On March 17, 2025, the new Department of Commerce (DoC) rule banning Chinese and Russian software from US vehicles, is entering into effect, and the industry is in a whirlwind! Our PMM Noa Mizrachi sat down with Dave Thomas, to discuss the Securing the Information and Communications Technology and Services Supply Chain: Connected Vehicles rule, […] The post Regulation Spotlight Q&A with Dave Thomas: Securing Connected Vehicles Supply Chain appeared first on C2A Security - The Only Risk-Driven DevSecOps Platform ..read more

The Cyber Resilience Act: What You Need to Know The Cyber Resilience Act (CRA) has shifted the mindset of industrial suppliers and manufacturers who are responsible for securing vast interconnected networks of operational technology (OT) and information technology (IT) systems. Further Reading:Download your complimentary CRA 1-pager (PDF)CRA for MDMs and Healthcare Security Leaders (blog post)Cyber Resilience Act […] The post Pocket Guide: The CRA’s Impact on the Industrial Sector appeared first on C2A Security - The Only Risk-Driven DevSecOps Platform ..read more

The EU Cyber Resilience Act (CRA) officially became law on October 10, 2024, and was enacted on December 10, 2024. It sets a new cybersecurity benchmark for hardware products, connected medical devices, and critical software.  Regulatory Spotlight:Download your complimentary CRA 1-pager (PDF)Cyber Resilience Act and Tariler Bodybuilders (blog post)Navigating UN Regulation No. 155 (blog post) […] The post The Cyber Resilience Act Explained: What MDMs and Healthcare Security Leaders Need to Know appeared first on C2A Security - The Only Risk-Driven DevSecOps Platform ..read more

Attackers prioritize patient data over device control, recognizing its high value. The rush to market often leaves security as an afterthought, increasing vulnerabilities that can be exploited post-production The medical device industry is under relentless attack. While no widespread real-world reports have been confirmed, numerous headlines showcase the growing cybersecurity exposure of medical devices. Medical […] The post Device Diagnosis: How MDMs Can Secure Patient Data Premarket to Postmarket appeared first on C2A Security - The Only Risk-Driven DevSecOps Platform ..read more

We’re excited to welcome Dave Thomas, former Finite State sales leader to our team! With extensive experience across IT, operational technology (OT), and medical cybersecurity, Dave has a unique perspective on what CISOs look for in a security product. In this special Q&A, Dvir Reznik, our VP of Marketing, sat down with Dave to hear […] The post Securing the Future: A Q&A with Cybersecurity Sales Executive Dave Thomas appeared first on C2A Security - The Only Risk-Driven DevSecOps Platform ..read more

DevSecOps has emerged as a crucial practice in the rapidly evolving software development landscape, particularly for security-focused technical teams. Integrating security into every phase of the DevOps pipeline, DevSecOps aims to proactively address vulnerabilities and prevent breaches. This approach offers a structured framework for embedding security controls directly into development and operational workflows, enabling organizations […] The post Navigating Software Security: A Maturity Model for Balancing Development and Business Priorities appeared first on C2A Security - The Only Risk-Dr ..read more

Balancing Supply Chain Security with Time to Market in the Healthcare Industry Medical device manufacturers (MDMs) are under constant pressure to bring products to market quickly while maintaining rigorous supply chain security. This challenge has become even more pressing with the rise of cyber vulnerabilities in medical devices. Recent research has revealed that over 14,000 […] The post Orcanos and C2A Security – Balancing Supply Chain Security with Time to Market in the Healthcare Industry appeared first on C2A Security - The Only Risk-Driven DevSecOps Platform ..read more

As medical technology evolves, so must the safety, efficacy, and compliance standards. ISO 14971, the cornerstone of risk management for medical devices, has been updated to meet the challenges of the current and future complex healthcare landscape. The 2019 edition brings new principles, expanded terminology, and critical updates to align with regulatory frameworks like the […] The post Shaping Risk Management in the Medical Device Industry – A Primer on ISO 14971:2019 appeared first on C2A Security - The Only Risk-Driven DevSecOps Platform ..read more

C2A Security, the only context-driven DevSecOps product security company, has been recognized as a European Top Innovator at the ninth CLEPA Innovation Awards, held in Brussels. The Awards showcase ground-breaking green and digital technology ideas across the automotive supply industry. As the only context-driven product security platform, EVSec allows software developers to focus on new features while automating their components and products' compliance and risk management aspects. The post C2A Security Named CLEPA 2024 Top Innovator for its Industry Leading Product Security Platform appeared ..read more

The automotive industry is at the forefront of innovation, with features like remote keyless entry (RKE) becoming a standard in modern vehicles. A recent research paper exposes significant vulnerabilities in these systems. These findings underscore the critical need to enhance supply chain security through automated DevSecOps tools and context-driven risk management approaches. The post The Hidden Risks in Remote Keyless Entry Systems: A Supply Chain Perspective appeared first on C2A Security - The Only Risk-Driven DevSecOps Platform ..read more