see which ones stick. They seriously suggest that manufacturers must only do a "proper" risk assessment and all is fine. Manufacturers define what "proper" means. Isn't that circular reasoning?
No. 68: New Offering - CRA Survival Bootcamp
Are you ready for the Cyber Resilience Act? If not sure, check out my new offering. In the CRA Survival Bootcamp, you'll learn how to do CRA compliance on your own. My related posts may help you as well.
No. 67: Risk Assessment of Essential Product Requirements: Documenting Risks
The CRA requires manufactures to document the risk assessment. Architecture decision records (ADRs) are the ideal means for that. They also facilitate good discussions about different mitigation options.