Blog
The Finite State Blog

Practical insights and articles from our SMEs to help product security teams cut triage noise, fix what matters faster, and deliver audit-ready proof to customers and regulators.

442 results

A dark automotive ECU control module with a glowing teal wireframe twin hovering above it, mostly aligned with the physical device below, illustrating the gap between a supplier's claimed component list and what's actually inside..
Compliance

Trust but Verify: A Practical Guide to Supplier SBOM Validation

Supplier SBOMs are often incomplete. Here's why manufacturers verify them against the actual binaries, and how that holds up under CRA, FDA, ISO 21434...

Doc McConnell
Doc McConnellJULY 13, 2026
Overhead view of a dense array of dark, unlit connected devices—PLCs, gateways, cameras, routers—linked by cables, with one device in the center glowing bright orange while every other device stays dim, representing a single reachable vulnerability flagged among many.
Compliance

EPSS and CRA Triage: What to Do When a Vulnerability Lands

Under the CRA, vulnerability triage is a risk-based, documented decision. See how EPSS and reachability show which CVEs warrant action and which can w...

Doc McConnell
Doc McConnellJULY 8, 2026
X-ray 3/4 view of a connected vehicle, the dark car body shown in shadow while its internal electronics — infotainment unit, telematics module, OBD-II dongle, and dashcam — glow orange and are revealed by scan line passing through the car.
Compliance & RegulationsCompliance

Cyber Resilience Act for Automotive Suppliers: The Car Is Exempt, but What's Inside Isn't

Most suppliers hear "automotive is exempt" and move on. The CRA carves out the finished vehicle, but a meaningful share of what they sell still falls ...

Doc McConnell
Doc McConnellJUNE 24, 2026
A lineup of connected devices — an industrial PLC, a network router, and a smart home IoT hub — on a dark reflective surface, each overlaid with a teal X-ray scan revealing the circuit boards inside, illustrating continuous security scanning for CRA compliance.
Compliance & Regulations

CRA Compliance Is Not a Checkbox. It's a Continuous Program.

Manufacturers tend to prepare for the EU Cyber Resilience Act (CRA) the way they'd prepare for an exam, something you study for, pass, and put behind ...

Doc McConnell
Doc McConnellJUNE 17, 2026
Large warehouse full of outdated IoT devices. Caption reads "Supported doesn't mean finished."
Compliance

CRA Flips the Timeline: Why Retroactive Vulnerability Management Is the Real Challenge

Most CRA prep focuses on new products. The harder obligation reaches back across everything you have already shipped—and the September 11, 2026, deadl...

Doc McConnell
Doc McConnellJUNE 10, 2026
PLC Device being scanned to reveal inner components and software.
Product Security

Pre-Ship vs. Runtime Security: Building the Full Stack

Why the industry's fixation on the active monitor keeps missing the structural foundation.

Sharon Hagi
Sharon HagiJUNE 3, 2026
Illustration of an hourglass labeled “Article 14” with golden sand flowing downward beside a transparent digital map of Europe. Glowing network connections and security icons overlay the map against a dark background with faint EU stars, symbolizing a regulatory compliance deadline.
Compliance

CRA Vulnerability Reporting: September 2026 is Around the Corner

Starting September 11, 2026, manufacturers must notify ENISA within 24 hours of an actively exploited vulnerability. Most don't have the four operatio...

Doc McConnell
Doc McConnellMAY 28, 2026
Understanding The EU CRA's SBOM & Technical Documentation Requirements
SBOM ManagementCompliance & Regulations

Understanding The EU CRA's SBOM & Technical Documentation Requirements

Ensure compliance with the EU Cyber Resilience Act. Learn how IoT manufacturers can streamline SBOM creation, updates, and documentation with expert t...

Doc McConnell
Doc McConnell MAY 21, 2026
The Parallel Rail, Finite State's Model for Continuous Connected Device Security by Sharon Hagi, Chief Security Officer
Product Security

What Is the Parallel Rail? Finite State's Model for Continuous Connected Device Security

AI is becoming physical—and traditional checkpoint security models can’t keep up. The Parallel Rail embeds continuous product security and compliance ...

Sharon Hagi
Sharon HagiMAY 21, 2026
Router being scanned
Product Security

The FCC's Waiver Extension for Routers Is the Right Call for Cybersecurity

Why patch status matters more than where it’s assembled—and what device makers should take from the policy reversal.

Doc McConnell
Doc McConnellMAY 19, 2026
Conformity Assessments: Understanding the EU Cyber Resilience Act Requirements
Compliance & Regulations

Conformity Assessments: Understanding the EU Cyber Resilience Act Requirements

Learn about the EU Cyber Resilience Act's conformity assessments. Discover how IoT manufacturers can ensure compliance based on product risk categorie...

Doc McConnell
Doc McConnell MAY 12, 2026
The Best SBOM Generation Tools Compared (& How to Pick the Right One)
SBOM Management

The 4 Best SBOM Generation Tools Compared (Updated for 2026)

Discover how SBOMs enhance software supply chain security, explore top SBOM generators, and find the right tool for your organization's needs.

Finite State Team
Finite State TeamMAY 10, 2026
Finite StateFinite State

Finite State is the Product Security Automation Platform that functions as an autonomous Product Security OS: design → verify → prove, grounded in what you ship.

Platform

Platform Overview
Ground Truth Inventory
Exploitability-Based Prioritization
Design-Time Architecture Security
Automated Evidence-Backed Compliance

Solutions

Device Manufacturers
Automotive
Medical Devices
Energy & Utilities
Government
Industrial

Resources

Blog
Resource Library
Webinars & Videos
Events
Documentation

Company

About Us
CareersHIRING
Press & News
Contact Sales
Media Inquiries
X

© 2026 Finite State. All rights reserved.

Privacy PolicyTerms of UseCustomer Terms and Conditions
Finite StateFinite State
Finite StateFinite State
Get a DemoGet a Demo