Automating CRA Vulnerability Reporting for Real Business Impact
Dario Lobozzo, GM of EMEA at Finite State, describes the “holy grail” of CRA compliance: automated, scalable vulnerability reporting. In this clip, he explains how automation across your tech stack—CI/CD, TARAs, SBOM tools—can feed contextual evidence into board-level decisions, like whether a product is ready for FDA submission or should be pulled from a go-to-market plan entirely.
•1:46•HD•0 views
Automating CRA Vulnerability Reporting for Real Business Impact
Transcript
You know, the holy grail of CRA vulnerability reporting is to be able to find an automated program. And finite state can help quite a lot in the automation of that program.
That can come from multiple different workflows from the technology stack, being able to gather evidence, contextualize that evidence, and then do that in a repeatable way. And then serve that data to the ten different systems that might need to receive that data. So you're making your silos into data systems and those data systems rely on the technologies that are at kind of the bottom level. So whether it's integrating with the TAR platform or integrating with your CICD pipeline, your Bamboo, your GitLab, etcetera, or maybe it's building reports that can actually go up to your board level to show, I've got fifteen products that are set for FDA submission.
Eight of them are green light, we're good to go, we have everything we need. The rest of them are kind of yellow and we have one of them that's red. We just don't think we're gonna make it. We have too much to do and here's why we have too much to do. We need to pull the marketing effort out of that product altogether. So being able to go from an SBOM scanning tool to a board level decision to pull marketing effort out of one of the products you're going to bring to market next year, just by trying to figure out which ones can lead compliance and which ones can't, that's where you're starting to get to an automated streamlined approach that's actually going to impact your business bottom line in a positive way.