The Product Security Fix: Q2-2024

The Product Security Fix: Q2-2024

Medical, Automotive, and Critical Infrastructure Teams, This Newsletter Is Dedicated to You.

As Q2 came to an end, everyone had the same thing on their mind– compliance. 

Right now, the automotive sector is revving up for R155’s CSMS initiation, medical device manufacturers are closely watching recently published Ultra Sound vulnerabilities and critical infrastructure product security teams are taking on CRA in Europe.

That’s why we’re dedicating this issue to all the product security teams who are maturing their processes and keeping us safe. Below, we focused on standards, regulations, compliance, and scaling these once-burdensome requirements. 

🤘 Dive in, read on, and keep protecting those mission-critical devices we rely on.

Have something you’d like to see? Let us know

Below is some of what you need to know:

  • Product Security Maturity
  • The King’s Product Security minimums
  • Centralizing certifications


What’s abuzz product security?

The Product Security Maturity Report

With a wave of new standards and regulations coming into force, maturing product security activities remains a top priority. Our latest report provides a practical guide for assessing and improving product security maturity.

Download now >

Green Light for Secure Cars: Cybelum Achieves TISAX Certification

TISAX certification, established by the German Association of the Automotive Industry (VDA) in 2017, is essential for working with the full automotive ecosystem and builds upon the existing ISO27001 standards. See what this certificate means for the automotive ecosystem.

Read now >


Using Maturity Models to Speed Up Cybersecurity Compliance and Minimize Risk

To boost medical product security teams’ readiness and resilience, we partnered with H-ISAC’s Navigator program to discuss streamlining compliance at scale. Watch to learn how to assess your organization’s maturity and reduce risk.

Watch now >


Compliance corner

Stay on top of standards and regulations


UNECE WP.29 FAQ

Does your confusion increase as you go deeper into R155? We compiled the most frequently asked questions to explain how they impact product security teams throughout the ecosystem.

Read now >


Is the EUCC all it’s cracked up to be?

The European Cybersecurity Certification Scheme on Common Criteria represents a pivotal standardization of cybersecurity certifications across the EU. To understand what product security teams need to know about meeting the new criteria.

Read now >


FYI, you should know about PSTI

PSTI is a UK regulatory framework that enhances the security of internet-connected devices. The PSTI sets minimum security standards to protect devices against cyber threats and vulnerabilities.

Read more >


Meeting the FDA’s KPIs?

The FDA outlines defect density, patch velocity, and patch-to-production metrics in its premarket authorization cybersecurity guidelines. Read to learn how to identify and measure these KPIs to remain compliant.

Read now >


What’s the connection between NIS2 and Cybersecurity?

The EU's NIS2 directive raises the bar for security across critical infrastructure and its supporting systems. This includes stricter rules for both how companies report cyber incidents and the steps they take to manage security risks.

Read more >


The Product Security Podcast

What the experts are saying

Catching up with the leaders shaping tomorrow’s product security.

Dmitri Shifrin: Cybersecurity & AI at NVIDIA

We sat down with the System Security Architecture Manager at NVIDIA, to discuss the convergence of Automotive cybersecurity and AI, as well as NVIDIA’s Morpheus Cybersecurity Framework.

Listen here >


Steve Orrin: Leading Cybersecurity at Intel Corporation and Beyond

In this episode, we talk to Steve Orrin, Chief Technology Officer and Senior PE at Intel Federal, about his unique journey from biology to cybersecurity leadership. We discuss the main challenges faced by federal bodies in the cybersecurity landscape and how they differ across industries like Aerospace, Education, and Healthcare.

Listen here >


Chaitanya Mattur Srinivasamurthy: Leading Cybersecurity at ICU Medical

We sat down with the Sr Director of Cyber Security & Medical Device Connectivity Engineering at ICU Medical to discuss medical device cybersecurity, FDA, and balancing innovation and security.

Listen here >


Paul Schmeltzer: FDA Regulations, AI and Legal Risk

We chatted with the partner at Clark Hill Law about AI, FDA regulations, and cybersecurity legal risks based on his years of experience learning the legal aspects of healthcare and industrial cybersecurity.

Listen here >


Mariana Padilla: Leading The HACKERverse®

We sat down with the Co-founder and CEO of HACKERverse (Recently known as KIKrr) to discuss entrepreneurship, product security, and the power of networking.

Listen here >


Maria Palombini, MBA: All About Standards

We sat down with the Global Practice Leader, Healthcare & Life Sciences, at the IEEE Standards Association | IEEE SA to discuss cybersecurity standards, regulations, and building a career in cybersecurity.

Listen now >


The Cybellum Academy

Put the Pro in Product Security

If you’re a customer or partner looking to mature your product security capabilities with the Product Security Platform, then the class is in session. New courses in the Cybellum Academy include:

  • Managing Quality SBOMs with SBOM Merge: Learn how to merge SBOMs to bolster SBOM quality and strengthen product security activity foundations.
  • Enhancing Product Security Assurance with Fuzz Tests: Fuzz testing is critical, but how can that information improve decision-making? Learn in this session.
  • Product Compliance Manager: Review The Product Security Platform’s FDA Premarket Guidance & Custom Frameworks
  • Threat Modeling: We’ve partnered with itemis to provide comprehensive TARA and Threat Modeling to secure the full product lifecycle. We’ll show you how to implement this framework for your product.

See other classes in the Academy at academy.cybellum.com


Talk to us

A lot has changed in the last few months regarding standards, regulations, and ecosystem-wide product security cooperation. Reply to this email or book a demo to better understand how we can help you automate and comply with whatever requirements lay ahead.


To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics