The EU’s cyber resilience act (EU) requires manufacturers of products with digital elements to introduce cybersecurity into their products. In this talk, we will show how the new regulation offers opportunities and should not be seen as merely creating additional burdens and responsibilities.

With the CRA, the EU establishes a minimum cybersecurity standard that applies horizontally, i.e., across all sectors and industries. The regulation shall improve the EU’s resilience against cyberattacks. In this talk, we have a look at the most important requirements and how they can be integrated into a modern software development process. For example, we show how the SBOM, which becomes mandatory according to the SRA, can be generated automatically from the build system.

The requirem ...