CRA Explained: What the Cyber Resilience Act Means for Device Manufacturers
The CRA (Cyber Resilience Act) is set to reshape how software-enabled products are built, secured, and supported across the EU market. If your team is shipping connected devices especially in embedded systems, industrial controls, or long-lifecycle hardware, this episode is essential listening. Viktor Petersson is joined by Sarah Fluchs, CTO and OT cybersecurity expert, who also serves on the CRA expert advisory group. With deep experience in security-by-design, risk assessments, and product compliance, Sarah shares what engineering and product teams actually need to know beyond the legal text. They explore how the CRA affects firmware, lifecycle management, secure updates, and what it means for teams managing SBOMs, open source dependencies, and legacy systems under new security expectations. Highlights: *What CRA compliance means for connected product teams *How to plan for 5+ years of vulnerability support *OTA updates vs. certification in critical infrastructure *SBOM generation and storage for embedded devices *Managing supply chain risk across software and hardware *Why patching isn't one-size-fits-all in regulated systems *How the CRA pressures open source and vendor accountability *Tips for teams building secure-by-design workflows Timestamps: 00:00 – Intro 01:30 – Sarah’s path into cybersecurity and CRA advisory 03:00 – What OT really means (and why IT folks misunderstand it) 06:00 – Secure-by-design in industrial systems 10:00 – Why patching in OT doesn’t follow IT rules 13:00 – CRA requirements: lifecycle, updates, conformity 20:00 – Getting started: finding blockers early 26:00 – OTA vs. certification: a balancing act 30:00 – SBOMs in embedded systems: tooling, storage, and sharing 42:00 – Risk assessments that actually help 50:00 – Open source and vendor responsibility under CRA 57:00 – Vulnerability triage and the real challenge of CVEs 1:04:00 – Final advice

FFmpeg: The Incredible Technology Behind Video on the Internet | Lex Fridman Podcast #496

Rethinking Container Security: Why Isolation Was Never Built In with Alex Zenla

India Economy OK…But Danger Ahead? 5-State Polls में NDA 2-0 Lead? • Sriram Seshadri

Santo Rosário | Sexta-feira | 04:00 | 03/07/2026 | Live Ao vivo

Real-Time WebSockets Course | Build a Live Sports Dashboard with Node.js & PostgreSQL

Let the Managers Manage with Conor Shaw and Emily Kane from Bizimply

LIVE: Meidas Host TESTIFIES Before CONGRESS

How to Speak Clearly & With Confidence | Matt Abrahams

Post-Quantum Cryptography: The Trust Crisis Coming for Every System with David Pollak

DIRECTO | Powell se somete al Congreso: ¿dará más pistas de la bajada de tipos?

Ми вже у Третій світовій? Передумови розпаду росії та Мюнхен-Аляска. Мараєв @IstoriyaBezMifiv

Jeff Dean & Noam Shazeer — 25 years at Google: from PageRank to AGI

Curso de Desarrollo con Inteligencia Artificial 2026: De cero a producción

God Says:"THIS IS AN URGENT MESSAGE FOR YOU TODAY."/God Message Now/God Message
100-year history of US meddling, coups and wars in the Middle East | Roy Casagranda | UNAPOLOGETIC

CRA-AI Webinar #4 - "The Cyber Resilience Act for Developers & Product Managers"

Learn RAG From Scratch – Python AI Tutorial from a LangChain Engineer

The Ceasefire War | feat. Lt. Col. (Ret.) Conricus, Behnam Ben Taleblu, and RADM (Ret.) Montgomery
![[12시에 만나요] 외국인 언제 돌아오나 반도체 다음 주도주는?🤔ㅣ강은호 전 방위산업청장ㅣ2026년 4월 24일 금요일](https://i.ytimg.com/vi/Nl4iqwomcPc/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLDVp5JUUXl2m1kPyowYmQLkknKevg)
[12시에 만나요] 외국인 언제 돌아오나 반도체 다음 주도주는?🤔ㅣ강은호 전 방위산업청장ㅣ2026년 4월 24일 금요일

