⏰ The EU #CyberResilienceAct is coming, and for manufacturers, the clock is already ticking⏰

In the latest episode of the #FirstImpressionsPodcast, Mars Cheng of TXOne Networks explains what organizations need to know about one of the most significant cybersecurity regulations to emerge in recent years.

From 24-hour vulnerability reporting requirements to secure-by-design expectations and product certification obligations, the #CRA introduces sweeping requirements for organizations that want to sell digital products in the European market.

If you're involved in #productsecurity, #vulnerabilitymanagement, compliance, or cybersecurity leadership, this conversation is for you!

🎧 Listen now to preview of Mars' upcoming #FIRSTCON26 presentation: https://media.first.org/podcasts/FIRST_Impressions-mars2026.mp3

At AppSec Village, we're proud to have Finite State on board as a Silver Sponsor this year 💀💙

If connected device security is your world — they're worth knowing!

⬇️
https://buff.ly/I99VSjM

#AppSec #IoT #ProductSecurity

Unnecessary complexity makes products hard to maintain and hard to secure. Modern apps such as Cloudflare's EmDash and Tailscale show that designing for simplicity produces stronger security as a side effect.

https://zeltser.com/modern-design-security

#infosec #cybersecurity #securebydesign #productsecurity

Every component a product ships becomes something customers must configure, patch, and defend. WordPress illustrates this, with 90-96% of its security issues originating in plugins because its architecture gives every plugin unrestricted access to the entire system. Self-hosted databases need replication, backups, and version upgrades, while container platforms need network policies, image scanning, and cluster maintenance. Each added component expands both operational load and attack surface.

Modern architectures are changing what products require customers to run:

* Cloudflare's EmDash reimagines WordPress as a serverless CMS with no PHP runtime, no customer-managed database, and sandboxed extensions that must declare specific capabilities such as "read:content."
* WireGuard's implementation fits in roughly 4,000 lines of kernel code, small enough for one person to audit.
* Tailscale builds on WireGuard so devices connect without customers running servers, opening ports, or rotating certificates.

The security improvements came from eliminating components rather than layering new controls on top.

For builders, that shifts the question from "what controls should we add?" to "what can we simplify?" A platform service can replace a customer-managed database, a capability declaration can replace unrestricted plugin access, and a safe default can replace an opt-in checkbox. Each removal shrinks both what customers must maintain and what attackers can target.

For my full article, see:
https://zeltser.com/modern-design-security

#infosec #cybersecurity #securebydesign #productsecurity

🔐 eBook Alert: The Unique Challenges of Securing #ConnectedDevices

Whether you're building smart medical devices, industrial control systems, or next-gen consumer tech, this guide is packed with actionable insights 👉 https://hubs.ly/Q03rhxvJ0

#IoTSecurity #ProductSecurity

The year 2025 is slowly coming to an end.

End of years can be joyful and relaxing, exciting and wholesome, full of reflection and gaining energy for the new year. This time can also be lonely and sad, incredibly stressful and terribly difficult to navigate, with folks barely making it through.

Let's be mindful and considerate - and help each other to move the needle. Now and in 2026. 💜

#osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity [lisi]

You're curious how the past editions of #osco turned out? We've got you covered! 🙌🏻

🎉 This was #osco25! Check out our recap: https://2025.opensecurityconference.org/conference/recapitulation/
💜 Gain impressions from all conferences: https://opensecurityconference.org/about/past-conferences/
✅ Save the dates for #osco26 on November 5-8, 2026! 😉

#CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]