The CRA requires manufactures to document the risk assessment. Architecture decision records (ADRs) are the ideal means for that. They also facilitate good discussions about different mitigation options.
Episode 66: Better Built By Burkhard
Episode 65: Better Built By Burkhard
Episode 64: Better Built By Burkhard
Episode 63: Better Built By Burkhard
Many embedded Linux systems use a Wayland compositor like Weston for window management. Qt applications act as Wayland clients. Weston composes the windows of the Qt applications into a single window and displays it on a screen. I still have
Episode 62: Better Built By Burkhard
Once we have removed an item from a BitBake variable, we cannot re-append it. The evaluation of the following three assignments of the variable BB_VAR yields the same result, no matter in which order the assignments are executed. # Code
Manufacturers must provide security updates during the support period plus 10 years. The length is calculated from average lifetime, component availability and other criteria. The support period starts when the product is placed on the market.
Episode 61: Better Built By Burkhard
Episode 60: Better Built By Burkhard
The eight requirements define how the manufacturer's process for vulnerability handling must look. They include identifying, addressing and publishing of vulnerabilities as well as timely security updates and generating an SBoM. The post gives practical examples how to do this.