Blog
The Finite State Blog

Practical insights and articles from our SMEs to help product security teams cut triage noise, fix what matters faster, and deliver audit-ready proof to customers and regulators.

24 results

A lineup of connected devices — an industrial PLC, a network router, and a smart home IoT hub — on a dark reflective surface, each overlaid with a teal X-ray scan revealing the circuit boards inside, illustrating continuous security scanning for CRA compliance.
Compliance & Regulations

CRA Compliance Is Not a Checkbox. It's a Continuous Program.

Manufacturers tend to prepare for the EU Cyber Resilience Act (CRA) the way they'd prepare for an exam, something you study for, pass, and put behind ...

Doc McConnell
Doc McConnellJUNE 17, 2026
Understanding The EU CRA's SBOM & Technical Documentation Requirements
SBOM ManagementCompliance & Regulations

Understanding The EU CRA's SBOM & Technical Documentation Requirements

Ensure compliance with the EU Cyber Resilience Act. Learn how IoT manufacturers can streamline SBOM creation, updates, and documentation with expert t...

Doc McConnell
Doc McConnell MAY 21, 2026
A stack of five semi-transparent glass document panels fanned and layered on a dark reflective surface. The top panel is illuminated by a bright teal scanning light sweeping horizontally across it, revealing faint data grids and chart lines beneath. An amber-orange glow emanates from the base of the stack, reflecting warmly on the surface below. The background is deep near-black with sparse scattered light points. The overall mood is technical, precise, and cinematic.
Compliance & Regulations

CRA Compliance Is a Full-Time Job. Most Teams Don't Have That.

EU CRA reporting obligations start in September 2026. Finite State's managed CRA service delivers five maintained compliance outputs for a designated ...

Finite State Team
Finite State TeamMAY 4, 2026
 IoT and the EU CRA: A Secure by Design Guide for Manufacturers
IoT & OTCompliance & Regulations

IoT and the EU CRA: A Secure by Design Guide for Manufacturers

Learn more about the EU Cyber Resilience Act’s Security by Design requirements and how to comply as an IoT manufacturer in this short guide.

Doc McConnell
Doc McConnell JANUARY 29, 2026
Cybersecurity Risk Assessments & The EU CRA
Product Security

Cybersecurity Risk Assessments & The EU CRA

How to run a CRA-ready cybersecurity risk assessment. The mandatory requirements, a step-by-step process, the tools, and how to keep it defensible acr...

Doc McConnell
Doc McConnell JANUARY 24, 2026
Mistakes to Avoid in Your CRA Readiness Strategy
Compliance & Regulations

Mistakes to Avoid in Your CRA Readiness Strategy

Learn the most common EU CRA readiness mistakes product security teams make and how to build a repeatable, scalable compliance strategy that works.

Dario Lobozzo
Dario LobozzoDECEMBER 11, 2025
How Multi-Modal Scanning Simplifies CRA Compliance
Compliance & Regulations

How Multi-Modal Scanning Simplifies CRA Compliance

Learn how combining binary analysis, source code scanning, and SBOM ingestion enables full-spectrum vulnerability visibility for EU CRA compliance.

Dario Lobozzo
Dario LobozzoDECEMBER 11, 2025
Simplifying CRA & FDA 524B Compliance with Unified Risk
Compliance & Regulations

How a Unified Risk View Simplifies Compliance with EU CRA, FDA 524B, and Beyond

From CRA to FDA 524B, regulators expect traceability and continuous security. Learn how unified risk data reduces compliance overhead & boosts confide...

Mike Hatherall
Mike HatherallNOVEMBER 24, 2025
Why Living SBOMs Are Key to Compliance Readiness
Compliance & RegulationsSBOM Management

From Static to Strategic: Why Living SBOMs Are Key to Compliance Readiness

Regulations like the EU CRA demand ongoing visibility, not one-time SBOM exports. Discover how living SBOMs support audits, evidence, and continuous c...

Mike Hatherall
Mike HatherallNOVEMBER 18, 2025
How to Build a CRA-Compliant Vulnerability Disclosure Program That Scales
Compliance & Regulations

How to Build a Scalable, Repeatable CRA Vulnerability Disclosure Program

Learn how to build a scalable vulnerability disclosure program that meets the EU CRA's continuous monitoring and reporting requirements with evidence ...

Dario Lobozzo
Dario LobozzoNOVEMBER 4, 2025
Regulations Driving IoT Security Forward
Compliance & RegulationsIoT & OT

Regulations Driving IoT Security Forward

From EU CRA to FDA 524B, IoT regulations are reshaping the market. Learn what manufacturers need for compliance—SBOMs, testing, and supply chain visib...

Robert Kelley
Robert KelleySEPTEMBER 24, 2025
EU CRA Compliance: Essential Guide for UK IoT and Connected Product Makers
Compliance & Regulations

EU CRA Compliance: Essential Guide for UK IoT and Connected Product Makers

EU CRA impacts UK-connected device makers. Get clear guidance on compliance, risk, and protecting EU market access.

Mike Hatherall
Mike HatherallJULY 11, 2025
Finite StateFinite State

Finite State is the Product Security Automation Platform that functions as an autonomous Product Security OS: design → verify → prove, grounded in what you ship.

Platform

Platform Overview
Ground Truth Inventory
Exploitability-Based Prioritization
Design-Time Architecture Security
Automated Evidence-Backed Compliance

Solutions

Device Manufacturers
Automotive
Medical Devices
Energy & Utilities
Government
Industrial

Resources

Blog
Resource Library
Webinars & Videos
Events
Documentation

Company

About Us
CareersHIRING
Press & News
Contact Sales
Media Inquiries
X

© 2026 Finite State. All rights reserved.

Privacy PolicyTerms of UseCustomer Terms and Conditions
Finite StateFinite State
Finite StateFinite State