Resource Center

US 2023 National Cybersecurity Strategy Takeaways

This report analyzes the new US cybersecurity strategy through a product security lens

Intro to Medical Device Standards & Regulations

a rundown of FDA, NIST, IEC, IMDRF, and other med device security regulations

What the Omnibus Bill Means for Medical Device Manufacturers

Learn what the FDA’s focus on SBOMS means for medical device manufacturers.

6½ Steps to Supercharge Product Security

Adopt a new approach to stay on top of security and compliance from design to post-production

How the FDA & the Omnibus Bill Will Reshape Product Security

Dive in to learn what tomorrow’s Pre & Post Market medical device cybersecurity regulations will be.

Supercharging Product Security in 6½ Steps

How can device manufacturers proactively secure products, throughout their lifecycle?

Building a PSIRT from the Ground Up

Learn how to build PSIRT, that intelligently anticipates cyber risks and ensures resilience.

Making Sense of SBOMs and VEX for Healthcare and its Supply Chain

Learn how to share critical vulnerability data with formats like VEX, relevant use cases, and challenges.

Securing Connected Devices in the Field

Learn how automation and deep visibility allow PSIRT to manage security incidents post-production and reduce the risk of regulatory violations, liability claims, and brand equity erosion.

Software Licensing Management for Connected Devices

Learn how to manage and control licensing risks at scale, while minimizing manual efforts.

Supermicro Case Study

Supermicro wanted a list of open-source and third-party licenses along with vulnerabilities, directly from the final firmware for a compliant SBOM.   A global technology leader committed to delivering innovation for Enterprise, Cloud, AI, and 5G Telco/Edge IT Infrastructure, Supermicro provides a broad range of application-optimized server solutions serving a variety of markets, including cloud […]

Left to Our Own Devices

The podcast dedicated to everything product security, where we interview thought leaders, engineers, and policymakers

State of Automotive Cybersecurity 2022

A deep dive into automotive software security and compliance risks and trends.

Insights from our 2022 Automotive Security Research

Takeaways from a deep analysis of hundreds of software components in today’s vehicles.  

SBOM for Connected Devices: Getting it Right

Everything product security managers need to know about SBOMs.

How to Automate your CSMS for WP.29 Compliance

Meet new regulatory requirements, improve security, and optimize production speed.

Automating Vulnerability Management for Connected Devices

Learn how automation and deep visibility into the device make-up allow you to control security risks from the component level up to the entire device, at scale, taking your vulnerability management program to the next level.

A Lifecycle Approach to Vehicle Cybersecurity

Learn how automotive OEMs and suppliers can ensure cybersecurity challenges like supply chain shortages and the upcoming WP.29 regulations don’t put innovation and accelerated development at risk.

The State of Medical Device Cybersecurity 2022

We asked security experts from hundreds of medical device manufacturers about their main challenges and how they plan to address them in 2022.

Cyber BOM and SBOM Management

Learn how to create identical digital replicas of products and devices — cyber digital twins —  even when they contain closed code components.

How to Automate Your CSMS For WP.29 R155 Compliance

Learn how to stay on top of cybersecurity and regulatory challenges by automating your CSMS processes.

Medical Device Cybersecurity: 2022 Trends and Predictions

Get the insights you need about what others in the MDM industry are doing to stay ahead of emerging threats and regulations.

Automotive Cybersecurity Risks

Our CEO Slava Bronfman talked with Steven Bowcut about the current and future cybersecurity threats in the automotive industry, and ways to mitigate them. Tune in to learn how the automotive industry is catching up to security risks.

Cybellum & ASRG Survey: Are Companies Prepared for New Regulations?

Only 6% are fully ready for the upcoming UNECE WP.29 R155 regulation. That’s one of the key findings in our recent survey of OEMs and Tier-1s conducted with the ASRG. The survey sheds light on the current state of vulnerability management practices, covering  issues such as: Time and effort for risk assessment Vulnerability management use […]

Strategy Analytics Report: Keeping Vehicles Safe in the Digital Age

Strategy Analytics interviewed multiple executives at automotive OEM and Tier 1 suppliers to get a sense of the organizational measures that have been taken to confront the growing cybersecurity threat. Key finding include: OEMs face a supply chain cybersecurity challenge unmatched by any other industry Tier-1s claim that OEMs are not ready for WP.29 R155 […]

Medical Device Cybersecurity Regulations, Standards and Best-Practices

A knowledge hub that serves as a home for educational resources on medical cybersecurity regulations, standards and best-practices, intended to help medical device manufacturers and their suppliers navigate the troubled waters of compliance.

What are Cyber Digital Twins for Medical Devices

What are Cyber Digital Twins and how they can be used for cybersecurity analysis?   As medical devices become hyper-connected and software driven, there’s a growing risk that cyber vulnerabilities introduced through accidental errors, lack of secure-coding practices, or insecure open source software, may be exploited by malicious entities. This is where Cyber Digital Twins […]

Guide to a Compliant Medical Device Vulnerability Management Program

This eGuide, based on Cybellum’s extensive work with leading Medical Device manufacturers and their suppliers, outlines the building blocks of an effective vulnerability management program, that keeps your customers secure while complying with all current cybersecurity regulations. Download the free eGuide to learn how to: Assemble a vulnerability management team with the right job functions […]

Integrating Cybersecurity into Medical PLM

In this joint webinar with PTC, we discuss how and why medical device manufacturers should integrate cyber risk management with product planning and production. You will learn how to: Define software security considerations early in the product life cycle Proactively test and fix security or safety threats in pre- and post-production stages Set up the […]

2021 Automotive Software Security: A Report by Cybellum Research Labs

This report provides an in-depth snapshot of the current state of automotive software security. The report is based on extensive analysis of automotive ECU software by the Cybellum Research Lab. Key findings include: Automotive vulnerabilities are not “regular” vulnerabilities Aging software poses operational risk Automotive software is not immune to supply chain vulnerabilities Memory corruption […]

Frost & Sullivan Company of the Year – Vehicle Security & Risk- 2021

Find out why Frost & Sullivan believes Cybellum is favorably positioned to win trust among automakers and its solutions are “more reliable and process‐efficient than competitors”. After rigorous research, analysis and evaluation of multiple nominees, Frost & Sullivan concluded that Cybellum excels in the vehicle security and risk assessment space, in criteria such as: Addressing […]

What are Cyber Digital Twins

What are Cyber Digital Twins and how they can be used for cybersecurity analysis?   As IoT devices become hyper-connected and software driven, there’s a growing risk that cyber vulnerabilities introduced through accidental errors, lack of secure-coding practices, or insecure open source software, may be exploited by malicious entities. This is where Cyber Digital Twins […]

Mapping WP.29 to the ISO/SAE 21434

Mapping WP.29 CSMS Requirements to the ISO/SAE 21434 Standard   Learn how the Cyber Security Management System (CSMS) requirements set in the UNECE WP.29 GRVA regulation map to the process requirements of the ISO/SAE 21434 standard.

A special episode of the Future Car Podcast

Our CEO Slava Bronfman discusses the layers involved in securing a vehicle software, and how to stay one step ahead of hackers.

Integrating CSMS with PLM to Support Upcoming Regulations

Integrating the cybersecurity processes into your product planning and production, to comply with WP.29 and ISO 21434. A joint session by Cybellum and PTC.

Challenges in Real-Life Automotive Firmware Analysis

What techniques and tools could be used for an effective vulnerability management analysis of automotive firmware? 45-min webinar with VP Product Development, Eyal Traitel

Supply Chain Transparency Through Digital Twins

How can OEMs and Tier-1s overcome their complex and practically-invisible software supply chain via Cyber Digital Twins™ technology. 20-min webinar by Michael Engstler, CTO of Cybellum

Accelerate Vehicle Vulnerability Management with Contextual Analysis

In this webinar we demonstrate how a better understanding of the context in which vehicle software components operate accelerates vulnerability management, helping product security teams focus on the risks that matter the most.

Extending Digital Twins into Cybersecurity

As automotive manufacturers continue their pursuit of the software-defined vehicle, they must recognize that cybersecurity approaches, processes, and tooling must evolve. Read what IDC Analyst Matt Arcaro, Research Manager, Digital Automotive and Transportation Strategies has to say about that as he discusses: Opportunities to enhance vehicle cybersecurity visibility and performance. Applying the concept of Digital […]

Regulations, Standards and Best-Practices Knowledge-Base

A knowledge hub that serves as a home for educational resources on cybersecurity regulations, standards and best-practices, intended to help OEMs and their suppliers navigate the troubled waters of compliance.

The Blueprint of a Vulnerability Management Program

For many organizations, having a vulnerability management program comes down to searching for hacker chatter on the dark web and keeping an eye on published CVEs. Yet, in today’s world this is not enough. With threats on the rise, you need a fully scaled vulnerability management operation. This eGuide, based on Cybellum’s extensive work with […]

Preparing for WP.29 – From Home

Learn How to Prepare for the WP.29 Automotive Cybersecurity Regulation – From Home In this 20-minute on-demand webinar, we discuss the current state of automotive cybersecurity and explain how stakeholders can prepare for UNECE WP.29. Presented by Eyal Traitel, VP Strategic Alliances at Cybellum.

Understanding ENISA’s Automotive Cybersecurity Best Practices

A review of the latest ENISA (the European Union Agency for Cybersecurity) report on the importance of cybersecurity for connected cars. Download to get the ENISA guidelines, insights on the challenges the industry is facing today around automotive cybersecurity, and how recent standards suggest handling. This review includes a reference to each category in the […]

READY TO TAKE PRODUCT SECURITY TO THE NEXT LEVEL?

Book a demo