Key Takeaways An SBOM is required, but not enough. FDA 524B requires proof of active software risk control, including vulnerability analysis, remediation decisions, and postmarket monitoring. Exploitability analysis is the differentiator. The FDA doesn’t expect...
Key Takeaways Cyberattacks on medical devices are rising despite stronger procurement requirements. 80% of affected organizations reported moderate or significant impact on patient care. Legacy devices are the gap that procurement cannot close. More than a quarter of...
Modern vehicles are built on layers of software that few teams fully control and even fewer can fully see. Between supplier-delivered components, open source dependencies, and long product lifecycles, gaining a clear, reliable view of what’s actually in a vehicle—and...
Open source software is deeply woven into modern embedded development. From compilers and build systems to networking stacks and device libraries, it enables teams to move faster and innovate more efficiently. But speed introduces tradeoffs. The same open source...
URGENT/11 vulnerabilities allow attackers to take control of embedded devices remotely without any user interaction and often without triggering traditional security defenses. Discovered in 2019, these eleven flaws in the IPnet TCP/IP stack affect millions of devices...