Christian Banse – Cybersecurity-Blog

Automated cloud certification with EMERALD: Architecture, evidence, and trustworthy security

In the face of growing complexity and regulatory requirements, the security of cloud services is becoming increasingly challenging. However, conventional certification procedures require considerable financial and time investment to meet these requirements. That is why the EU research project EMERALD is pursuing a new approach: It is developing a framework for continuous, automated security certification based on semantically structured evidence. This article will discuss the concepts, methods, and validation approaches of the EMERALD platform.

Faster detection and rectification of security vulnerabilities in software with CSAF

The Common Security Advisory Framework (CSAF) is a machine-readable format for security notices and plays a crucial role in implementing the security requirements of the Cyber Resilience Act (CRA): Security vulnerabilities can be detected and rectified faster by automatically creating and sharing security information. Fraunhofer AISEC has now published the software library »kotlin-csaf«, which implements the CSAF standard in the Kotlin programming language.