Dear Reader,
I am currently running a special offer. You can get my hands-on course License Compliance for Embedded Linux Systems for EUR 14,000 instead of EUR 20,000! On completion, we will have checked the license compliance of your embedded Linux system and you will have the tools and knowledge to do such checks on your own. No subscription; just a one-time fee with indefinite access to the tools and the license database!
In the last newsletter, you learned how to identify the risks of a product that you - as the manufacturer - want to keep on the EU market after 11 December 2027 without paying penalties. This was the first step of the risk assessment as demanded by the EU CRA for the essential product requirements. The result was a matrix of the essential product requirements and the user stories. An “x” in the matrix means that the user story violates the requirement.
In this newsletter, I’ll explain how to evaluate the risk (Step 2) posed by the vulnerabilities of each user story. The risk is a combination of the damage caused by exploiting the vulnerabilities and the likelihood of an exploitation. You add the categories of the damage, likelihood and risk for reach user story to the matrix. In Step 3: Prioritising risks, you sort the user stories by their risk.
In the next newsletter (publication date: 6 October), you will learn how to mitigate the risks (Step 4) of each user story and understand the necessity to continuously monitor and review the risks of your system.
Enjoy reading,
Burkhard 💜