In this episode, Jacob Beningo interviews François Baldassari, Memfault CEO, about IoT security compliance demands. They discuss embedded manufacturers' readiness for new security regulations, the challenges they face, and potential solutions.

They also explore the differences between the EU's Cyber Resilience Act and the US's Cyber Trust Mark. François emphasizes the importance of OTA updates, using open-source software, and building security teams within hardware companies. He also highlights the need for collecting the right data and observability to improve security posture.

Takeaways

• Embedded manufacturers are not fully ready for new IoT security compliance demands.
• Regulatory frameworks like the EU's Cyber Resilience Act and the US's Cyber Trust Mark are coming into effect and will require certification of cybersecurity guidelines.
• Challenges include the uncertainty of the regulations, the additional costs and effort required, and the lack of established infrastructure and best practices.
• Recommendations for compliance include implementing OTA updates, using open-source software, adopting SBOM scanning, and ensuring observability of devices.
• AI is not currently a solution for compliance, but it may play a role in the future as more data is collected and analyzed.
• Joining the conversation around open-source products and following security best practices can help improve device security.