EU Cyber Resilience Act - A Product Owner’s Approach
CVE/FIRST VulnCon 2025 · Main Stage
The European Union’s Cyber Resilience Act (CRA) represents a landmark legislative initiative set to profoundly reshape how software and hardware vendors operate within the EU market. In this VulnCon talk, Langley Rock, a Product Owner at Dell Technologies, offers a pragmatic, product-owner-centric perspective on navigating the complexities of the CRA. His presentation cuts through the legal jargon to provide actionable insights for organizations grappling with the impending compliance deadlines and the significant implications for product development and security practices.
AI review
This is a policy/regulatory talk, not a technical research drop, and it should be graded accordingly. Langley Rock is a practitioner with genuine CRA exposure — he's not a lawyer reciting press releases, he's a product owner at a major vendor who has actually tried to operationalize this regulation. The talk delivers competent, structured guidance on CRA compliance mechanics: product classification tiers, the September 2026 vs December 2027 split deadlines, the open-source liability problem, and a practical bucketing methodology for requirements. For a compliance-oriented audience at…