Why Mixing CRA Criticality Levels with Internal Risk Classifications Is a Bad Idea
The EU Cyber Resilience Act and internal security risk levels answer different questions. Keep them separate and apply them together when needed.
AppSec
2025
2024
Threat Modeling with Rapid Risk Assessment - a low-effort and concise approach
A practical guide to implementing threat modeling with Rapid Risk Assessment in your organization, including challenges, tailoring approaches, and example processes.