Secure Product Development Lifecycle—Industry’s Approach for Regulatory Compliance and Competitive Advantage (T21c)
EU General Product Safety Regulation is expected to make cybersecurity a regulatory requirement related to safety, affecting all products and installed software, possibly already by end of 2022. Machinery Regulation and RED delegated acts are expected establish additional requirements in 2024. US Executive order is preparing regulation also of consumer IoT and SW. Automotive is globally regulated, Medtech too but less explicitly. As harmonized standards are absent for many industries, the only practical way for equipment and software manufacturers to mitigate cyber security liability risk is to follow a secure product development lifecycle and create evidence of compliance. This presentation will give a May 2022 status overview on how different safety-critical equipment manufacturer segments (e.g. industrial, medical, automotive) are already transforming their industries by making secure development a mandatory market requirement in their supply chains, and how market leaders have used this to create competitive advantage.