Preparing for EU CRA: An overview of the concurrences and discrepancies between the prEN 40000 series and OWASP SAMM
Lara Brito
Abstract
A review of the Cyber Resilience Act, as well as of the more recent Commission Guidelines on the CRA, confirms that all companies involved in the supply chain for “products with digital elements” will need to dedicate time and expertise to ensure compliance with the Act. Organizations are not, however, starting from scratch, as established frameworks like OWASP SAMM are valuable tools for achieving CRA-readiness. This talk will examine the concurrences and discrepancies between the horizontal standards developed in connection with the CRA (notably the prEN 40000 series) and OWASP SAMM from a Cybersecurity Law perspective.
Speaker bio
Lara is a legal counsel working closely with Digital Governance and Technology Law. She holds a LLB degree in Global Law and a LLM degree (Cum Laude) in Law and Technology from Tilburg University. Her recent research focused, through the lenses of legal research, on the applicability and limitations of OWASP SAMM in the context of CRA compliance.