Compliance
How to Generate a Firmware SBOM: Tools and Workflows
Generate a firmware SBOM using Yocto, Buildroot, EMBA, or Syft. Step-by-step workflows for CRA compliance before the September 2026 ENISA reporting deadline.
Cyber Resilience Act Blog
Analysis and practical guidance on the EU Cyber Resilience Act. Regulation explainers, SBOM tooling, vulnerability workflows, and ENISA reporting, written for manufacturers, importers, and distributors.
Compliance
Are Smart Cameras Important Products Under the CRA?
Smart security cameras are classified as Important Products (Class I) under CRA Annex III. What this means for manufacturers, importers and distributors.
Compliance
Cybersecurity Act 2: what CRA manufacturers should watch
CSA2 is still a proposal. COM(2026) 11 final would reshape cybersecurity certification, ICT supply chains and ENISA powers.
Compliance
CRA Supplier Due Diligence: Questionnaire & Red Flags
Operational CRA supplier diligence: ready-to-use questionnaire, FOSS / cloud / hardware playbooks, red flags, escalation flow, contract clauses.
Compliance
Multi-Role CRA: Manufacturer, Importer, Distributor
CRA playbook for companies that manufacture, import and distribute: role mapping, obligation stacking, vulnerability routing, penalties and conflict points.
Compliance
Generate an SBOM for CRA: Tools, Formats, CI/CD
A hands-on guide to generating Software Bills of Materials for CRA compliance. Covers open-source tools, format selection, and automated pipeline integration.
Stay in the loop
Get notified when we publish new articles about CRA compliance and product security.