Podcasts about cyber resilience act

In this episode of Tech Talks Daily, I speak with Syed Zaeem Hosain, Founder and Chief Evangelist at Aeris. This conversation comes at a critical moment. Deloitte's 2024 Cyber Threat Trends Report reported a 400 percent surge in IoT malware attacks across industries. Forrester has gone further, warning that a major IoT breach could disrupt a large class of devices by 2025. With the stakes higher than ever, Aziz shares his vision for protecting a hyperconnected world. We explore the growing risks in sectors like healthcare, energy and transportation, where compromised devices could have serious real-world impact. Aziz explains why IoT security can no longer be treated as an afterthought and how Aeris is tackling the problem with AI-powered solutions like IoT Watchtower, designed to detect and respond to threats at scale. He also addresses the shifting regulatory landscape, from the EU's NIS2 Directive to the upcoming Cyber Resilience Act. These frameworks are beginning to push organisations toward stronger protections and greater accountability. But are they moving fast enough? My guest outlines where he believes the future of IoT security is heading and what enterprises need to do now to avoid being caught off guard. From embedded AI to next-generation cellular infrastructure, this is a conversation that connects the dots between innovation, risk and responsibility. So how prepared is your organisation for the coming wave of IoT threats? Are we securing what matters most, or sleepwalking into a preventable crisis? Let me know what you think. Is IoT security finally getting the attention it deserves, or are we still too focused on convenience over caution? Join the conversation and share your thoughts.   Check out the Internet of Things for Business book.      

www.iotusecase.com#ENERGIEMANAGEMENT #MODBUS #REVOLUTIONPIIn Episode 174 des IoT Use Case Podcasts spricht Gastgeberin Ing. Madeleine Mickeleit mit Jochend Marwede, Vorstand der Wendeware AG, und Boris Crismancich, Business Development Manager bei KUNBUS, über den praktischen Einsatz industrietauglicher IoT-Hardware und -Software in Energieprojekten. Im Fokus steht die Plattform AMPERIX zur intelligenten Steuerung von Batteriespeichern, Ladesäulen, Wärmepumpen und anderen Verbrauchern – in Kombination mit dem Revolution Pi von KUNBUS, der als robuste IIoT-Hardware im Feld eingesetzt wird. Folge 174 auf einen Blick (und Klick):(16:23) Herausforderungen, Potenziale und Status quo – So sieht der Use Case in der Praxis aus(19:53) Lösungen, Angebote und Services – Ein Blick auf die eingesetzten Technologien (28:09) Übertragbarkeit, Skalierung und nächste Schritte – so könnt Ihr diesen Use Case nutzenPodcast ZusammenfassungIn der industriellen Energiewende zählt jede Kilowattstunde – und jeder verlässliche Datenpunkt. Doch verteilte Standorte, inkompatible Geräte und fehlende Wartungsstrategien erschweren die Umsetzung skalierbarer IoT-Lösungen.In dieser Folge zeigen Jochen Marwede (Wendeware) und Boris Crismancich (KUNBUS), wie es trotzdem gelingen kann: mit einer durchdachten Systemarchitektur, industrietauglicher Hardware und einer Plattform, die sich flexibel in bestehende IT-/OT-Landschaften einfügt.Im Zentrum steht die IoT-Plattform AMPERIX, die große elektrische Verbraucher wie Ladesäulen, Wärmepumpen oder Wasserstoffanlagen in Echtzeit vernetzt, steuert und sich sicher remote updaten lässt. Eingesetzt wird das System unter anderem in Projekten mit modularen Batteriespeichern – wie sie auch bei TESVOLT genutzt werden.Die Hardware-Basis bildet der Revolution Pi von KUNBUS: offen, robust und ausgestattet mit Features wie Containerisierung, Secure Boot per TPM und OTA-Rollbacks – ideal für den Übergang vom Prototypen in den industriellen Dauerbetrieb.Die Episode liefert konkrete Best Practices zur Architektur, Integration und Wartung – und erklärt, wie man teure Zweit-Iterationen vermeiden kann. Auch regulatorische Anforderungen wie der kommende Cyber Resilience Act werden thematisiert.

Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Sarah Fluchs on the Cyber Resilience ActPub date: 2025-06-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCybersecurity and technology expert Sarah Fluchs joins the 100th episode of the Nexus Podcast to discuss the EU's Cyber Resilience Act and what it means for manufacturers of "products with digital elements" as they aim toward a 2027 compliance deadline. Sarah provides her insight on the regulation's essential requirements, its focus on secure-by-design and overall cyber resilience of products, and the milestones manufacturers need to hit as their compliance efforts get under way. Sarah also discusses her thought leadership and work in bringing cybersecurity to engineers, asset operators, and other non-security teams. It's important, she says, to eliminate cybersecurity's innate complexity and bring these concepts to engineers and others on their terms. Listen to the Nexus Podcast on your favorite podcast platform.The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Cybersecurity and technology expert Sarah Fluchs joins the 100th episode of the Nexus Podcast to discuss the EU's Cyber Resilience Act and what it means for manufacturers of "products with digital elements" as they aim toward a 2027 compliance deadline. Sarah provides her insight on the regulation's essential requirements, its focus on secure-by-design and overall cyber resilience of products, and the milestones manufacturers need to hit as their compliance efforts get under way. Sarah also discusses her thought leadership and work in bringing cybersecurity to engineers, asset operators, and other non-security teams. It's important, she says, to eliminate cybersecurity's innate complexity and bring these concepts to engineers and others on their terms. Listen to the Nexus Podcast on your favorite podcast platform.

Podcast: Conservas Guillén by Trend MicroEpisode: Conserva #38 con Maria Penilla (ZIUR) - CRA (Cyber Resilience Act).Pub date: 2025-05-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn Conservas Guillén abrimos una nueva lata para hablar con María Penilla (Directora General de la Fundación ZIUR, Centro de Ciberseguridad Industrial de Gipuzkoa) para hablar de la CRA (Cyber Resilience Act) y como desde la Fundación están ayudando al tejido empresarial / industrial de Guipuzkoa y Euskadi. Conservaciones de 30 minutos, aproximadamente, en lenguaje entendible y coloquial.The podcast and artwork embedded on this page are from Trend Micro Iberia, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Dieses Mal tauchen wir ein in die Welt der Cloud-Technologien und schauen ganz genau hin, welche Chancen und Herausforderungen sie für Versicherungsunternehmen mit sich bringen. Besonders im Fokus: die aktuellen regulatorischen Anforderungen wie DORA, Solvency II und der Cyber Resilience Act, die die digitale Widerstandsfähigkeit und das IT-Risikomanagement der Branche auf ein neues Level heben.Unsere Hosts Dominik Badarne und Herbert Jansky begrüßen zwei absolute Cloud-Urgesteine: Achim Heidebrecht, dessen jahrzehntelange Erfahrung und Pionierarbeit bei der Cloud-Einführung in der Versicherungsbranche besonders heraussticht, und Adrian Wnek, der seit 2012 Cloud-Projekte – insbesondere mit AWS – auf ein neues Level hebt und Unternehmen befähigt, selbstbewusst und sicher in die Cloud zu starten.Freut euch auf ehrliche Einblicke, persönliche Erfahrungen aus echten Transformationsprojekten, Anekdoten aus den frühen Tagen der Cloud-Migration bei Talangs, Learnings rund um Compliance und Regulatorik und einen Blick darauf, wie Unternehmen heute Cloud-Lösungen industriell und sicher umsetzen können. Außerdem werfen wir einen Blick über den Tellerrand, sprechen über Innovationen in anderen Branchen und klären, warum gerade die Cloud helfen kann, regulatorische Anforderungen besser zu erfüllen.Lehnt euch zurück und begleitet uns auf dieser spannenden Reise durch Vergangenheit, Gegenwart und Zukunft der Cloud im Versicherungssektor!Schreibt uns gerne eine Nachricht!Folge uns auf unserer LinkedIn Unternehmensseite für weitere spannende Updates.Unsere Website: https://www.insurancemondaypodcast.de/Du möchtest Gast beim Insurance Monday Podcast sein? Schreibe uns unter info@insurancemondaypodcast.de und wir melden uns umgehend bei Dir.Dieser Podcast wird von dean productions produziert.Vielen Dank, dass Du unseren Podcast hörst!

Podcast: Industrie neu gedacht - ein Tech-Podcast von Bosch RexrothEpisode: Cyber Resilience Act (CRA) - no time to waitPub date: 2025-05-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe CRA is keeping the industrial sector busy. We speak to two experts: Michael Langfinger and Sebastian Krauskopf. They both work for Bosch Rexroth and explain to us what machine builders need to look out for. More about the topic: https://www.boschrexroth.com/en/de/industries/hydrogen/ Do you already know the Rexroth blog If you have any questions, please contact us: vertrieb@boschrexroth.de Produced by Bosch Rexroth AG, Sales Europe Centre Susanne NollThe podcast and artwork embedded on this page are from Bosch Rexroth AG, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrie neu gedacht - ein Tech-Podcast von Bosch RexrothEpisode: Cyber Resilience Act (CRA) - keine Zeit zu wartenPub date: 2025-05-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDer CRA beschäftigt die Industrie. Wie sprechen mit zwei Experten: Michael Langfinger und Sebastian Krauskopf. Sie arbeiten beide für Bosch Rexroth und erklären uns, worauf Maschinenbauer achten müssen, wie Bosch Rexroth unterstützt. Kennen Sie schon den Rexroth-Blog Wenn Sie Fragen haben, dann wenden Sie sich gerne an: vertrieb@boschrexroth.de Produziert von Bosch Rexroth AG, Vertrieb Europa Mitte Susanne NollThe podcast and artwork embedded on this page are from Bosch Rexroth AG, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Het is alweer bijna drie jaar geleden dat we in de Technoloog uitgebreid spraken over de stand van zaken rond het Internet of Things. Over IOT praten we altijd met Wienke Giezeman, mede-oprichter van The Things Industries, en dat is ook deze aflevering het geval. Sinds ons laatste gesprek is er veel veranderd, bijvoorbeeld de opkomst van generatieve AI. Waar deze technologie drie jaar geleden nog nauwelijks een rol speelde, is het nu niet meer weg te denken uit de wereld van verbonden apparaten. AI maakt het mogelijk om IoT-data sneller te analyseren en directer te benutten, maar brengt ook risico’s met zich mee, zoals grotere afhankelijkheid, complexere beveiligingsvraagstukken en vooral: onbetrouwbare apparatuur. Op het gebied van standaarden blijft Matter het toverwoord. Deze universele taal voor IoT-apparaten werd drie jaar geleden al genoemd, maar heeft sindsdien moeite gehad om echt door te breken. Dat is opmerkelijk, gezien de brede steun van grote partijen als Amazon, Samsung en Ikea. Toch blijft volledige interoperabiliteit uit. Er zijn nog altijd protocollen die hun eigen positie willen behouden, en dat maakt het moeilijk om tot één standaard te komen. Terwijl juist die eenduidigheid de hele markt vooruit zou kunnen helpen. Ook de Europese wetgever roert zich. De EU Data Act, die naar verwachting in september van kracht wordt, verplicht fabrikanten om data uit IoT-apparatuur toegankelijk te maken. Dat biedt kansen voor gebruikers om met eigen software of alternatieve oplossingen aan de slag te gaan, maar leidt mogelijk ook tot fragmentatie. Tegelijkertijd komt er met de Cyber Resilience Act een nieuwe plicht voor fabrikanten: betere standaardbeveiliging van hun producten. Dat klinkt logisch, maar zou in de praktijk botsen met de wens om systemen juist open en modificeerbaar te houden. Zeker bij open-source oplossingen is het de vraag hoe die balans moet worden bewaakt. Ten slotte werpen we een blik op de toekomst. Hoeveel slimmer, efficiënter of duurzamer is het leven met IoT inmiddels echt geworden? Is een 'slim' huis echt zoveel fijner? En waar staan we als we over een aantal jaar opnieuw de balans opmaken? Gast Wienke Giezeman Video YouTube Hosts Ben van der Burg & Daniël Mol Redactie Daniël MolSee omnystudio.com/listener for privacy information.

www.iotusecase.com#MASCHINENBAU #SECURITY #PENETRATIONTEST #IOT-PLATTFORMIn der 165. Episode des IoT Use Case Podcasts spricht Gastgeberin Ing. Madeleine Mickeleit mit Michael Buchenberg, Head of IT Security bei XITASO, über die Absicherung vernetzter Produkte im industriellen Umfeld. Am Beispiel eines Projekts mit DMG MORI und der Plattform CELOS X zeigt die Folge, wie Penetration Tests in der Praxis ablaufen, welche Angriffsvektoren im IoT-Kontext eine Rolle spielen und wie Konzepte wie DevSecOps und der Cyber Resilience Act die Entwicklung sicherer Lösungen beeinflussen.Folge 165 auf einen Blick (und Klick):(10:55) Herausforderungen, Potenziale und Status quo – So sieht der Use Case in der Praxis aus(16:08) Lösungen, Angebote und Services – Ein Blick auf die eingesetzten Technologien (22:02) Übertragbarkeit, Skalierung und nächste Schritte – So könnt ihr diesen Use Case nutzen Podcast ZusammenfassungWie sicher sind eigentlich meine digitalen Produkte im Feld? Diese Frage stellen sich viele Hersteller – spätestens, wenn es um vernetzte Maschinen, IoT-Plattformen oder Kundenportale geht. Genau darum geht es in dieser Podcastfolge mit Michael Buchenberg, Head of IT Security bei XITASO.Am Beispiel eines Projekts mit DMG MORI und der Plattform CELOS X wird praxisnah aufgezeigt, wie Penetration Tests helfen, reale Schwachstellen frühzeitig zu identifizieren – etwa in Maschinen, Cloud-Anbindungen oder Standard-Schnittstellen wie OPC UA oder MQTT. Getestet wird unter realistischen Bedingungen: direkt an der Maschine im Shopfloor.Zentrale Herausforderungen:Historisch gewachsener Code (z. B. alte SPS-Programme), der nicht für Vernetzung entwickelt wurdeMangelnde Transparenz über Risiken im Gesamtsystem – von der Maschine bis zur CloudFehlendes Schwachstellenmanagement in der ProduktentwicklungSorgen von Endkunden beim Umgang mit sensiblen ProduktionsdatenLösungsansatz: Neben klassischem Penetration Testing spricht Michael über den Ansatz DevSecOps – also das frühzeitige Mitdenken von Sicherheit in der Software- und Produktentwicklung. Entscheidend ist dabei: Wer potenzielle Schwachstellen schon in der Architektur erkennt, spart Aufwand und Kosten in späteren Phasen.Regulatorische Relevanz:Mit dem Cyber Resilience Act und der NIS-2-Richtlinie wird Sicherheit zur Pflicht. Hersteller müssen künftig aktiv nach Schwachstellen suchen, Updates bereitstellen und Sicherheit über den gesamten Produktlebenszyklus sicherstellen.Die Folge liefert klare Best Practices und einen Realitätscheck für alle, die IoT-Lösungen entwickeln oder betreiben – insbesondere im Maschinen- und Anlagenbau, aber auch darüber hinaus.-----Relevante Folgenlinks:Madeleine (https://www.linkedin.com/in/madeleine-mickeleit/)Michael (https://www.linkedin.com/in/michael-buchenberg/)CELOS X Plattform (https://de.dmgmori.com/produkte/digitalisierung/celos-x)Post-Quanten-Kryptographie (https://xitaso.com/projekte/amiquasy-migration-zu-post-quanten-kryptographie/)Penetration Tests von Fräsmaschinen (https://xitaso.com/projekte/dmg-mori-penetration-test/?utm_source=iot.website&utm_medium=podcast&utm_campaign=iot.use.case)Jetzt IoT Use Case auf LinkedIn folgen

Eddie Knight, OSPO lead at Sonatype, discusses how the EU Cyber Resilience Act can help with improving your software project's security and in the same time to slow down the alarming acceleration of software supply chain attacks. Read a transcript of this interview: https://bit.ly/3RDMPVX Subscribe to the Software Architects' Newsletter for your monthly guide to the essential news and experience from industry peers on emerging patterns and technologies: https://www.infoq.com/software-architects-newsletter Upcoming Events: InfoQ Dev Summit Boston (June 9-10, 2025) Actionable insights on today's critical dev priorities. devsummit.infoq.com/conference/boston2025 InfoQ Dev Summit Munich (October 15-16, 2025) Essential insights on critical software development priorities. https://devsummit.infoq.com/conference/munich2025 QCon San Francisco 2025 (November 17-21, 2025) Get practical inspiration and best practices on emerging software trends directly from senior software developers at early adopter companies. https://qconsf.com/ QCon AI NYC 2025 (December 16-17, 2025) https://ai.qconferences.com/ The InfoQ Podcasts: Weekly inspiration to drive innovation and build great teams from senior software leaders. Listen to all our podcasts and read interview transcripts: - The InfoQ Podcast https://www.infoq.com/podcasts/ - Engineering Culture Podcast by InfoQ https://www.infoq.com/podcasts/#engineering_culture - Generally AI: https://www.infoq.com/generally-ai-podcast/ Follow InfoQ: - Mastodon: https://techhub.social/@infoq - Twitter: twitter.com/InfoQ - LinkedIn: www.linkedin.com/company/infoq - Facebook: bit.ly/2jmlyG8 - Instagram: @infoqdotcom - Youtube: www.youtube.com/infoq Write for InfoQ: Learn and share the changes and innovations in professional software development. - Join a community of experts. - Increase your visibility. - Grow your career. https://www.infoq.com/write-for-infoq

Am 11. Dezember 2024 ist der Cyber Resilience Act in Kraft getreten. Diese EU-Verordnung hat ein hehres Ziel und will Softwareprodukte in der EU sicherer machen. Welche Auswirkungen diese neue Verordnung heute und in Zukunft auf die Softwareentwicklung haben wird, besprechen wir heute mit Sebastian. Sebastian hat sich den kompletten CRA mehrmals durchgelesen um die relevanten Themen für unsere tägliche Arbeit in der Softwareentwicklung herauszufinden.

Hallo da draußen an den Empfangsgeräten. In der heutigen Podcast Folge ist Sarah Fluchs zu Gast. Sarah ist Chief Technology Officer (CTO) beim Beratungsunternehmen admeritia. In der Folge geht es mal wieder um das Thema OT-Security. Langweilig? Von wegen! In dieser Folge lassen Julius, Marcel und Sarah jegliche Basics hinter sich und steigen so richtig tief in das Thema der OT-Security Standards ein und werfen dabei ein ganz besonderes Augenmerk auf die IEC62443. Sind OT-Standards ein Fluch oder Segen?

In this episode, open source legal expert Luis Villa breaks down what the EU's Cyber Resilience Act means for developers and businesses, exploring carve-outs for individual contributors and the complex relationship between security and sustainability. Luis provides practical guidance on navigating this evolving regulatory landscape while explaining why the CRA represents both a challenge and an opportunity for the open source ecosystem. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-CRA_luis_villa/

⬥GUEST⬥Sarah Fluchs, CTO at admeritia | CRA Expert Group at EU Commission | On LinkedIn: https://www.linkedin.com/in/sarah-fluchs/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥The European Commission's Cyber Resilience Act (CRA) introduces a regulatory framework designed to improve the security of digital products sold within the European Union. In a recent episode of Redefining CyberSecurity, host Sean Martin spoke with Sarah Fluchs, Chief Technology Officer at admeritia and a member of the CRA expert group at the EU Commission. Fluchs, who has spent her career in industrial control system cybersecurity, offers critical insights into what the CRA means for manufacturers, retailers, and consumers.A Broad Scope: More Than Just Industrial AutomationUnlike previous security regulations that focused on specific sectors, the CRA applies to virtually all digital products. Fluchs emphasizes that if a device is digital and sold in the EU, it likely falls under the CRA's requirements. From smartwatches and baby monitors to firewalls and industrial control systems, the regulation covers a wide array of consumer and business-facing products.The CRA also extends beyond just hardware—software and services required for product functionality (such as cloud-based components) are also in scope. This broad application is part of what makes the regulation so impactful. Manufacturers now face mandatory cybersecurity requirements that will shape product design, development, and post-sale support.What the CRA RequiresThe CRA introduces mandatory cybersecurity standards across the product lifecycle. Manufacturers will need to:Ensure products are free from known, exploitable vulnerabilities at the time of release.Implement security by design, considering cybersecurity from the earliest stages of product development.Provide security patches for the product's defined lifecycle, with a minimum of five years unless justified otherwise.Maintain a vulnerability disclosure process, ensuring consumers and authorities are informed of security risks.Include cybersecurity documentation, requiring manufacturers to provide detailed security instructions to users.Fluchs notes that these requirements align with established security best practices. For businesses already committed to cybersecurity, the CRA should feel like a structured extension of what they are already doing, rather than a disruptive change.Compliance Challenges: No Detailed Checklist YetOne of the biggest concerns among manufacturers is the lack of detailed compliance guidance. While other EU regulations provide extensive technical specifications, the CRA's security requirements span just one and a half pages. This ambiguity is intentional—it allows flexibility across different industries—but it also creates uncertainty.To address this, the EU will introduce harmonized standards to help manufacturers interpret the CRA. However, with tight deadlines, many of these standards may not be ready before enforcement begins. As a result, companies will need to conduct their own cybersecurity risk assessments and demonstrate due diligence in securing their products.The Impact on Critical Infrastructure and Industrial SystemsWhile the CRA is not specifically a critical infrastructure regulation, it has major implications for industrial environments. Operators of critical systems, such as utilities and manufacturing plants, will benefit from stronger security in the components they rely on.Fluchs highlights that many security gaps in industrial environments stem from weak product security. The CRA aims to fix this by ensuring that manufacturers, rather than operators, bear the responsibility for secure-by-design components. This shift could significantly reduce cybersecurity risks for organizations that rely on complex supply chains.A Security Milestone: Holding Manufacturers AccountableThe CRA represents a fundamental shift in cybersecurity responsibility. For the first time, manufacturers, importers, and retailers must guarantee the security of their products or risk being banned from selling in the EU.Fluchs points out that while the burden of compliance is significant, the benefits for consumers and businesses will be substantial. Security-conscious companies may even gain a competitive advantage, as customers start to prioritize products that meet CRA security standards.For those in the industry wondering how strictly the EU will enforce compliance, Fluchs reassures that the goal is not to punish manufacturers for small mistakes. Instead, the EU Commission aims to improve cybersecurity without unnecessary bureaucracy.The Bottom LineThe Cyber Resilience Act is set to reshape cybersecurity expectations for digital products. While manufacturers face new compliance challenges, consumers and businesses will benefit from stronger security measures, better vulnerability management, and increased transparency.Want to learn more? Listen to the full episode of Redefining CyberSecurity with Sean Martin and Sarah Fluchs to hear more insights into the CRA and what it means for the future of cybersecurity.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/sarah-fluchs_aaand-its-official-the-cyber-resilience-activity-7250162223493300224-zECA/Adopted CRA text: https://data.consilium.europa.eu/doc/document/PE-100-2023-INIT/en/pdfA list of Sarah's blog posts to get your CRA knowledge up to speed:1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it: https://fluchsfriction.medium.com/eu-cyber-resilience-act-9e092fffbd732️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://fluchsfriction.medium.com/what-cybersecurity-standards-will-products-in-the-eu-soon-have-to-meet-590854ba3c8c3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://fluchsfriction.medium.com/what-the-cyber-resilience-act-requires-from-manufacturers-0ee0b917d2094️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://fluchsfriction.medium.com/product-security-regulation-in-2024-93ddc6dd89005️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://fluchsfriction.medium.com/how-to-be-cra-compliant-and-make-your-critical-infrastructure-clients-happy-441ecd859f52⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity: 

⬥GUEST⬥Sarah Fluchs, CTO at admeritia | CRA Expert Group at EU Commission | On LinkedIn: https://www.linkedin.com/in/sarah-fluchs/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥The European Commission's Cyber Resilience Act (CRA) introduces a regulatory framework designed to improve the security of digital products sold within the European Union. In a recent episode of Redefining CyberSecurity, host Sean Martin spoke with Sarah Fluchs, Chief Technology Officer at admeritia and a member of the CRA expert group at the EU Commission. Fluchs, who has spent her career in industrial control system cybersecurity, offers critical insights into what the CRA means for manufacturers, retailers, and consumers.A Broad Scope: More Than Just Industrial AutomationUnlike previous security regulations that focused on specific sectors, the CRA applies to virtually all digital products. Fluchs emphasizes that if a device is digital and sold in the EU, it likely falls under the CRA's requirements. From smartwatches and baby monitors to firewalls and industrial control systems, the regulation covers a wide array of consumer and business-facing products.The CRA also extends beyond just hardware—software and services required for product functionality (such as cloud-based components) are also in scope. This broad application is part of what makes the regulation so impactful. Manufacturers now face mandatory cybersecurity requirements that will shape product design, development, and post-sale support.What the CRA RequiresThe CRA introduces mandatory cybersecurity standards across the product lifecycle. Manufacturers will need to:Ensure products are free from known, exploitable vulnerabilities at the time of release.Implement security by design, considering cybersecurity from the earliest stages of product development.Provide security patches for the product's defined lifecycle, with a minimum of five years unless justified otherwise.Maintain a vulnerability disclosure process, ensuring consumers and authorities are informed of security risks.Include cybersecurity documentation, requiring manufacturers to provide detailed security instructions to users.Fluchs notes that these requirements align with established security best practices. For businesses already committed to cybersecurity, the CRA should feel like a structured extension of what they are already doing, rather than a disruptive change.Compliance Challenges: No Detailed Checklist YetOne of the biggest concerns among manufacturers is the lack of detailed compliance guidance. While other EU regulations provide extensive technical specifications, the CRA's security requirements span just one and a half pages. This ambiguity is intentional—it allows flexibility across different industries—but it also creates uncertainty.To address this, the EU will introduce harmonized standards to help manufacturers interpret the CRA. However, with tight deadlines, many of these standards may not be ready before enforcement begins. As a result, companies will need to conduct their own cybersecurity risk assessments and demonstrate due diligence in securing their products.The Impact on Critical Infrastructure and Industrial SystemsWhile the CRA is not specifically a critical infrastructure regulation, it has major implications for industrial environments. Operators of critical systems, such as utilities and manufacturing plants, will benefit from stronger security in the components they rely on.Fluchs highlights that many security gaps in industrial environments stem from weak product security. The CRA aims to fix this by ensuring that manufacturers, rather than operators, bear the responsibility for secure-by-design components. This shift could significantly reduce cybersecurity risks for organizations that rely on complex supply chains.A Security Milestone: Holding Manufacturers AccountableThe CRA represents a fundamental shift in cybersecurity responsibility. For the first time, manufacturers, importers, and retailers must guarantee the security of their products or risk being banned from selling in the EU.Fluchs points out that while the burden of compliance is significant, the benefits for consumers and businesses will be substantial. Security-conscious companies may even gain a competitive advantage, as customers start to prioritize products that meet CRA security standards.For those in the industry wondering how strictly the EU will enforce compliance, Fluchs reassures that the goal is not to punish manufacturers for small mistakes. Instead, the EU Commission aims to improve cybersecurity without unnecessary bureaucracy.The Bottom LineThe Cyber Resilience Act is set to reshape cybersecurity expectations for digital products. While manufacturers face new compliance challenges, consumers and businesses will benefit from stronger security measures, better vulnerability management, and increased transparency.Want to learn more? Listen to the full episode of Redefining CyberSecurity with Sean Martin and Sarah Fluchs to hear more insights into the CRA and what it means for the future of cybersecurity.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/sarah-fluchs_aaand-its-official-the-cyber-resilience-activity-7250162223493300224-zECA/Adopted CRA text: https://data.consilium.europa.eu/doc/document/PE-100-2023-INIT/en/pdfA list of Sarah's blog posts to get your CRA knowledge up to speed:1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it: https://fluchsfriction.medium.com/eu-cyber-resilience-act-9e092fffbd732️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://fluchsfriction.medium.com/what-cybersecurity-standards-will-products-in-the-eu-soon-have-to-meet-590854ba3c8c3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://fluchsfriction.medium.com/what-the-cyber-resilience-act-requires-from-manufacturers-0ee0b917d2094️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://fluchsfriction.medium.com/product-security-regulation-in-2024-93ddc6dd89005️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://fluchsfriction.medium.com/how-to-be-cra-compliant-and-make-your-critical-infrastructure-clients-happy-441ecd859f52⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity: 

Depuis sa publication, le CRA a été décrié par les experts du logiciel libre comme une menace existentielle pour la filière européenne. Et c'est désormais acté, en réaction à ce texte, 10 logiciels libres ont décidé de quitter l'UE. Explications de cette sentence exceptionnelle par Jean-Paul Smets, PDG de rapid.space. -----------------------------------------------------------------------SMART TECH - Le magazine quotidien de l'innovationDans SMART TECH, l'actu du numérique et de l'innovation prend tout son sens. Chaque jour, des spécialistes décryptent les actualités, les tendances, et les enjeux soulevés par l'adoption des nouvelles technologies.

Il nostro mondo digitale è sempre più interconnesso, e con questo cresce anche il rischio di attacchi informatici che minacciano dati personali, servizi essenziali e infrastrutture critiche. In un panorama in cui la sicurezza non è un'opzione ma una necessità, le aziende devono trovare nuovi strumenti e approcci, come il Bug Bounty, per proteggere i propri sistemi e garantire la fiducia di chi li utilizza. Per capire come affrontare queste sfide e quali strategie possono davvero fare la differenza abbiamo invitato Luca Manara, CEO di UNGUESS.Nella sezione delle notizie parliamo di un nuovo record per la fusione nucleare compiuto dal reattore tokamak WEST e infine di Microsoft che ha presentato il suo rivoluzionario chip quantistico.--Indice--00:00 - Introduzione01:39 - Un nuovo record per la fusione nucleare (HDBlog.it, Matteo Gallo)02:38 - Microsoft presenta il suo chip quantistico (DDay.it, Luca Martinelli)04:22 - UNGUESS: prevenire gli attacchi informatici con il Bug Bounty (Luca Manara, Davide Fasoli, Luca Martinelli)34:48 - Conclusione--Contatti--• www.dentrolatecnologia.it• Instagram (@dentrolatecnologia)• Telegram (@dentrolatecnologia)• YouTube (@dentrolatecnologia)• redazione@dentrolatecnologia.it--Immagini--• Foto copertina: Freepik--Brani--• Ecstasy by Rabbit Theft• Ride or Die by Andromedik & Pirapus (ft. Indy Skies)

Smarte Toaster, PC-Spiele, Mikroprozessoren und Antivirusprogramme – auf all diese Produkttypen ist der Cyber Resilience Act (CRA) anzuwenden, welcher am 12. Dezember 2024 in Kraft trat. In dieser Folge werfen wir einen genauen Blick auf die neue EU-Verordnung, die Hersteller und Händler in Sachen IT-Sicherheit in die Pflicht nimmt und die die Resilienz von digitalen Produkten nachhaltig stärken soll. Was bedeutet das konkret und wie können sich Unternehmen frühzeitig auf die neuen Anforderungen vorbereiten? Unsere BSI-Expertin Anna Schwendicke beleuchtet die Auswirkungen des CRA auf die Hersteller von IT, sowie auf Händler und Verbraucher und erklärt, wie sich Firmen den neuen Anforderungen stellen können.

Dick Brooks from Business Cyber Guardian discusses the landscape of federal software security requirements, we discuss frameworks like CISA's Software Acquisition Guide, Secure Software Development Framework, and the EU's Cyber Resilience Act. These regulations impact open source projects differently from commercial vendors, Dick helps explain what that means for the vendors as well as open source developers. The accompaning blog can be found at https://opensourcesecurity.io/2025/01-government_security_requirements_with_dick_brooks     CISA Software Acquisition Guide CISA SAG Reader Project NASA SSDF collaboration

Am 10. Oktober 2024 wurde von der EU der Cyber Resilience Act verabschiedet. Diese Verordnung dient der Erhöhung der Cybersicherheit von Produkten mit einer digitalen Komponente, um Verbraucher*innen und Unternehmen besser zu schützen. Was kommt da auf die Unternehmen zu? Dies diskutieren Sandro Müller und Andreas Wisler in der aktuellen Folge.

The State of Cybersecurity in the European Union Cyber threats know no borders, and in the European Union, harmonizing cybersecurity efforts across 27 member states is no small feat. In this episode of Threat Talks, host Lieuwe Jan Koning speaks with Hans de Vries, Chief Cybersecurity and Operational Officer at ENISA, about the critical work being done to secure Europe's digital future.

Dit is aflevering 121 van Licht op Legal. In deze aflevering gaat Michael Reker, advocaat Information Technology & Privacy bij Van Benthem & Keulen, in op de Cyber Resilience Act.De Cyber Resillience Act (afgekort CRA) is ingevoerd om de beveiliging van hardware en softwareproducten in de EU te verhogen om daarmee impact van beveiligingsincidenten te beperken (denk aan gevallen zoals de Ripple20-exploit of de Crowdstrike-update). De hoofddoelen van de CRA leiden vanaf december 2027 tot strengere producteisen op het gebied van beveiliging en een verplichte CE-markering voor alle producten met digitale elementen (hardware en software)​.In deze aflevering vertelt Michael op welke producten de Cyber Resilience Act van toepassing is en wat de belangrijkste verplichtingen zijn die de Cyber Resilience Act oplegt aan bijvoorbeeld producenten, importeurs en distributeurs van deze producten. Vervolgens legt Michael uit wat de verplichting tot CE-markering concreet betekent en wat bedrijven hiervoor moeten doen en gaat Michael in op de gevolgen van het niet voldoen aan de eisen van de Cyber Resilience Act. Michael sluit de podcast af met tips voor bedrijven die zich voorbereiden op de komst van de Cyber Resilience Act.Wilt u meer weten over de Cyber Resilience Act? Neem dan contact op met Michael Reker.Heeft u suggesties voor een onderwerp of wilt u dat onze experts hun licht laten schijnen op uw juridische vraagstuk? Stuur dan een mail naar lichtoplegal@vbk.nl. Licht op Legal kunt u via onze website, Spotify, Apple Podcasts of uw eigen favoriete podcastapp beluisteren.Dit is een podcast van Van Benthem & Keulen. U vindt ons op:vbk.nlLinkedInTwitterFacebookInstagram Hosted on Acast. See acast.com/privacy for more information.

How are businesses preparing for the evolving threats and challenges in the world of cybersecurity? In today's episode of Tech Talks Daily, I'm joined by Dominik Samociuk, Head of Security at Future Processing, a technology consultancy and software delivery partner with over two decades of experience.  Together, we explore the current state of cybersecurity and dive into predictions for 2025, focusing on emerging threats, regulatory changes, and the critical importance of cyber resilience. Dominik shares insights into the rise of AI-driven attacks, including deepfakes and automated phishing campaigns, which are increasing in sophistication and volume. These threats are forcing organizations to rethink their strategies, moving beyond prevention to comprehensive approaches that include detection, response, and recovery. We also discuss how businesses can strengthen their defenses through zero-trust architecture, third-party risk management, and enhanced employee training—especially as the human factor remains one of the most vulnerable aspects of cybersecurity. Regulatory changes, such as the NIS2 Directive, DORA, and the upcoming Cyber Resilience Act, are also driving a shift in how organizations approach security. Dominik explains how businesses can align with these evolving requirements by conducting regular gap analyses, automating compliance processes, and leveraging frameworks like ISO 27001 and NIST. Data privacy in the era of AI is another key focus of our discussion. Dominik outlines the steps businesses must take to classify and protect sensitive data, ensure transparency with stakeholders, and build robust incident response plans. Additionally, we delve into the importance of embedding security practices throughout the development lifecycle and the role of open-source intelligence in identifying vulnerabilities and emerging threats. Whether you're looking to stay ahead of cyber threats or understand how regulatory changes will impact your organization, this episode provides actionable insights to navigate the complexities of modern cybersecurity. How is your business preparing for the future of cyber resilience? Join the conversation and share your thoughts!

Inoltre, la nuova Direttiva (UE) 2024/2853 del Parlamento europeo e del Consiglio sulla responsabilità per danno da prodotti difettosi, un articolo sulla gestione del rischio nell'Intelligenza Artificiale, le novità per i neopatentati nel nuovo Codice della strada e il c.d. Decreto giustizia con modifiche urgenti in materia di giustizia penale.>> Leggi anche l'articolo: https://tinyurl.com/5fx7h9c9>> Scopri tutti i podcast di Altalex: https://bit.ly/2NpEc3w

Nästan fem år har gått sedan Mattias och Erik pratade om underliga attacker - alltså märkliga händelser och ovanliga metoder. Det är helt enkelt dags för en ny variant! Varför inte börja med Keyboard hijacking och Bluesnarfing! Alltså vad det innebär och hur det går till att bryta sig in genom readiokommunikation och avlyssna ett tangentbord. Sedan ta sig vidare till nordamerika och titta närmare på ett kasino och dyka ner i dess akvarium. Ja för även dessa kan hackas! Detta och en hel del annat i detta avsnitt som även kommer in på vilka typer av IoT det finns och vad Cyber Resilience Act kan bidra till dessa ovanliga attacker. Sedan även den kanske mest omoraliska attacken någonsin som slutade i långt fängelsestraff!  

This week we're talking to Matthew Hodgson, one of the founders of Matrix - a network for secure, decentralised communication, and CEO/CTO of Element - a communications platform built using Matrix, about the regulatory environment matrix lives in, the difficulty of and the passion for interoperable communications at matrix, and the complications of building an encrypted communications platform both technically and in this day and age. Links for description: - Matrix: https://matrix.org/ - Element: https://element.io/ - Telegram's encryption: https://www.wired.com/story/telegram-encryption-end-to-end-features/ - Blah: https://www.vanillaplus.com/2014/05/22/2663-tim-brasil-deploys-amdocs-unified-communications-for-blah-service/ - Anatel Brazil Whatsapp arrest: https://www.reuters.com/article/technology/facebook-exec-jailed-in-brazil-as-court-seeks-whatsapp-data-idUSKCN0W34WA/ - eEuropean commission 42 point going dark plan: https://www.patrick-breyer.de/en/first-insight-42-key-points-of-the-secret-eugoingdark-surveillance-plan-for-the-new-eu-commission - Clipper chip: Listen to our podcast - https://privacyinternational.org/video/5332/cryptowars-short-history-encryption-politics - Online Safety Act: https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer - Liberty on the Online Safety Act: https://www.libertyhumanrights.org.uk/wp-content/uploads/2022/04/Joint-civil-society-briefing-on-private-messaging-in-the-Online-Safety-Bill-for-Second-Reading-in-the-House-of-Lords-January-2023.pdf - Adam Langley: https://www.imperialviolet.org/ - Pond.org: https://medium.com/@undercomm/secure-communication-pond-4985bfe85a2c - 'We kill people based on metadata' https://abcnews.go.com/blogs/headlines/2014/05/ex-nsa-chief-we-kill-people-based-on-metadata - PI and ICRC report: https://privacyinternational.org/report/2509/humanitarian-metadata-problem-doing-no-harm-digital-era - Matrix P2P tracker: https://arewep2pyet.com/ - Alec Muffett v Matthew Hodgson: https://www.theverge.com/2022/3/28/23000148/eu-dma-damage-whatsapp-encryption-privacy - PI's take on the Digital Markets Act: https://privacyinternational.org/long-read/5356/what-digital-markets-act-and-what-does-it-mean-our-privacy-and-wider-rights - Apple enable RCS: https://www.theverge.com/2024/6/10/24171315/apple-messages-rcs-ios-18-imessage-green-bubble - Chat Control: https://www.patrick-breyer.de/en/posts/chat-control/ - Cyber Resilience Act: https://privacyinternational.org/advocacy/5060/our-position-eu-cyber-resilience-act-cra

A Colorado health system's patient portal has been compromised. Malicious uploads to open-source repositories surge over the past year. Octo2 malware targets Android devices. A critical vulnerability in Veeam Backup & Replication software is being exploited. The U.S. and U.K. team up for kids online safety. The European Council adopts the Cyber Resilience Act. New York State adopts new cyber regulations for hospitals. The FBI created its own cryptocurrency to help thwart fraudsters. Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters." Getting dumped via AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters." Selected Reading Cyberattack targets healthcare nonprofit overseeing 13 Colorado facilities (The Record) Malicious packages in open-source repositories are surging (CyberScoop) Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices (HackRead) Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware (Cybersecuritynews) Britain, US set up working group to improve children's online safety (Reuters) European Council Adopts Cyber Resilience Act (BankInfoSecurity) New York State Enacts New Cyber Requirements for Hospitals (BankInfoSecurity) FBI created a crypto token so it could watch it being abused (The Register) Man learns he's being dumped via “dystopian” AI summary of texts (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

News includes the archiving of the “Phoenix Sync” project, a major update to Gettext that enhances compilation efficiency, the release of ErrorTracker v0.2.6 with new features like error pruning and ignoring, and José Valim highlighting UX issues with ChatGPT's new UI. We were also joined by Alistair Woodman, a board member of the EEF (Erlang Ecosystem Foundation), who explained the EEF's recent efforts to stay ahead of legislation and technical regulatory shifts that may impact developers soon. Alistair discussed the changing regulatory landscape in the US and the EU due to high-profile exploits, outages, and nation-state supply chain attacks. We learned how the EEF supports Elixir and BEAM developers and what they need from the community now, and more! Show Notes online - http://podcast.thinkingelixir.com/220 (http://podcast.thinkingelixir.com/220) Elixir Community News - https://github.com/josevalim/sync (https://github.com/josevalim/sync?utm_source=thinkingelixir&utm_medium=shownotes) – The "Phoenix Sync" project has been archived with no immediate explanation yet. - https://github.com/elixir-gettext/gettext/blob/main/CHANGELOG.md#v0260 (https://github.com/elixir-gettext/gettext/blob/main/CHANGELOG.md#v0260?utm_source=thinkingelixir&utm_medium=shownotes) – Gettext has a big update to version 0.26.0 which includes a more efficient compilation. - https://github.com/elixir-cldr/cldr (https://github.com/elixir-cldr/cldr?utm_source=thinkingelixir&utm_medium=shownotes) – Gettext feels similar to how ExCldr allows defining a custom backend. - https://elixirstatus.com/p/TvydI-errortracker-v026-has-been-released (https://elixirstatus.com/p/TvydI-errortracker-v026-has-been-released?utm_source=thinkingelixir&utm_medium=shownotes) – ErrorTracker v0.2.6 has been released with key improvements like a global error tracking disable flag, automatic resolved error pruning, and error ignorer. - https://github.com/mimiquate/tower (https://github.com/mimiquate/tower?utm_source=thinkingelixir&utm_medium=shownotes) – Tower is a flexible error tracker for Elixir applications that listens for errors and reports them to configured reporters like email, Rollbar, or Slack. - https://x.com/josevalim/status/1832509464240374127 (https://x.com/josevalim/status/1832509464240374127?utm_source=thinkingelixir&utm_medium=shownotes) – José highlighted some UX issues with ChatGPT's new UI, mentioning struggles with concurrent updates. - https://x.com/josevalim/status/1833176754090897665 (https://x.com/josevalim/status/1833176754090897665?utm_source=thinkingelixir&utm_medium=shownotes) – José postponed publishing a video on optimistic updates with LiveView due to an Apple announcement. - https://github.com/wojtekmach/mixinstallexamples (https://github.com/wojtekmach/mix_install_examples?utm_source=thinkingelixir&utm_medium=shownotes) – A new WebRTC example was added to the "Mix Install Examples" project. - https://github.com/wojtekmach/mixinstallexamples/pull/42 (https://github.com/wojtekmach/mix_install_examples/pull/42?utm_source=thinkingelixir&utm_medium=shownotes) – The WebRTC example shows how to use the ex_webrtc Elixir package in a small script, compatible with Mix.install/2. - https://github.com/elixir-webrtc/ex_webrtc (https://github.com/elixir-webrtc/ex_webrtc?utm_source=thinkingelixir&utm_medium=shownotes) – The Elixir package used for the WebRTC example. - https://x.com/taylorotwell/status/1831668872732180697 (https://x.com/taylorotwell/status/1831668872732180697?utm_source=thinkingelixir&utm_medium=shownotes) – Laravel raised a $57M Series A in partnership with Accel, likely related to their Laravel Cloud hosting platform. Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Discussion Resources - https://en.wikipedia.org/wiki/CyberResilienceAct (https://en.wikipedia.org/wiki/Cyber_Resilience_Act?utm_source=thinkingelixir&utm_medium=shownotes) - https://news.apache.org/foundation/entry/open-source-community-unites-to-build-cra-compliant-cybersecurity-processes (https://news.apache.org/foundation/entry/open-source-community-unites-to-build-cra-compliant-cybersecurity-processes?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.cisa.gov/sites/default/files/2024-05/CISA%20Secure%20by%20Design%20Pledge_508c.pdf (https://www.cisa.gov/sites/default/files/2024-05/CISA%20Secure%20by%20Design%20Pledge_508c.pdf?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf (https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.infoworld.com/article/2336216/white-house-urges-developers-to-dump-c-and-c.html (https://www.infoworld.com/article/2336216/white-house-urges-developers-to-dump-c-and-c.html?utm_source=thinkingelixir&utm_medium=shownotes) - https://en.m.wikipedia.org/wiki/CE_marking (https://en.m.wikipedia.org/wiki/CE_marking?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.cisco.com/c/en/us/services/acquisitions/tail-f.html (https://www.cisco.com/c/en/us/services/acquisitions/tail-f.html?utm_source=thinkingelixir&utm_medium=shownotes) - https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act (https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.nist.gov/ (https://www.nist.gov/?utm_source=thinkingelixir&utm_medium=shownotes) - https://en.wikipedia.org/wiki/XZUtilsbackdoor (https://en.wikipedia.org/wiki/XZ_Utils_backdoor?utm_source=thinkingelixir&utm_medium=shownotes) - https://en.wikipedia.org/wiki/Log4j (https://en.wikipedia.org/wiki/Log4j?utm_source=thinkingelixir&utm_medium=shownotes) - https://en.wikipedia.org/wiki/Heartbleed (https://en.wikipedia.org/wiki/Heartbleed?utm_source=thinkingelixir&utm_medium=shownotes) - https://en.wikipedia.org/wiki/2024CrowdStrikeincident (https://en.wikipedia.org/wiki/2024_CrowdStrike_incident?utm_source=thinkingelixir&utm_medium=shownotes) - https://news.stanford.edu/stories/2024/06/stanfords-deborah-sivas-on-scotus-loper-decision-overturning-chevrons-40-years-of-precedent-and-its-impact-on-environmental-law (https://news.stanford.edu/stories/2024/06/stanfords-deborah-sivas-on-scotus-loper-decision-overturning-chevrons-40-years-of-precedent-and-its-impact-on-environmental-law?utm_source=thinkingelixir&utm_medium=shownotes) - https://openssf.org/ (https://openssf.org/?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.fcc.gov/broadbandlabels (https://www.fcc.gov/broadbandlabels?utm_source=thinkingelixir&utm_medium=shownotes) - https://www.cve.org/ (https://www.cve.org/?utm_source=thinkingelixir&utm_medium=shownotes) - https://erlef.org/wg/security (https://erlef.org/wg/security?utm_source=thinkingelixir&utm_medium=shownotes) Guest Information - https://www.linkedin.com/in/alistair-woodman-51934433 (https://www.linkedin.com/in/alistair-woodman-51934433?utm_source=thinkingelixir&utm_medium=shownotes) – Alistair Woodman on LinkedIn - awoodman@erlef.org - http://erlef.org/ (http://erlef.org/?utm_source=thinkingelixir&utm_medium=shownotes) – Erlang Ecosystem Foundation Website Find us online - Message the show - @ThinkingElixir (https://twitter.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen - @brainlid (https://twitter.com/brainlid) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel - @bernheisel (https://twitter.com/bernheisel) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)

Podcast: We talk IoT – The Internet of Things Business PodcastEpisode: We talk IoT: Securing the Future: Understanding the Cyber Resilience Act - Episode 55Pub date: 2024-09-05We have an exciting and crucial topic: the Cyber Resilience Act. With us are two guests who are experts in their fields: Guillaume Crinon, Director of IoT Business Strategy at Keyfactor, and Romain Tesniere, Business Development Manager at Avnet Silica. Guillaume and Romain bring a wealth of knowledge and experience in IoT security and business strategy, making them the perfect guides to help us navigate this important legislation. The Cyber Resilience Act aims to enhance the security of connected devices, but what does that mean for businesses, developers, and end-users? We'll explore the benefits, challenges, and impacts of this Act and practical steps for ensuring IoT security. #iot #security #cra #wetalkiot   Summary of this week's episode: 01:42 Understanding the Cyber Resilience Act 02:04 Keyfactor's Role in IoT Security 03:37 Avnet Silica's Approach to Security 05:19 Exploring the Cyber Resilience Act 10:42 Challenges and Risk Assessments 19:05 Practical Implementations and Examples 23:15 Collaboration and Future Prospects 24:44 Balancing Innovation and Security   Show notes: Guillaume Crinon: https://www.linkedin.com/in/guillaumecrinon/ Romain Tesniere: https://www.linkedin.com/in/romain-tesniere-26698b80/   About Keyfactor: https://www.keyfactor.com   Deep dive into the Cyber Resilience Act: https://my.avnet.com/silica/solutions/iot/secure-device-management-provisioning/ https://www.keyfactor.com/resources/content/eight-steps-to-iot-security?lx=6IfNm7 https://www.brighttalk.com/webcast/17778/604186   About Avnet Silica: This podcast is brought to you by Avnet Silica—the Engineers of Evolution. You can connect with us on LinkedIn: https://www.linkedin.com/company/silica-an-avnet-company/. Or find us at www.avnet-silica.com.The podcast and artwork embedded on this page are from Avnet Silica, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Irish businesses continue to face challenges in complying with the General Data Protection Regulation (GDPR) six years on from its introduction, according to new research. The findings were presented by Forvis Mazars and McCann FitzGerald LLP in their latest joint survey, "GDPR and Digital Legislation: A Survey of the Impact and Effect on Organisations in Ireland". The research, which was conducted by Ipsos B&A, found that just 15% of businesses consider their organisation to be 'fully compliant' with the legislation, which is billed as the toughest privacy and security law in the world. A further 58% of respondents indicated their organisation was 'materially compliant', and 25% said their organisation was 'somewhat compliant'. In order to achieve their compliance targets, half of the businesses surveyed believe they need more resourcing, financial investments or further expertise in this space. The research also found that 82% of respondents believe the risks associated with GDPR non-compliance are increasing, with respondents citing 'reputational risk' as the most important factor in determining an organisation's data protection risk appetite, followed by 'fear of fines'. Eight in 10 (81%) of the businesses surveyed say they intend to improve their compliance status. This is the eighth edition of the Forvis Mazars and McCann FitzGerald LLP annual survey on the impact of GDPR on organisations in Ireland. As well as examining the latest perceptions among Irish businesses regarding GDPR compliance, the report also assesses awareness and readiness for a wave of new legislative developments from the European Union in response to rapid technological changes. Findings show that 60% of those surveyed are concerned about the impact of new digital legislation on their organisation, which includes DORA (the Digital Operational Resilience Act), the AI Act, the Data Act, the Data Governance Act, the Digital Services Act, the Online Safety and Media Regulation Act, the Digital Markets Act, the Network and Information Security Directive 2 (NIS2) and the Cyber Resilience Act. There is also a high degree of uncertainty regarding the new legislation with many respondents being unsure of their applicability to their business, which suggests further education and awareness is required within organisations. Key Findings: 82% of respondents agree that the risks associated with GDPR non-compliance are increasing, up from 70% in last year's survey. 81% of respondents intend on improving their compliance status. 59% of respondents are concerned about the prospect of being fined for GDPR non-compliance, compared to 58% in last year's survey. 47% of respondents agree that working to comply with GDPR has delivered many benefits for their organisation, up from 34% last year. Over half of the respondents (52%) say that the CEO of their organisation is strongly engaged in GDPR compliance and data privacy, compared to 50% in 2023. Six out of 10 respondents are concerned about upcoming digital legislation. 63% of respondents indicated that the AI Act will apply to their organisation. Liam McKenna, Partner in Consulting Services at Forvis Mazars, said: "This survey underscores the essential need for organisations to remain up to date with both current and forthcoming regulations in the digital space. Irish businesses must diligently maintain their compliance initiatives, particularly amid the significant financial and reputational risks at stake. "Although GDPR regulations were implemented in 2018, that only 15% of Irish companies are fully compliant is a concern for Irish business, particularly in light of further digital legislation coming down the tracks including the Digital Operational Resilience Act (DORA), AI Act, Data Act, and Digital Services Act, among others. Irish companies therefore need to urgently focus on GDPR adherence, while actively gearing up for new legislative requirements." Paul Lavery, Partner at McCann FitzGerald LLP, added: "The...

Our new episode of the Wolf Theiss Soundshot Podcast is the sixth one in our "Digital Law" series.In this episode, Roland Marko and Lisa Bernsteiner discuss the EU's new cybersecurity framework and examine the latest legal acts designed to enhance protection against the increasing number and sophistication of cyberattacks across EU countries. This includes the NIS2 Directive, which establishes a stricter framework with comprehensive compliance and reporting obligations for a much broader range of companies, including those within the supply chain.Our experts also discuss the Critical Entities Resilience (CER) Directive, aimed at ensuring the maintenance of vital societal functions and economic activities, the Digital Operational Resilience Act (DORA), which focuses on managing ICT risks in the financial services sector, the Cyber Resilience Act and other EU acts containing cybersecurity provisions, such as the Machinery Regulation, the Data Act and the AI Act.Tune in to learn more about the EU's approach to tackling cyber threats, how it may impact your organisation, and how to start preparing for these new comprehensive compliance requirements. Listen to the new podcast episode on our website, Spotify, Apple Podcasts, Google Podcasts or Amazon Music under “Wolf Theiss Soundshot”.If you have any questions, please do not hesitate to contact us at soundshot@wolftheiss.com.

In this episode, we talk to Steve Orrin, Chief Technology Officer and Senior PE at Intel Federal, about his unique journey from biology to cybersecurity leadership. We discuss the main challenges faced by federal bodies in the cybersecurity landscape and how they differ across industries like Aerospace, Education, and Healthcare.Steve shares valuable insights on product cybersecurity, emphasizing the growing interest from governments worldwide, as seen in regulations like the FDA Premarket Guidance and the Cyber Resilience Act. He offers advice to vendors, suppliers, and users on navigating this evolving regulatory landscape.

Philipp Schulte, CEO of Giesecke+Devrient Mobile Security, pioneers connectivity and IoT innovation. His corporate strategy expertise, coupled with CFO experience, drives his passion for innovation. With a background in management consulting and academia, he brings a strategic vision to the forefront. On The Menu: 1. IoT provides secure technology for critical infrastructures, ensuring reliable data transmission and security benefits. 2. Investments in transportation, logistics, and tracking solutions optimizing supply chains, and enhancing environmental control. 3. Efficiency and waste reduction, such as eliminating plastic SIM cards, lead to CO2 footprint advantages. 4. Reducing complexity and ensuring interoperability is crucial for IoT's full growth potential. 5. Importance of balancing regulatory changes like the AI Act and Cyber Resilience Act to foster a healthy IoT ecosystem. 6. Security is built into all layers, including chips, operating systems, encryption technology, and data management. Click here for a free trial: https://bit.ly/495qC9U Follow us on social media to hear from us more - Facebook- https://bit.ly/3ZYLiew Instagram- https://bit.ly/3Usdrtf Linkedin- https://bit.ly/43pdmdU Twitter- https://bit.ly/43qPvKX Pinterest- https://bit.ly/3KOOa9u Happy creating! #PhilippSchulte #G+D #MarketerOfTheMonth #IoT #Innovation #Outgrow #Podcastoftheday #MarketingPodcast #Marketing

In this episode of The IoT Podcast, we continue the IoT security conversation with Shahram Mossayebi - Founder & CEO at Crypto Quantique, who breaks down the implications of the recently passed EU's Cyber Resilience Act for manufacturers and businesses and why traditional security approaches just won't cut it. We dive into why security isn't just an expense—it's an investment in the ongoing battle against cyber threats and the changing mindset to this. We also lens in on how even the most seemingly harmless devices like a fish tank thermometer can become a cybercriminals gateway and how quantum resistant cryptography can offer future-proof solutions for unbreakable encryption. Chapters... 00:00 Introduction and Background 03:03 The Importance of IoT Security 08:11 Crypto Quantique's Approach to IoT Security 14:00 The EU Cyber Resilience Act 27:20 IoT Security Regulations 28:01 Challenges of Selling IoT Security 29:08 Accountability for IoT Security 30:22 Paradigm Shift in Security Consciousness 31:19 Enforcement of IoT Security Regulations 32:26 Quantum Security and CryptoQuantique 33:47 Advantages and Integration of Quantum Security 36:36 Post-Quantum Cryptography 38:13 Quantum Randomness and Root of Trust 43:17 Working with the Open Source Community 48:54 Challenges in Recruitment 52:06 Gadget You Can't Live Without 53:29 Passion for Problem Solving And much more! Thank you to our season sponsor 5V Tech. Discover how 5V Tech can help you unlock your scaling potential in cutting-edge tech and IoT, here: https://www.weare5vtech.com/ ABOUT THE GUEST Shahram Mossayebi, Founder and CEO of Crypto Quantique, is dedicated to revolutionising IoT security. With a background in physics and cryptography, combined with years in cybersecurity, Shahram founded Crypto Quantique to offer a holistic, user-friendly solution. Their groundbreaking approach integrates physics advancements into low-cost devices and intuitive software, ensuring robust security for IoT applications. Connect with Shahram: https://www.linkedin.com/in/mossayebi/ ABOUT CRYPTO QUANTIQUE Crypto Quantique pioneers transformative solutions in IoT security. Committed to revolutioniSing the landscape of cybersecurity, Crypto Quantique combines cutting-edge advancements in physics and cryptography with intuitive software to deliver robust, scalable security solutions for the Internet of Things (IoT) ecosystem. By integrating groundbreaking physics innovations into cost-effective devices and user-friendly software, Crypto Quantique ensures comprehensive protection across diverse IoT applications, from connected cars to high-end consumer goods. Find out more about Crypto Quantique:https://www.cryptoquantique.com/ SUBSCRIBE TO THE IOT PODCAST ON YOUR FAVOURITE LISTENING PLATFORM: https://linktr.ee/theiotpodcast Sign Up for exclusive email updates: https://theiotpodcast.com/get-exclusive-access/ Contact us to become a guest/partner: https://theiotpodcast.com/contact/ Connect with host Tom White: / tom5values

Guest Ciarán O'Riordan Panelist Richard Littauer | Leslie Hawthorne Show Notes In this episode, host Richard Littauer and co-host Leslie Hawthorne engage with Ciarán O'Riordan, Senior Policy Advisor from Open Forum Europe (OFE), diving into the intricacies of the Cyber Resiliency Act (CRA) and its implications for the Free and Open Source Software (FOSS) community. Ciarán shares his journey from software development to policy advocacy, emphasizing the critical role of policy work in shaping the future of open source. He provides an in-depth analysis of the CRA, highlighting concerns about its initial draft, the involvement of the FOSS community in shaping its final form, and the potential challenges and opportunities it presents. The discussion also touches on other significant legislative developments in Europe, such as the Product Liability Directive and the AI Act, and their potential effects on open source software. Press download now to hear more! [00:01:25] Ciarán explains how he became a Senior Policy Advisor, his passion for policy work, tracing his journey from a software developer in Dublin to his 20-year career in Brussels focusing on policy advocacy, including his recent position at OFE. [00:06:08] Leslie asks Ciarán for a summary of the Cyber Resilience Act (CRA) and its specific implications for the free and open source software ecosystem. Ciarán contrasts the initial and final versions of the CR, detailing the changes made, the lightened obligations for free and open source software, and the ongoing compliance challenges for commercial distributions. [00:11:02] Leslie inquires how software foundation's responsible for producing commercialized software are impacted by the Cyber Resilience Act. Ciarán explains that the final version of the Act introduces a new category called “Open Source Stewards” for entities like software foundations, which have a reduced set of obligations without fines. He also mentions the timeline for the CRA, stating in will come into force around summertime 2027, after being officially signed. [00:16:09] Richard asks about the CRA's impact on individual non-European developers, like himself, who have repositories on platforms like GitHub or GitLab. Ciarán responds that the specifics of how the CRA will affect such developers will become clear once the standards are developed. [00:17:55] Ciarán clarifies the role of software foundations is to provide services or procedures for compliance, which may vary across different foundations. [00:19:36] Richard wonders who benefits from this Act, and Ciarán discusses the justification for the CRA, which is cost-based, comparing the cybersecurity costs with compliance costs. [00:21:31] Leslie asks about the process of creating standards for CRA compliance and how average FOSS developers can influence these standards and questions the best ways for FOSS developers to get involved in influencing the outcomes beneficial to the FOSS ecosystem. Ciarán notes that working on standards and policy is complex and compares it to contributing to software development on short notice. [00:26:07] Ciarán discusses OFE's multi-layered structure and the FOSS community list, which serves as a base for information sharing and connection. [00:27:24] Richard questions the impact CRA on individual developers with numerous dependencies in their projects. Ciarán reassures that there is no immediate cause for panic as the CRA will not come into force until summer 2027 and many details will be clarified in the coming years. [00:28:39] Leslie shifts the discussion the Product Liability Directive (PLD) and its relevance to the FOSS ecosystem and Ciarán goes in depth about it. [00:33:36] Find out where you can learn more about Ciarán and OFE on the web. Quotes [00:04:58] “We'd love to have better cyber security, especially if it just falls from the sky.” [00:22:31] “Working on standards and policy in general is about as complex as working on software development.” [00:24:00] “In terms of getting involved, two important things: First is getting in contact with other people, and the second is the need to do some work on your own initiative without having been brought into some of these groups.” Spotlight [00:35:35] Leslie's spotlight is the Open Source in The European Legislative Landscape devroom. [00:35:59] Richard's spotlight is the book, “Better Living Through Birding.” [00:36:42] Ciarán's spotlight is two books: “Thy Neighbour's Wife” and “The Life Show.” Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) Open Collective-SustainOSS (Contribute) (https://opencollective.com/sustainoss) Richard Littauer Socials (https://www.burntfen.com/2023-05-30/socials) Leslie Hawthorne LinkedIn (https://www.linkedin.com/in/lesliehawthorn/?originalSubdomain=de) Ciarán O'Riordan LinkedIn (https://www.linkedin.com/in/ciaranor/?originalSubdomain=be) Ciarán O'Riordan- Presentation of the Cyber Resilience Act (YouTube) (https://www.youtube.com/watch?v=DuQ-QBNezLg) OpenForum Europe (https://openforumeurope.org/) OpenForum Europe Events (https://openforumeurope.org/events/) OpenForum Europe Open Source (https://openforumeurope.org/open-source/) Open Source Policy Community List (https://groups.google.com/a/openforumeurope.org/g/foss-community) Sustain Podcast-Episode 125: Astor Nummelin Carlberg of OFE on the Economic Impact of Open Source (https://podcast.sustainoss.org/guests/carlberg) Product Liability Directive 1985 (https://en.wikipedia.org/wiki/Product_Liability_Directive_1985) Open Source In The European Legislative Landscape devroom (https://fosdem.org/2024/schedule/track/eu-policy/) Better Living Through Birding: Notes From A Black Man In The Natural World by Christian Cooper (https://www.penguinrandomhouse.com/books/671722/better-living-through-birding-by-christian-cooper/) [Thy Neighbour's Wife by Liam O'Flaherty](https://en.wikipedia.org/wiki/ThyNeighbour%27sWife) The Life Show by Chi Li (https://www.amazon.sg/Life-Show-Chi-Li/dp/7559421903) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Ciarán O'Riordan.

Welcome to IoT Coffee Talk #198 where we have a chat about all things IoT over a cup of coffee or two with some of the industry's leading business minds, thought leaders and technologists in a totally unscripted, organic format. Thanks for joining us. Sit back with a cup of Joe and enjoy the morning banter.This week, Bill, Pete, Rob, Andreea, Jan, Tom, Marc, Dimitri, and Leonard reporting from MWC 2024 jump on Web3 to talk about:* BAD KARAOKE: Leonard's hack job version of Chick Corea's "Spain"* Welcome to Mobile World Congress 2024 in Barcelona from the Ciena booth at Fira!* Marc's IoT Stars update! * How to grow your YouTube channel! Social media rubbernecking* IoT Stars is dead! Next year, Gen AI Stars! Be ready for it!* Meeting Ray Ozzie and hanging with Alistair Fulton and Blues* NTN - an extraterrestrial hype?* 5G is dead and should be resurrected,... FAST!* Private 5G networks - dead or alive?* AI, the savior once again? Or is it?* Bill's DistribuTech update - Electrification!* Are events back? Maybe 2024 will be a better year?* Jan's Industry 4.0 update on LoRaWAN* Security First is tragically a bad business model* Congrats ROB!!! Congrats Nick! Rob is going to be a grandpa,... eventually!* Cyber Resilience Act in the EU - Marc goes political and geopolitical! Answer, VPN!!It's a great episode. Grab an extraordinarily expensive latte at your local coffee shop and check out the whole thing. You will get all you need to survive another week in the world of IoT and greater tech!Thanks for listening to us! Watch episodes at http://iotcoffeetalk.com/. Your hosts include Leonard Lee, Stephanie Atkinson, Marc Pous, David Vasquez, Rob Tiffany, Bill Pugh, Rick Bullotta and special guests. We support Elevate Our Kids to bridge the digital divide by bringing K-12 computing devices and connectivity to support kids' education in under-resourced communities. Please donate.

In a recent conversation at the Open Source Summit in Bilbao, Spain, Gabriel Colombo, the General Manager of the Linux Foundation Europe and the Executive Director of the Fintech Open Source Foundation, discussed the potential impact of the Cyber Resilience Act (CRA) on the open source community. The conversation shed light on the challenges and opportunities that the CRA presents to open source and how individuals and organizations can respond.The conversation began by addressing the Cyber Resilience Act and its significance. Gabriel Colombo explained that while the Act is being touted as a measure to bolster cybersecurity and national security, it could have unintended consequences for the open source ecosystem, particularly in Europe. The Act, currently in the legislative process, aims to address cybersecurity concerns but could inadvertently hinder open source development and collaboration.Jim Zemlin, the Executive Director of the Linux Foundation, had previously mentioned the importance of forks in open source development, emphasizing that they are a healthy aspect of the ecosystem. However, Colombo pointed out that the CRA could create a sense of unease, as it might deter people and companies from participating in open source projects or using open source software due to potential legal liabilities.To grasp the implications of the CRA, Colombo explained some of the key provisions. The initial drafts of the Act proposed potential liability for individual developers, open source foundations, and package managers. This raised concerns about the open source supply chain's potential vulnerability and the distribution of liability.As the Act evolves, the liability landscape has shifted somewhat. Individual developers may not be held liable unless they consistently receive donations from commercial companies. However, for open source foundations, especially those accepting recurring donations from commercial entities, there remains a concern about potential liabilities and the need to conform to the CRA's requirements.Colombo emphasized that this issue isn't limited to Europe. It could impact the entire global open source ecosystem and affect the ability of European developers and small to medium-sized businesses to participate effectively.The conversation highlighted the challenges open source communities face when engaging with policymakers. Open source is not structured like traditional corporations or industry consortiums, making it more challenging to present a unified front. Additionally, the legislative process can be slow and complex, which may not align with the rapid pace of technology development.The lack of proactive engagement from the European Commission and the absence of open source communities in the initial consultations on the Act are concerning. The understanding of open source, its nuances, and the role it plays in the broader software supply chain appears limited within policy-making circles.What Can Be Done?Gabriel Colombo stressed the importance of awareness and education. It is vital for individuals, businesses, and open source foundations to understand the implications of the CRA. The Linux Foundation and other organizations have launched campaigns to provide information and resources to help stakeholders comprehend the Act's potential impact.Being vocal and advocating for open source within your network, organization, and through public affairs channels can also make a difference. Engagement with policymakers, especially as the Act progresses through the legislative process, is crucial. Colombo encouraged businesses to emphasize the significance of open source in their operations and supply chains, making policymakers aware of how the CRA might affect their activities.In the face of the Cyber Resilience Act, the open source community must unite and actively engage with policymakers. It's essential to educate and raise awareness about the potential impact of the Act and advocate for a balanced approach that strengthens cybersecurity without stifling open source innovation.The Act's development is ongoing, and there is time for stakeholders to make their voices heard. With a united effort, the open source community can help shape the legislation to ensure that open source remains vibrant and resilient in the face of evolving cybersecurity challenges.Learn more from The New Stack about open source and Linux Foundation Europe:At Open Source Summit: Introducing Linux Foundation EuropeMaking Europe's 'Romantic' Open Source World More PracticalEmbracing Open Source for Greater Business Impact

Picture of the Week. R.I.P. Kevin Mitnick. Apple says: "Thanks, but we'd rather leave." Web Environment Integrity. Web Analytics under the spotlight. More progress on the IoT security front. The "Expeditionary cyber force". Ransomware payouts being made much less often. MOVEit Update. TikTok + Passkeys. Closing the Loop. SpinRite. Satellite Insecurity, Part 2. Show Notes: https://www.grc.com/sn/SN-932-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT bitwarden.com/twit

Picture of the Week. R.I.P. Kevin Mitnick. Apple says: "Thanks, but we'd rather leave." Web Environment Integrity. Web Analytics under the spotlight. More progress on the IoT security front. The "Expeditionary cyber force". Ransomware payouts being made much less often. MOVEit Update. TikTok + Passkeys. Closing the Loop. SpinRite. Satellite Insecurity, Part 2. Show Notes: https://www.grc.com/sn/SN-932-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT bitwarden.com/twit

Picture of the Week. R.I.P. Kevin Mitnick. Apple says: "Thanks, but we'd rather leave." Web Environment Integrity. Web Analytics under the spotlight. More progress on the IoT security front. The "Expeditionary cyber force". Ransomware payouts being made much less often. MOVEit Update. TikTok + Passkeys. Closing the Loop. SpinRite. Satellite Insecurity, Part 2. Show Notes: https://www.grc.com/sn/SN-932-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT bitwarden.com/twit

Picture of the Week. R.I.P. Kevin Mitnick. Apple says: "Thanks, but we'd rather leave." Web Environment Integrity. Web Analytics under the spotlight. More progress on the IoT security front. The "Expeditionary cyber force". Ransomware payouts being made much less often. MOVEit Update. TikTok + Passkeys. Closing the Loop. SpinRite. Satellite Insecurity, Part 2. Show Notes: https://www.grc.com/sn/SN-932-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: drata.com/twit GO.ACILEARNING.COM/TWIT bitwarden.com/twit

In this episode, Jon will be sharing about the cyber resilience act. The CRA is something that the European Union is working towards that requires companies to meet essential cybersecurity requirements before they can be sold on the European market and places obligations on manufacturers to maintain their security throughout the product lifecycle. The impact on open source software (such as Disciple Tools) is still to be determined but could be large. To watch this video, go here: https://youtu.be/SrAHLYo8SnM

Doc Searls and Simon Phipps talk with Greg Kroah-Hartman, the veteran top-level Linux kernel maintainer, about the human side of how kernel development works, how AI is still just pattern matching, and how life is about updating everything you can. Hosts: Doc Searls and Simon Phipps Guest: Greg Kroah-Hartman Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: fastmail.com/twit

Doc Searls and Simon Phipps talk with Greg Kroah-Hartman, the veteran top-level Linux kernel maintainer, about the human side of how kernel development works, how AI is still just pattern matching, and how life is about updating everything you can. Hosts: Doc Searls and Simon Phipps Guest: Greg Kroah-Hartman Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: fastmail.com/twit

This week in the Security News, Aaran Leyland joins remotely to dish out the latest news: Cyber Resilience Act contains a poison pill, a powerful backdoor, Malicious Actors and Jason Wood - Valued Co-Host OR Malicious Actor? All that and more on this episode of SWN!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn298 

What we like about Fedora 38, why the Rust foundation is in hot water, and more.

"What's going on with forming the Cyber Resilience Act in Europe has the potential to do enormous harm to the open source movement and to the future prosperity of the entire human race," says Milinkovich of the Eclipse Foundation, this week's guest on FLOSS Weekly. The Cyber Resilience Act (CRA) is an important topic to discuss in open source. Doc Searls and Jonathan Bennett speak with Milinkovich about this important matter. Hosts: Doc Searls and Jonathan Bennett Guest: Mike Milinkovich Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

"What's going on with forming the Cyber Resilience Act in Europe has the potential to do enormous harm to the open source movement and to the future prosperity of the entire human race," says Milinkovich of the Eclipse Foundation, this week's guest on FLOSS Weekly. The Cyber Resilience Act (CRA) is an important topic to discuss in open source. Doc Searls and Jonathan Bennett speak with Milinkovich about this important matter. Hosts: Doc Searls and Jonathan Bennett Guest: Mike Milinkovich Download or subscribe to this show at https://twit.tv/shows/floss-weekly Think your open source project should be on FLOSS Weekly? Email floss@twit.tv. Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

Watch on YouTube About the show Sponsored by InfluxDB from Influxdata. Connect with the hosts Michael: @mkennedy@fosstodon.org Brian: @brianokken@fosstodon.org Show: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Brian #1: huak - A Python package manager written in Rust. Inspired by Cargo Suggested by Owen Tons of workflows activate - activate a virtual environment add add a dependency to a project pip install it into your virtual environment, and add it to the dependency list in pyproject.toml test - run pytest update update dependencies lint - run ruff, installing it first if necessary fix - autofix fixable lint conflicts build - build wheel in isolated virtual environment using hatchling Honestly I was considering building my own workflow tool, but this is darned close to what I want. Even though it's still “in an experimental state”. There are rough edges (ruff edges, get it), but still, way cool. I just don't know how to pronounce it. Is it like “walk”, or more like “whack”? Michael #2: PSF expresses concerns about a proposed EU law that may make it impossible to continue providing Python and PyPI to the European public After reviewing the proposed Cyber Resilience Act and Product Liability Act, the PSF has found issues that put the mission of our organization and the health of the open-source software community at risk. As currently written, the authors of open-source components might bear legal and financial responsibility for the way their components are applied in someone else's commercial product. The risk of huge potential costs would make it impossible in practice for us to continue to provide Python and PyPI to the European public. Brian #3: ChaosToolkit Suggested by the maintainer, Sylvain Hellegouarch Declare and store your Chaos Engineering experiments as JSON/YAML files so you can collaborate and orchestrate them as any other piece of code. Extensible through an Open API Can be automated in CI/CD pipeline Michael #4: PEP 711 – PyBI: a standard format for distributing Python Binaries “Like wheels, but instead of a pre-built python package, it's a pre-built python interpreter” Joke: It's the effort that counts