Informal history of network protocol security: from Garden of Eden to Zero Trust
Informal history of network protocol security: from Garden of Eden to Zero Trust.
Burden of cybersecurity regulation
IoT cybersecurity regulations are essential for protecting users and infrastructure, but they can also create significant barriers to entry for companies in the IoT industry. Here's a breakdown of the key challenges
Summer of Things - Test of Things summer Internships 2025
Summer of Things
At Test of Things, we are building the future platform for securing the Internet of Things. We are looking for two interns for the summer 2025. Trainers would work in the R&D team on tasks like security assessment of IoT devices, development of security testing tools, participation in evaluation projects, and working with our open-source platform Toolsaf (https://github.com/testofthings/toolsaf).
Decoding Cybersecurity: EN 18031 vs. the EU Cyber Resilience Act
The world of connected devices is booming, and the critical need for robust cybersecurity comes with it. Two key players in this arena are EN 18031 (Radio Equipment Directive (RED)) and the EU Cyber Resilience Act (CRA). While both aim to improve the security of our digital lives, they approach the challenge from different angles. Let's break down the key differences and explore how they relate.
Security statements for machine-readable cybersecurity posture
Security statement is a machine readable description of system’s security characteristics, like network nodes (devices, gateways, applications and servers), network interfaces (ports and services), connections between the network nodes and services, web interfaces, authentication methods, SBOMs data encryption at rest (and in transit) and so on.
Once those have been defined, one can test and verify it.
IoT cybersecurity requirements: Same but different
There are numerous security requirement specifications across various industries and regions (US, EU, UK, SGP for example). Vendors need to comply with many of them simultaneously to maximise their market potential.
But how much do the security standards differ from each other?
EU Cyber Resilience Act (CRA): Vulnerability handling requirements
Tackling vulnerabilities is at the top of the CRA’s priority list. Device manufacturers and developers will need to offer customers support for the expected product lifetime or five years, whichever is shorter. During that period manufacturers are obliged to address and correct security flaws promptly.
EU Cyber Resilience Act (CRA): Essential Cybersecurity Requirements
In this post, we focus on EU Cyber Resilience Act’s essential security requirements.
The European Union (EU) Cyber Resilience Act (CRA) Decomposed: SCOPE
The Cyber Resilience Act (CRA) is a groundbreaking piece of legislation designed to enhance the cybersecurity of digital products and services made available in the EU. The CRA will enter into force on December 10th, 2024
Ecosystem of security tools at your service
Open source tools can be used in IoT security assessment to verify the attack surface, security controls, and other security-related features.
Cyber Security Nordic 2024: Key Takeaways
Key Takeaways from Cyber Security Nordic 2024 conference
Tool-Driven Security Assessment (TDSA)
Tool-Driven Security Assessment (TDSA) and provides some hard science on its applicability for IoT security
Do not just patch vulnerabilities - use the defender's advantage
Do not just patch vulnerabilities - use the defender's advantage
Cyber Resilience Act obligations for IoT manufacturers, importers, and distributors
Cyber Resilience Act obligations for IoT manufacturers, importers, and distributors
