members
Risk Assessment of Essential Product Requirements: Mitigating and Reviewing Risks
Episode 66: Better Built By Burkhard
Cyber Resilience Act
The CRA forces manufacturers to protect their embedded systems properly against cybersecurity threats. Otherwise, they face heavy penalties and sales bans. We provide practical tips, how to perform a risk assessment, which security measures are enough to satisfy the essential product requirements, how to tame the thousands of vulnerabilities, and whether it's worth to make an embedded system comply with the CRA at all.
Latest posts — page 2
members
Risk Assessment of Essential Product Requirements: Evaluating and Prioritising Risks
Episode 65: Better Built By Burkhard
members
Risk Assessment of Essential Product Requirements: Identifying Risks
Episode 64: Better Built By Burkhard
members
Risk Assessment of Essential Product Requirements: Prerequisites
Episode 63: Better Built By Burkhard
members
Resources for the EU Cyber Resilience Act
Episode 62: Better Built By Burkhard
EU CRA: Start, Length and End of Support Period
Manufacturers must provide security updates during the support period plus 10 years. The length is calculated from average lifetime, component availability and other criteria. The support period starts when the product is placed on the market.
members
Attacks on Embedded Devices Are Too Easy
Episode 61: Better Built By Burkhard
members
Why the EU Cyber Resilience Act is Important
Episode 60: Better Built By Burkhard
EU CRA: Essential Requirements Related to Vulnerability Handling
The eight requirements define how the manufacturer's process for vulnerability handling must look. They include identifying, addressing and publishing of vulnerabilities as well as timely security updates and generating an SBoM. The post gives practical examples how to do this.
EU CRA: Essential Requirements Related to Product Properties
Embedded systems must satisfy the 13 essential product properties like confidentiality, integrity, availability and access control. Otherwise, they violate the CRA and must not be placed on the market. The post illustrates the product properties with many practical examples.
Embedded Devices Covered by EU Cyber Resilience Act (CRA)
Which devices are covered by the EU Cyber Resilience Act (EU CRA)? * An X-ray fluorescence (XRF) analyser connected with the Internet over WiFi. * A metal-sheet bending machine with an Ethernet port, which will only be used in the future. * The
Crowdstrike: How Not to Do OTA Updates
Episode 54: Better Built By Burkhard