security by design

By Ramon Barakat, Roman Kraus and Martin Schneider, Fraunhofer FOKUS Recent incidents have shown how a seemingly small memory access bug can cascade into global disruption . With the EU’s Cyber Resilience Act (CRA) and the new Product Liability Directive, manufacturers of “products with digital elements” must deliver security by design,…

By Gábor Pék, CrySyS Lab, Budapest University of Technology and Economics On November 27, 2025, seven vendors from various industries (e.g., car, networking, software) came together to see how the Digital Cybersecurity Twin (DCT) module of the DOSS project works. The meeting was held at the Budapest University of Technology…

By Miltiadis Siavvas,  Information Technologies Institute (ITI) of the Centre for Research and Technology-Hellas (CERTH) The increasing reliance of our everyday lives on software-intensive systems, renders their security an aspect of utmost importance. Hence, there is a strong need for advanced mechanisms for enabling the early identification and elimination of…

By Miltiadis Siavvas,  Information Technologies Institute (ITI) of the Centre for Research and Technology-Hellas (CERTH) CrowdStrike disruption is an infamous incident that led to a global IT outage in July 2024, which is known to be one of the worst IT disruptions in history, described by analysts as “the largest…

Dinesh Sharma, asvin GmbH The Importance of  the CRA The EU’s Cyber Resilience Act (CRA) sets strict cybersecurity requirements for all connected products, including IoT devices. For manufacturers, CRA compliance is essential to ensure secure, trustworthy, and market-ready products. From 2027 onward, only devices meeting these standards will be allowed…

By Sara Nieves Matheu Garcia, University of Murcia, Department of Communications and Information Engineering Cybersecurity documentation is often scattered across reports, spreadsheets, and ad hoc formats, making it difficult to exchange, validate, or automate. The Open Security Controls Assessment Language (OSCAL), developed by NIST, addresses this challenge by providing a…

By Karsten Isakovic, Ramon Barakat, Sascha Hackel, and Martin Schneider, Fraunhofer FOKUS The Component Tester developed in DOSS is capable of testing not only software that runs on traditional operating systems, but also software designed for IoT and embedded devices. Such software typically operates as self-contained firmware, commonly referred to…

By Anna Marton, Safepay Systems As the EU tightens cybersecurity rules for digital products, an important deadline is approaching for manufacturers of connected devices. The RED Delegated Act (RED-DA) targets wireless equipment with specific cybersecurity requirements starting in August 2025, and from 2027 onward, the Cyber Resilience Act (CRA) will…

By Roland Atoui, Red Alert Labs Earlier this month, I had the opportunity to participate in the second meeting of the European Commission’s CRA Expert Group - an experience that not only reaffirmed the magnitude of what lies ahead but also offered a clearer glimpse into the evolving regulatory fabric…

Within the DOSS IoT Supply Trust Chain (STC) Concept, we apply a digital twin framework, called the Digital Cybersecurity Twin (DCT). The DCT enables us to perform the automated vulnerability scanning and penetration testing of an IoT system in a virtualized environment, on a digital twin. This way, we can…