In this episode of Exploited: The Cyber Truth, host Paul Ducklin sits down with RunSafe Security CEO Joseph M. Saunders to unpack the EU Cyber Resilience Act (CRA)—a sweeping new regulation set to reshape software security across Europe and beyond.

With enforcement on the horizon in 2026, Joe breaks down what the CRA means for manufacturers, developers, and supply chain partners today. From the critical role of Software Bill of Materials (SBOMs) to the shifting landscape of liability, we explore how the CRA is raising the bar for Secure by Design software.

Joe also shares how leading organizations are preparing now and why cyber insurance may play a bigger role in the CRA era, even when best practices are followed.

In this episode:

• What the CRA covers and who it affects
• Why SBOMs are central to compliance and trust
• How the law shifts liability for software flaws
• Real-world prep strategies from industry leaders
• The role of cyber insurance in a post-CRA world

If your business touches software, this is one regulation you can’t afford to ignore.