No. 73: Stop Managing Risk in Cybersecurity
Stop managing risk! It doesn't work! Official bodies shall tell manufacturers which security measures are needed to meet the minimum bar. Telling them to figure it out themselves is a waste of time. Safety doesn't use risk assessment but more effective people. What can security learn?
Read next
Fundamental Definitions of the Cyber Resilience Act
The definitions for making available on the market, placing on the market, intended purpose and substantial modification are crucial for understanding the CRA. The CRA, Blue Guide and Commission guidance interpret them differently. I am trying to sort out this mess.
members