CODIFIC

Not all products fall under #CRA in the same way. The regulation divides products with digital elements into 4️⃣ categories - and the one your product falls into determines how you prove compliance. 🔵 Default - ~90% of products fall here. 🔵 Important Class I - password managers, VPNs, network tools. Requires third-party certification or harmonised standards. 🔵 Important Class II - firewalls, intrusion detection, operating systems. Mandatory third-party conformity assessment. 🔵 Critical - highest risk tier. Requires European cybersecurity certification. Get the classification wrong and you may end up following the wrong compliance process entirely. Not sure where your product sits? The free CRA scope checker walks you through it in a few questions. 👇 🔗 https://lnkd.in/emxAVtT7 

Most software #SMEs think they are doing enough on security. The #data says otherwise. Dr. Koen Gilissen and Savannah E. from PXL University of Applied Sciences spent months measuring the cybersecurity maturity of Flemish software companies; many of whom build products used by millions of people every day. What they found was a consistent pattern. Strong operational management. Almost no proactive security. And a growing gap that CRA and NIS2 are about to make very costly to ignore. Dag Flachet sat down with them to dig into the research, the reality on the ground, and where SMEs should actually start. Listen below👇 🎧 Spotify: https://lnkd.in/ef-m7m-e  ▶️ YouTube: https://lnkd.in/esBaiQBf

Does the Cyber Resilience Act - #CRA apply to you? CRA covers products with #digital elements - but scope depends on what you build, how you distribute it, and what category your product falls under. The answer isn't always obvious. To make that easier to figure out, we built a free CRA scope assessment directly in #SAMMY. A few questions, and you get a clear answer on whether CRA applies to your product and which category you fall under. If you're trying to understand where your product stands, it's a good place to start. 👇 🔗 https://lnkd.in/emxAVtT7 

The episode is live. 🎙️ SMEs represent #99% of Flanders' industrial landscape and hold between 50–#60% of the software market. The products they build end up in the hands of millions of daily users and large-scale corporate infrastructures. Yet new research from PXL University of Applied Sciences shows that most of them have a critical blind spot. Education and guidance scored 0.02 against a target baseline of 1.0. Dag Flachet sat down with Koen Gilissen and Savannah E. to unpack what's behind those numbers, why it happens, and what SMEs can realistically do about it. Watch below: 👇 🎧 Spotify: https://lnkd.in/ef-m7m-e  ▶️ YouTube: https://lnkd.in/esBaiQBf 

CRA. NIS2. Two EU regulations that keep coming up together - but they're not the same thing. We've been getting a lot of questions about how these two frameworks relate to each other, so we put together a short breakdown. If you're navigating both, this one's worth a slide through. 👇 (Full comparison at complycra.eu — link in comments)

Belgian SMEs build products used by #millions. But a new study suggests most of them have a critical blind spot when it comes to software security. Researchers from PXL University of Applied Sciences recently mapped the cybersecurity maturity of #Flemish software companies using OWASP SAMM - and the findings are worth paying attention to. A few things stood out: ➡️ Operations scores were relatively strong; teams are good at managing what's already live ➡️ Proactive measures like threat modelling and developer education were close to zero... ➡️ And with #CRA and #NIS2 tightening supply chain requirements, that gap has real business consequences Dag Flachet sat down with Koen Gilissen and Savannah E. to dig into what they found, why it happens, and what SMEs can actually do about it. Full interview dropping next week. 👀

OWASP® Foundation Global AppSec EU is coming to #Vienna this June - and Aram H. and Dimitar Raichev will be speaking there. 📢 800+ security professionals, hands-on training, and some of the sharpest minds in AppSec — all in one place, June 22–26 at the Austria Center Vienna. Aram H. is running a full-day training on June 23: "Build your AppSec Program with OWASP SAMM." Whether you are just getting started or trying to move beyond a tool-heavy program that is not delivering results, this session is built for you. Hands-on exercises, real-world scenarios, and a practical look at how SAMM aligns with the EU Cyber Resilience Act (#CRA). Security engineer, Dimitar Raichev, will also be speaking at the conference. His talk details are coming. 👉 Full training lineup: https://lnkd.in/eeX7AziP 

When a customer asks for a framework compatible with #SAMMY, we #build it That is how #ASPICE Cybersecurity made it into SAMMY. 👏 A team building automotive and connected products needed to manage their cybersecurity process maturity alongside the other standards they were already running. 🚗 They needed it in one place, not scattered across spreadsheets and separate tools. So we built it. ASPICE Cybersecurity is now live in SAMMY — covering the cybersecurity scope of ASPICE, built specifically for teams working on automotive and embedded systems. 🚗 Assess your current maturity, plan improvements, and track progress over time, right next to your other frameworks. The product gets better when customers push us. If your team is working with a framework that isn't in SAMMY yet, we want to hear about it. p.s. We also added PCI DSS for teams handling payment data. 💸 👉 Explore both at sammy.codific.com 

Third party risk is hard to manage when every #supplier is assessed differently. That is why we built Supplier Assessments in #SAMMY. With this feature, teams can: ✔️ create and manage suppliers in one place ✔️ invite suppliers to complete a structured self assessment ✔️ define a target posture based on their security expectations ✔️ review gaps against that target posture Instead of chasing documents and comparing answers manually, you get a more consistent way to assess supplier security maturity. A clearer process, better visibility, and a stronger basis for follow up. 🎯 Want to see it in action? We put together a short demo walkthrough here: https://lnkd.in/etC26327 

Most teams know CRA is coming. Few know where to actually start. Compliance with the Cyber Resilience Act isn't a document you file. It's security built into how you develop software - and that takes structure. We put together a practical guide on how to approach CRA preparation step by step, using OWASP SAMM as a methodology. Slide through if you're figuring out where to begin. 👇 (Full guide linked in comments)