Register Login

Crisis Management Days

Search

Published

2026-04-24

Conference Proceedings Volume

2026: Crisis Management Days Book of Abstracts

Section

Artificial intelligence, digital tools, and innovative technologies for crisis management

License

Copyright (c) 2026 Silvana Tomić Rotim, Domagoj Čajko

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

How to Cite

Tomić Rotim, S., & Čajko, D. (2026). Cyber Resilience Act (CRA) and Secure Programming. Crisis Management Days. Retrieved from https://ojs.vvg.hr/index.php/DKU/article/view/800

Cyber Resilience Act (CRA) and Secure Programming

Silvana Tomić Rotim

Zavod za informatičku djelatnost Hrvatske

Domagoj Čajko

Keywords: Cyber Resilience Act (CRA), Security by Design, Security by Default, Software Security

Abstract

Software security in the modern digital age has become a critical issue due to the exponential growth of connected devices (IoT), increasingly complex software supply chains, and the frequent occurrence of cyberattacks. System vulnerabilities have demonstrated that the lack of integrated security during the design phase can have catastrophic consequences for users and the economy. In response to these challenges, the European Union adopted Regulation (EU) 2024/2847, known as the Cyber Resilience Act (CRA). This paper examines the impact of the CRA regulation on software development, with an emphasis on the transition to the paradigm of secure by design and secure by default. The aim of the paper is to analyze the new obligations for manufacturers and developers and to present practical examples of adapting code to the new legal requirements.

References

European Union. (2024). Regulation (EU) 2024/2847 of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements (Cyber Resilience Act). Official Journal of the European Union.

ENISA (European Union Agency for Cybersecurity). (2023). Engineering Security into Connected Products: Guidelines for Secure by Design.

OWASP Foundation. (2024). OWASP Top 10 Proactive Controls: Aligning with EU Cyber Resilience Act. Owasp.org.

Zakharchenko, A. (2026). „Integrating Continuous Compliance into DevSecOps Pipelines: A Data Engineering Perspective“, Special Issue Software Reliability, Security and Quality Assurance, 10 February 2026, 5(1), 6; https://doi.org/10.3390/software5010006

Ortega Velázquez, M.A., Cuevas Martínez, I., Jara, A.J. (2025). „Integrating the CRA into the IoT Lifecycle: Challenges, Strategies, and Best Practices“, 22 November 2025 16(12), 1017; https://doi.org/10.3390/info16121017

Crisis Management Days

Copyright © 2025 University of Applied Sciences Velika Gorica