The Cyber Resilience Act (CRA)!
Adam Shostack
JULY 17, 2025
The CRA is coming and it's going to be a dramatic change for technology producers The Cyber Resilience Act is going to change how people build software, because it imposes requirements that technology makers will need to meet to get the CE mark in late 2026, and getting the CE mark is roughly required to sell in Europe. The CRA requires many things, including SBOMs, secure defaults, updatability and updates through the life of the project, and also.threat modeling.
Let's personalize your content