Cybersecurity requirements for wireless and IoT devices continue to evolve. With the Cyber Resilience Act (CRA), the Radio Equipment Directive (RED), and the requirements of EN 18031, one objective has become particularly important: manufacturers must not place devices on the market with known security vulnerabilities and must ensure that vulnerabilities are continuously addressed throughout the product lifecycle.
At solvimus, we have established clear processes to meet these requirements. These include:
✅ Daily monitoring of relevant CVE disclosures
✅ Continuous assessment of potential impacts on our products
✅ Regular software releases, published at least once per month
The importance of this approach was demonstrated recently. Following the publication of CVE-2026-55200, we identified a vulnerability that we classified as critical for our products. As soon as the vulnerability became known, we analyzed its impact, reviewed the affected components, and implemented a patch.
The best part: thanks to our established release process, the fix was already included in our current monthly release. This means our customers received the security update within a very short time after the vulnerability was disclosed.
For us, this example highlights that cybersecurity is about much more than technical safeguards alone. Equally important are the processes behind them: continuous monitoring, rapid risk assessment, and the ability to deploy updates quickly and reliably.
Security is not a state. It is an ongoing process that does not end when a product is shipped.
We view the requirements of the CRA, RED, and EN 18031 not merely as regulatory obligations, but as a framework for developing secure, reliable, and sustainable products. A structured vulnerability management process is a key element of this approach.
Stay up to date
Subscribe to our update newsletter to receive regular information about:
✅ New firmware and software releases
✅ Security-related updates
✅ Product improvements
👉 Sign up for our update newsletter and never miss important security-related information again.
