#000: How New IoT Security Regulations Will Shape the Industry's Future

In today's Coredump Session, Memfault’s François Baldassari and Chris Coleman unpack the sweeping impact of new IoT security regulations like the CRA and the Cyber Trust Mark. From shocking real-world exploits to smart compliance strategies, they explore what these changes mean for hardware teams and the future of connected devices. If you ship firmware or build IoT products, this one’s essential listening.Key takeaways:IoT security is no longer optional—new regulations like the CRA and Cyber Trust Mark make it mandatory.Most connected devices today are still dangerously undersecured, with outdated stacks and poor OTA support.Open source platforms like Zephyr can make compliance easier by pooling security resources across companies.OTA (over-the-air) updates are now a requirement in both US and EU regulations.The CRA introduces SBOM (Software Bill of Materials) requirements to track vulnerabilities in dependencies.Observability, encryption, and secure boot need to be built in from the start—not as last-minute add-ons.Compliance will vary based on device criticality, but self-certification will be the norm for most companies.Ignoring security costs more in the long run—both in reputation and risk.Chapters:00:00 Episode Teasers & Intro01:03 Meet the Hosts: François and Chris from Memfault03:40 Why IoT Security Is Still So Behind07:15 Vulnerabilities, Legacy Chips, and Who’s to Blame10:12 Wireless Protocols: Still a Huge Attack Surface13:28 If You Ship Without OTA, You're Asking for Trouble20:50 Introducing the CRA and Cyber Trust Mark23:38 What the CRA Actually Requires31:45 Reconciling Security Monitoring with GDPR34:07 Cyber Trust Mark vs CRA: US vs EU Approaches41:05 What You Can Do Today to Prepare46:33 How Long Do You Have to Support a Device?52:19 Attack Surfaces: Even a Projector Isn't Safe56:06 Lifecycle Support and Product Lifespan Realities58:51 Observability in Low-Resource Devices1:00:34 Connected Architectures & Multichip Compliance1:01:43 IoT Devices with Limited Bandwidth & OTA ConstraintsJoin the Interrupt Slack ⁠⁠⁠⁠Watch this episode on YouTubeSuggest a GuestFollow Memfault⁠⁠LinkedIn⁠⁠⁠⁠Bluesky⁠⁠⁠⁠Twitter⁠⁠Other ways to listen:⁠⁠Apple PodcastsiHeartRadio⁠⁠⁠⁠Amazon MusicGoodPodsCastbox⁠⁠⁠⁠Visit our website

There are no comments yet.

Please log in to write the first comment.