Software companies often rely on a familiar distinction: they regulate products, but not services. They have viewed cloud delivery models, subscription-based offerings, and remote processing as business innovations. They have also seen them as ways to reduce regulatory exposure. The EU Cyber Resilience Act (CRA) challenges this assumption. Under the CRA, the key question is not whether a company markets

One of the frequently asked questions surrounding the Cyber Resilience Act (CRA) concerns legacy products. Manufacturers ask whether they can sell older products in the EU after 11 December 2027 without updates. This blog explores the issue amid evolving CRA standards and upcoming compliance deadlines. CRA Scope and Market Placement The CRA applies to products placed on the market from

The EU’s growing focus on SBOMs, highlighted in ENISA’s SBOM Landscape Analysis – Towards an Implementation Guide, is a key step toward greater transparency and resilience in software supply chains. SBOMs are rapidly becoming a central building block for cybersecurity governance under the Cyber Resilience Act (CRA) and related frameworks. From Bitsea’s perspective, this direction is both necessary and overdue.

Introduction to the Syscall Exception The syscall exception maps closely to how the Linux kernel exposes its user-space interface. The boundary covered by the syscall note primarily consists of the kernel’s user-space API (UAPI), which is implemented through header files intended for inclusion by user programs. These headers live mainly under the include/uapi/ directory (and its architecture-specific counterparts under arch/*/include/uapi/)

In September 2025, the npm ecosystem experienced one of the most consequential software supply-chain compromises to date. A self-propagating worm, now commonly referred to as Shai-Hulud, compromised hundreds of npm packages, harvested developer and CI/CD credentials, and used those credentials to spread laterally across the ecosystem by publishing further malicious updates under the identities of legitimate maintainers. Within weeks, a

When it comes to managing software security and compliance, understanding and generating Software Bill of Materials (SBOMs) is crucial, especially with the increasing use of third-party and open-source code. The Cybersecurity and Infrastructure Security Agency (CISA) has defined six different types of SBOMs, each linked to different stages of the software development lifecycle (SDLC). Here’s a breakdown of these SBOM