Скачать или смотреть CRA and Cybersecurity: What Engineers and Product Teams Need to Know

The CRA (Cyber Resilience Act) is set to reshape how software-enabled products are built, secured, and supported across the EU market. If your team is shipping connected devices especially in embedded systems, industrial controls, or long-lifecycle hardware, this episode is essential listening.

Viktor Petersson is joined by Sarah Fluchs, CTO and OT cybersecurity expert, who also serves on the CRA expert advisory group. With deep experience in security-by-design, risk assessments, and product compliance, Sarah shares what engineering and product teams actually need to know beyond the legal text.

They explore how the CRA affects firmware, lifecycle management, secure updates, and what it means for teams managing SBOMs, open source dependencies, and legacy systems under new security expectations.

Highlights:
*What CRA compliance means for connected product teams
*How to plan for 5+ years of vulnerability support
*OTA updates vs. certification in critical infrastructure
*SBOM generation and storage for embedded devices
*Managing supply chain risk across software and hardware
*Why patching isn't one-size-fits-all in regulated systems
*How the CRA pressures open source and vendor accountability
*Tips for teams building secure-by-design workflows

Timestamps:
00:00 – Intro
01:30 – Sarah’s path into cybersecurity and CRA advisory
03:00 – What OT really means (and why IT folks misunderstand it)
06:00 – Secure-by-design in industrial systems
10:00 – Why patching in OT doesn’t follow IT rules
13:00 – CRA requirements: lifecycle, updates, conformity
20:00 – Getting started: finding blockers early
26:00 – OTA vs. certification: a balancing act
30:00 – SBOMs in embedded systems: tooling, storage, and sharing
42:00 – Risk assessments that actually help
50:00 – Open source and vendor responsibility under CRA
57:00 – Vulnerability triage and the real challenge of CVEs
1:04:00 – Final advice