How vulnerability handling shifted from awkward surprises to standardized processes? Over the last decade, vulnerability handling for certified ICT products evolved from a “do not... Read More

Developing a good methodology that makes Common Criteria Certification faster and fit for Future is one thing. Gaining initial practical experience with it is quite... Read More

Common Criteria is not the problem: in many respects, it is already stricter than the likely CRA baseline. The real challenge is turning that rigor... Read More

The newly enacted Cyber Resilience Act (CRA) legislation is set to impose a range of new requirements and responsibilities across the digital market. These obligations... Read More

The Technical Domain Software focus on attack methods, attack potential and minimum tooling in the domain of software evaluation. One of the presenters’ goals as... Read More

This talk explores the pivotal role of ISO/IEC 17065 – the international standard for bodies certifying products, processes, and services – as the bedrock of... Read More

As AI-integrated systems seek security certification, conventional evaluation methods struggle with the non-deterministic nature of LLMs. This talk introduces a rigorous, evidence-based pipeline for verifying... Read More

Secure development environments have traditionally been assessed against MSSR measures. However, as development environments shift toward cloud infrastructure, MSSR appears limited in its ability to... Read More

The presenters have developed an automated test tool for NDcPP and Package PP TLS conformance evaluation, covering Security Functional Requirements across both TLS 1.2 and... Read More

Minimum Site Security Requirements (MSSR v2) impose strict isolation constraints on critical and critical+ assets, effectively prohibiting the use of external networks, cloud platforms, and... Read More