23-25 March, 2027 | Steigenberger Wiltcher's, Brussels

Linux Kernel Security Assessment for CRA Compliance (F11a)

Gain a process-driven framework for CRA-compliant Linux product security.
25 Mar 2026
10:50 am
Ballroom A

Linux Kernel Security Assessment for CRA Compliance (F11a)

For products that use the Linux kernel, the EU’s Cyber Resilience Act (CRA) requires a measurable, process-driven approach to security. A compliance framework based on the Common Criteria principles is presented in this talk. ‘Secure by Design’ will be incorporated through the establishment of security targets and the hardening of configurations. The discussion will cover how to set up a structured vulnerability management program that complies with the stringent reporting and incident notification requirements of the CRA. The speakers will also discuss how rigorous SBOM generation can lead to Software Supply Chain Transparency. The speakers’ll wrap up by talking about developing a long-term patch and maintenance commitment that guarantees auditable lifecycle security. Participants will discover how to use this methodical approach to create a security posture for their Linux-based products that can be proven to be compliant.