Free as in Freedom: How OEMs Can Navigate EU Cybersecurity Rules Whilst Using Open Source [VIDEO] скачать в хорошем качестве

Free as in Freedom: How OEMs Can Navigate EU Cybersecurity Rules Whilst Using Open Source [VIDEO]

#CRA #cybersecurity #opensource #FOSS #compliance #IoT #wetalkiot The EU Cybersecurity Resilience Act is keeping OEMs awake at night. How do you use free and open-source software whilst complying with new obligations around vulnerability management, supply chain transparency, and continuous support? In this episode, Pierre Gal (Head of Product) from Witekio and Michael Röder (Senior Manager, Software and Services EMEA) from Avnet Silica tackle the urgent questions facing manufacturers: Who counts as a manufacturer under the CRA? What documentation must you maintain? And how do you manage vulnerabilities in components you didn't create? Pierre explains how Witekio's Embedded Kit provides off-the-shelf solutions based on open-source software like Yocto Linux, helping customers navigate composition, integration, and compliance. Michael shares what he's hearing from customers struggling to interpret regulatory requirements and implement risk-based approaches. From SBOM (Software Bill of Materials) to supply chain attacks, from secure by default to continuous vulnerability management, we explore the practical realities of making compliance work. The conversation cuts through the confusion to deliver actionable advice: understand your responsibilities, think in terms of composition, and don't wait for a magic bullet. Tune in to learn how to leverage the power of open-source software whilst meeting your CRA obligations – because "free as in freedom" doesn't mean free from responsibility. Summary of this week's episode: (04:14) Key Dates and Obligations of the CRA (05:27) Challenges Faced by Manufacturers (10:10) The Role of Open Source in CRA Compliance (19:58) The Concept of Software Bill of Materials (SBOM) (22:14) Real-World Example: Casino Attack Case Study (23:28) Documentation and Configuration Issues (24:04) Cybersecurity Layers and CRA Methodology (24:25) Secure by Default and Advanced Concepts (26:50) Implementation and Standard Processes (29:45) Quality, Testing, and Automation (31:53) Vulnerability Management Methodology (37:18) Critical Mistakes to Avoid with CRA (39:36) Supply Chain Attacks Show notes: Pierre Gal (Witekio):   / pierre-gal   Michael Röder (Avnet Silica):   / roednix   Securing the Future: Understanding the Cyber Resilience Act - We talk IoT #55: https://www.podbean.eu/ew/pb-8kkkd-d4... EU Cybersecurity Resilience Act: https://digital-strategy.ec.europa.eu... National Vulnerability Database (NVD): https://nvd.nist.gov/ OWASP Top 10: https://owasp.org/www-project-top-ten/ Listen to the "We Talk IoT" Soundtrack on: Spotify: https://open.spotify.com/playlist/05M... YouTube:    • Jamiroquai - Cosmic Girl (Official Video)   About Avnet Silica: This podcast is brought to you by Avnet Silica—the Engineers of Evolution. Subscribe to our newsletters here: https://my.avnet.com/silica/resources... You can connect with us on LinkedIn:   / silica-an-avnet-company  . Or find us at www.avnet-silica.com.