Home // CLOUD COMPUTING 2024, The Fifteenth International Conference on Cloud Computing, GRIDs, and Virtualization // View article

Automated Vulnerability Scanner for the Cyber Resilience Act

Authors:
Sandro Falter
Gerald Brukh
Max Wess
Sebastian Fischer

Keywords: cra; cyber resilience act; vulnerability scanner; reporting; iot; cloud

Abstract:
This paper explores the mitigation of the compliance burdens faced by manufacturers of digital products under the Cyber Resilience Act. After providing a concise overview of the Cyber Resilience Act and pinpointing pivotal areas where tool-based interventions could reduce the regulatory strain on manufacturers, we introduce two prototypes: a digital checklist for product classification and a prototype to streamline the analysis and monitoring of the security state of software along the software development life cycle. As the second prototype is based on Static Application Software Testing and Software Component Analysis, we validate the approach through benchmark tests. While Static Application Software Testing tools show promise in identifying vulnerabilities, additional tests are needed for full compliance with the Cyber Resilience Act. In general, the prototypes serve as an entry point for identifying possible automation potential to alleviate the compliance burdens of manufacturers.

Pages: 13 to 18

Copyright: Copyright (c) IARIA, 2024

Publication date: April 14, 2024

Published in: conference

ISSN: 2308-4294

ISBN: 978-1-68558-156-5

Location: Venice, Italy

Dates: from April 14, 2024 to April 18, 2024