CRA Decoded: OTA Updates, Secure Boot & Vulnerability Handling

🟣 CRA in Practice: Technical Requirements for Secure Products — from OTA Updates to Vulnerability Handling The Cyber Resilience Act (CRA) is coming. But what does it actually mean for your product development? Not legal theory — but the technical controls that Annex I actually requires from you. From secure update mechanisms and integrity protection to a full vulnerability handling lifecycle. In this webinar, we walk through the requirements one by one — and show how state-of-the-art solutions implement them in practice. What to expect: 🔹 OTA updates on the device: Why security updates are mandatory under Annex I, Part I — and how A/B update mechanisms for Linux and MCUs meet requirements for integrity, availability, and minimal attack surface. 🔹 OTA updates at scale: Secure distribution under Annex I, Part II — including continuous vulnerability monitoring via SBOM, cryptographic signing, and timely remediation across the entire fleet. 🔹 Additional technical requirements from Annex I, Part I: Verified Boot, read-only root filesystem, LUKS2 encryption, mTLS-based access control, kernel hardening, logging — concise and practical. 🔹 Vulnerability handling lifecycle: How SPDX SBOMs are generated at build time, versioned with VEX/VDR, and support the full lifecycle in line with Annex I, Part II. 🔹 Outlook: What regulation already requires today, where harmonized standards stand — and what this means for manufacturers starting now. Who should attend? Product owners, embedded developers, DevSecOps teams, CISOs, and compliance professionals — especially from manufacturers of connected devices, IoT products, and industrial systems. Speakers: 💠 Maximilian Köhl, Dr.-Ing. — Founder & CEO, Silitics GmbH PhD in Computer Science, Embedded Linux expert, creator of Rugix (open-source OTA updates) and Nexigon (fleet management). Rust developer with deep expertise in secure system architectures. 💠 Valeri Milke — CEO & Founder, VamiSec GmbH ISO 27001 & ISO 42001 Lead Auditor, NIS2 & DORA expert, BSI IT-Grundschutz practitioner. Brings the regulatory and compliance perspective. 📍 LinkedIn Live & YouTube Live ▶️ www.youtube.com/@VamiSec Join live — questions are welcome! #CRA #CyberResilienceAct #IoTSecurity #EmbeddedSecurity #OTAUpdates #SBOM #DevSecOps #VamiSec #Cybersecurity #ProductSecurity #Compliance