Insights

By Miltiadis Siavvas,  Information Technologies Institute (ITI) of the Centre for Research and Technology-Hellas (CERTH) The increasing reliance of our everyday lives on software-intensive systems, renders their security an aspect of utmost importance. Hence, there is a strong need for advanced mechanisms for enabling the early identification and elimination of…

By Miltiadis Siavvas,  Information Technologies Institute (ITI) of the Centre for Research and Technology-Hellas (CERTH) CrowdStrike disruption is an infamous incident that led to a global IT outage in July 2024, which is known to be one of the worst IT disruptions in history, described by analysts as “the largest…

Dinesh Sharma, asvin GmbH The Importance of  the CRA The EU’s Cyber Resilience Act (CRA) sets strict cybersecurity requirements for all connected products, including IoT devices. For manufacturers, CRA compliance is essential to ensure secure, trustworthy, and market-ready products. From 2027 onward, only devices meeting these standards will be allowed…

By Sara Nieves Matheu Garcia, University of Murcia, Department of Communications and Information Engineering Cybersecurity documentation is often scattered across reports, spreadsheets, and ad hoc formats, making it difficult to exchange, validate, or automate. The Open Security Controls Assessment Language (OSCAL), developed by NIST, addresses this challenge by providing a…

By Karsten Isakovic, Ramon Barakat, Sascha Hackel, and Martin Schneider, Fraunhofer FOKUS The Component Tester developed in DOSS is capable of testing not only software that runs on traditional operating systems, but also software designed for IoT and embedded devices. Such software typically operates as self-contained firmware, commonly referred to…

By Anna Marton, Safepay Systems As the EU tightens cybersecurity rules for digital products, an important deadline is approaching for manufacturers of connected devices. The RED Delegated Act (RED-DA) targets wireless equipment with specific cybersecurity requirements starting in August 2025, and from 2027 onward, the Cyber Resilience Act (CRA) will…

By Roland Atoui, Red Alert Labs Earlier this month, I had the opportunity to participate in the second meeting of the European Commission’s CRA Expert Group - an experience that not only reaffirmed the magnitude of what lies ahead but also offered a clearer glimpse into the evolving regulatory fabric…

Within the DOSS IoT Supply Trust Chain (STC) Concept, we apply a digital twin framework, called the Digital Cybersecurity Twin (DCT). The DCT enables us to perform the automated vulnerability scanning and penetration testing of an IoT system in a virtualized environment, on a digital twin. This way, we can…

By Miltiadis Siavvas,  Information Technologies Institute (ITI) of the Centre for Research and Technology-Hellas (CERTH) In this insight post, we present the approach CERTH proposes for enabling the automation of the identification and extraction of security requirements from security standards with Large Language Models (LLMs). Compliance with international security standards…

By Anna Marton, Safepay Systems With the rapid proliferation of IoT technologies, security concerns have increased due to the opaque nature of supply chains. Operators often lack comprehensive knowledge about the security status of their devices. The DOSS framework addresses this gap by providing a system that facilitates transparency, reliability,…