Skip to main content

25 docs tagged with "secure-by-design"

View all tags

CRA Readiness Gap Analysis

A practical CRA readiness checklist for connected-product teams assessing scope, secure-by-design controls, vulnerability handling, technical documentation, evidence gaps, and next actions.

Cryptography under the CRA

Practical guidance for connected-product teams assessing cryptographic algorithms, protocols, keys, firmware integrity, data protection, crypto agility, and CRA evidence.

Glossary of Terms

This glossary defines key terms, acronyms, and concepts used throughout the Secure-by-Design Handbook.

Real-World Vulnerability Lessons

A practical hub for secure-by-design case studies, routing real product vulnerabilities by failure pattern, control area, evidence lesson, and product-team check.

Secure-by-Design Maturity Model

A practical secure-by-design maturity model for connected-product teams assessing CRA readiness, product-security practices, evidence quality, vulnerability handling, secure updates, and lifecycle support.

Threat Modeling

Threat modeling is the structured process for understanding how a connected product could be attacked, what risks matter most, which mitigations are needed, and what evidence supports those decisions.

Types of Embedded Device

A practical guide to classifying embedded device architectures and understanding how MCUs, embedded Linux systems, and hybrid designs affect secure-by-design controls, CRA readiness, and evidence.

Unique Device Identity

A unique device identity is the product design that lets a device prove it is genuine, distinguishable from other devices, and entitled to access the services, updates, commands, data, and support paths assigned to it.

What is Secure-by-Design?

Secure-by-design means making security part of product architecture, defaults, development, update, vulnerability handling, and lifecycle evidence. It is not a final test before release, a feature added by the security team, or a burden passed to the customer.