The Cyber Resilience Act (CRA) is a major milestone in securing embedded systems against cyber threats. While most provisions must be implemented by 2027, reporting obligations take effect from 11 September 2026. As a manufacturer, what are your responsibilities, and which devices are affected?

In embedded systems, the quality of code is crucial for long term reliability and efficiency. The Clean Code principles, as outlined in Robert C. Martin’s influential book Clean Code, are widely used in general software development and can significantly enhance embedded C development. This article explores how these principles can be applied to embedded C, drawing on extensive experience to improve code readability, reduce technical debt, and lower costs over the system’s lifetime. Whether you’re a developer or a manager, this guide offers practical insights into integrating Clean Code into your embedded systems projects.

Manchmal erreicht ein Software-Projekt einen Punkt, an dem die Weiterentwicklung fast zum Stillstand kommt. Features werden nur noch mühsam implementiert, und die Kosten für Änderungen explodieren. Genau an diesem Punkt stand unser Kunde, als er uns, Urs Fässler von iQiliO und Peter Gfader von Beyond Agility, mit einem Architektur-Review beauftragte. Ziel war es, den Zustand der Software objektiv zu bewerten und eine Empfehlung abzugeben: Soll die bestehende Software weiterentwickelt oder komplett neu geschrieben werden?

As software touches every part of life, people expect higher standards for quality, security, and reliability. The Cyber Resilience Act (CRA) reflects this shift - a necessary response to past industry mistakes. Rather than resisting, we can use this regulation to improve our practices. Here’s why regulation is necessary, how we reached this point, and how we can use it to create better software.

The CRA mandates stringent cybersecurity requirements for digital products, ranging from vulnerability management and regular updates to security-by-design principles. Manufacturers are tasked with ensuring that their products remain secure throughout their lifecycle, providing ongoing updates, and managing vulnerabilities proactively. The agile development approach, characterized by iterative cycles, cross-functional collaboration, and continuous integration, is ideally suited to meet these requirements. Agile practices enable teams to quickly adapt to new regulatory demands, implement security measures efficiently, and deliver high-quality, secure software. This article outlines the key aspects of agile development that align with CRA compliance and demonstrates how organizations can leverage agility to meet their obligations under the CRA. For more information on how to transition your team to agile practices and ensure compliance with the CRA, feel free to reach out to me at urs.fassler@iqilio.ch.

In diesem Artikel teile ich die Erfahrungen bei der Implementierung einer CI/Build-Pipeline für mehrere C++-Applikationen und Yocto Linux Projekte. Die Firma stand vor Herausforderungen wie manuelle, nicht reproduzierbare Prozesse und ungleich verteiltes Wissen, was zu verspäteten oder fehlerhaften Auslieferungen führte. Durch einen iterativen und inkrementellen Ansatz und gezielte Unterstützung der Entwickler konnten die Prozesse nachhaltig verbessert und der Stress reduziert werden.

In the ever-evolving landscape of software development, maintaining high-quality and reliable software is paramount. To achieve this, rigorous testing practices and robust development methodologies are essential. This article delves into various testing strategies and tools specific to C++, emphasizing the importance of automated regression tests, test coverage, compiler warnings, code formatting, static code analysis, sanitizers, and continuous integration (CI). By adopting these practices, teams can ensure their software remains reliable, maintainable, and bug-free. We offer comprehensive support to help teams implement these tools and practices effectively, enabling them to achieve optimal results.

In this article, I share my initial impressions gathered from my first steps with Torizon, a Linux-based containerized embedded OS developed by Toradex. Torizon aims to simplify the user experience and customization process compared to alternatives like Yocto. It achieves this by running user applications within custom containers on a base OS, supported by an array of tools. While Torizon simplifies the setup and lowers the entry barrier for newcomers, I found it occasionally challenging as an experienced Embedded Linux and Yocto user.

Check out the Cyber Resilience Act overview. It shows the most important aspects of the upcoming regulation.

Download as pdf or png. Contact us for preparing the software development, questions and remarks.