Blog | Finite State

Blog

The Finite State Blog

Practical insights and articles from our SMEs to help product security teams cut triage noise, fix what matters faster, and deliver audit-ready proof to customers and regulators.

32 results

IoT & OT

The Human Element in Embedded Device Security: Insights from a Red Teamer

Embedded device security demands more than scans. Discover how red teaming uncovers real-world vulnerabilities through human ingenuity and adversarial...

Finite State TeamNOVEMBER 19, 2025

Compliance & RegulationsIoT & OT

Regulations Driving IoT Security Forward

From EU CRA to FDA 524B, IoT regulations are reshaping the market. Learn what manufacturers need for compliance—SBOMs, testing, and supply chain visib...

Robert KelleySEPTEMBER 24, 2025

IoT & OT

Cloud Links: The Weakest Chain in IoT Security

Device security is only as strong as its cloud link. Learn how weak authentication, insecure APIs, and poor cert management open the door to large-sca...

Robert KelleySEPTEMBER 23, 2025

Penetration TestingIoT & OT

How Often Should You Pen Test IoT Products?

Learn how often to pen test IoT products based on risk, compliance, and update cadence—plus why full-stack testing is essential for modern connected d...

Robert KelleySEPTEMBER 23, 2025

IoT & OT

The Risk of Connectivity: Every New Feature Expands the Attack Surface

Every new IoT feature adds risk. Learn how connectivity expands the attack surface—and how to secure your devices, data, and ecosystems from threats.

Robert KelleySEPTEMBER 17, 2025

IoT & OT

The Hidden Costs of Neglecting Security Early in IoT Design

Discover why neglecting security early in IoT design leads to costly risks, real-world exploits, and how proactive strategies save time, money, and tr...

Robert KelleySEPTEMBER 16, 2025

IoT & OT

Why IoT Security Is Harder Than IT Security

Discover why securing IoT devices is more complex than IT systems—and what manufacturers can do to reduce risk, ensure compliance, and protect custome...

Robert KelleySEPTEMBER 16, 2025

IoT & OT

From Default Passwords to Default Deny: Implementing Security by Default in IoT

Learn how to implement secure defaults in IoT devices and validate remediation efforts for ongoing protection against vulnerabilities.

Finite State TeamJULY 10, 2025

Vulnerability ManagementIoT & OT+1

Prioritize What’s Exploitable: Reachability Analysis For Connected Devices Has Arrived

Cut CVE noise and focus on what’s exploitable. Learn how Finite State’s Reachability Analysis revolutionizes IoT security and risk prioritization.

Finite State TeamJULY 3, 2025

IoT & OT

Building a Compliance-Ready DevSecOps Pipeline for IoT & Embedded Systems

Build a compliance-ready DevSecOps pipeline for IoT & embedded systems with automated security, SBOMs, and CRA/RED/NIST-aligned tools.

Janet BodenbachJUNE 2, 2025

Software Supply Chain SecurityIoT & OT+1

Finite State vs. Mend.io: Choosing the Right Tool for Product Security and Compliance

Compare Mend.io vs Finite State: See why embedded device manufacturers choose Finite State for firmware SCA, SBOMs, and compliance-ready security.

Finite State TeamMAY 29, 2025

IoT & OTCompliance & Regulations

From Security Debt to Compliance Debt: Why IoT Product Teams Can’t Afford to Wait on the CRA

Discover how the EU CRA is transforming IoT security from technical debt to compliance risk— and what manufacturers must do to get ahead of enforcemen...

Matt WyckhouseMAY 9, 2025