Blog
The Finite State Blog

Practical insights and articles from our SMEs to help product security teams cut triage noise, fix what matters faster, and deliver audit-ready proof to customers and regulators.

72 results

X-ray 3/4 view of a connected vehicle, the dark car body shown in shadow while its internal electronics — infotainment unit, telematics module, OBD-II dongle, and dashcam — glow orange and are revealed by scan line passing through the car.
Compliance & RegulationsCompliance

Cyber Resilience Act for Automotive Suppliers: The Car Is Exempt, but What's Inside Isn't

Most suppliers hear "automotive is exempt" and move on. The CRA carves out the finished vehicle, but a meaningful share of what they sell still falls ...

Doc McConnell
Doc McConnellJUNE 24, 2026
A lineup of connected devices — an industrial PLC, a network router, and a smart home IoT hub — on a dark reflective surface, each overlaid with a teal X-ray scan revealing the circuit boards inside, illustrating continuous security scanning for CRA compliance.
Compliance & Regulations

CRA Compliance Is Not a Checkbox. It's a Continuous Program.

Manufacturers tend to prepare for the EU Cyber Resilience Act (CRA) the way they'd prepare for an exam, something you study for, pass, and put behind ...

Doc McConnell
Doc McConnellJUNE 17, 2026
Understanding The EU CRA's SBOM & Technical Documentation Requirements
SBOM ManagementCompliance & Regulations

Understanding The EU CRA's SBOM & Technical Documentation Requirements

Ensure compliance with the EU Cyber Resilience Act. Learn how IoT manufacturers can streamline SBOM creation, updates, and documentation with expert t...

Doc McConnell
Doc McConnell MAY 21, 2026
Conformity Assessments: Understanding the EU Cyber Resilience Act Requirements
Compliance & Regulations

Conformity Assessments: Understanding the EU Cyber Resilience Act Requirements

Learn about the EU Cyber Resilience Act's conformity assessments. Discover how IoT manufacturers can ensure compliance based on product risk categorie...

Doc McConnell
Doc McConnell MAY 12, 2026
A stack of five semi-transparent glass document panels fanned and layered on a dark reflective surface. The top panel is illuminated by a bright teal scanning light sweeping horizontally across it, revealing faint data grids and chart lines beneath. An amber-orange glow emanates from the base of the stack, reflecting warmly on the surface below. The background is deep near-black with sparse scattered light points. The overall mood is technical, precise, and cinematic.
Compliance & Regulations

CRA Compliance Is a Full-Time Job. Most Teams Don't Have That.

EU CRA reporting obligations start in September 2026. Finite State's managed CRA service delivers five maintained compliance outputs for a designated ...

Finite State Team
Finite State TeamMAY 4, 2026
Understanding the Connected Vehicle Rule: Strategic Implications and How Finite State Supports Compliance
Connected VehiclesCompliance & Regulations

Understanding the Connected Vehicle Rule: What It Requires and How to Comply

Learn what the Connected Vehicle Rule means for automakers, key compliance deadlines, and how Finite State helps companies navigate the new regulation...

Mike Hatherall
Mike HatherallFEBRUARY 2, 2026
 IoT and the EU CRA: A Secure by Design Guide for Manufacturers
IoT & OTCompliance & Regulations

IoT and the EU CRA: A Secure by Design Guide for Manufacturers

Learn more about the EU Cyber Resilience Act’s Security by Design requirements and how to comply as an IoT manufacturer in this short guide.

Doc McConnell
Doc McConnell JANUARY 29, 2026
A Unified Path to CRA Compliance: Breaking Silos, Matching Risk
Compliance & Regulations

A Unified Path to CRA Compliance: Why Teams Need to Break Silos and Match Velocity

Learn how unified risk assessment and reachability help teams break silos, reduce CRA reporting effort, and focus on real, exploitable risk.

Dario Lobozzo
Dario LobozzoJANUARY 27, 2026
Automotive Cybersecurity Standards
Compliance & Regulations

Automotive Cybersecurity Best Practices for Connected and Autonomous Vehicles

Explore ISO/SAE 21434, ISO 26262, & AUTOSAR's roles in automotive cybersecurity. Discover how they shape vehicle safety and security standards.

Doc McConnell
Doc McConnellJANUARY 17, 2026
EU CRA's Vulnerability Handling & Incident Reporting Rules: A Guide
Vulnerability ManagementCompliance & Regulations

CRA Vulnerability Management: Requirements, Deadlines & Tools

Navigate the EU Cyber Resilience Act's vulnerability handling & incident reporting requirements with part 2 of our guide for IoT manufacturers.

Doc McConnell
Doc McConnell JANUARY 15, 2026
Mistakes to Avoid in Your CRA Readiness Strategy
Compliance & Regulations

Mistakes to Avoid in Your CRA Readiness Strategy

Learn the most common EU CRA readiness mistakes product security teams make and how to build a repeatable, scalable compliance strategy that works.

Dario Lobozzo
Dario LobozzoDECEMBER 11, 2025
How to Improve CRA Readiness Starting Tomorrow
Compliance & Regulations

Low-Hanging Fruit: How to Improve CRA Readiness Starting Tomorrow

Explore simple, high-impact steps product manufacturers can take today to reduce risk and begin meeting EU Cyber Resilience Act requirements.

Dario Lobozzo
Dario LobozzoDECEMBER 11, 2025
Finite StateFinite State

Finite State is the Product Security Automation Platform that functions as an autonomous Product Security OS: design → verify → prove, grounded in what you ship.

Platform

Platform Overview
Ground Truth Inventory
Exploitability-Based Prioritization
Design-Time Architecture Security
Automated Evidence-Backed Compliance

Solutions

Device Manufacturers
Automotive
Medical Devices
Energy & Utilities
Government
Industrial

Resources

Blog
Resource Library
Webinars & Videos
Events
Documentation

Company

About Us
CareersHIRING
Press & News
Contact Sales
Media Inquiries
X

© 2026 Finite State. All rights reserved.

Privacy PolicyTerms of UseCustomer Terms and Conditions
Finite StateFinite State
Finite StateFinite State
Get a DemoGet a Demo