Why Mixing CRA Criticality Levels with Internal Risk Classifications Is a Bad Idea
The EU Cyber Resilience Act and internal security risk levels answer different questions. Keep them separate and apply them together when needed.
Application Security
Application security best practices, from threat modeling to implementing security programs and avoiding common pitfalls.
2025
2024
Threat Modeling with Rapid Risk Assessment - a low-effort and concise approach
A practical guide to implementing threat modeling with Rapid Risk Assessment in your organization, including challenges, tailoring approaches, and example processes.