Security

What is a vulnerability?

ByStefan Karg 05.10.202225.08.2025

Security basics: What is a vulnerability?

Security

ISO 27005 Information Security Risk Manager
ByStefan Karg 16.12.202517.12.2025

This month I’ve earned the Information Security Risk Manager. ISO/IEC 27005 certification of rigcert.education. Having multiple years of experience in managing security risks in OT environments according to IEC 62443-3-2, the ISO 27005 provides an extended perspective on risk management. Effective information security risk management is crucial for maintaining secure systems. Failing to properly assess…

Read More ISO 27005 Information Security Risk Manager
Security

Crisis and Disaster checklist
ByStefan Karg 14.01.202614.01.2026

Incidents such as the blackout in parts of Berlin lasting several days emphasize the importance of personal preparation for crisis and disaster. The German BBK has published checklists for this purpose. The BBK is the German Federal Office of Civil Protection and Disaster Assistance. Personally I don’t prefer to check off such a list on…

Read More Crisis and Disaster checklist
AI

BSI AI Guideline
ByStefan Karg 12.04.202325.08.2025

What a good start into the weekend 😎 📄 The German BSI has published a guideline for developers regarding potential vulnerabilies in AI systems. 📣 From my point of view, a security risk assessment on systems using AI technologies has to consider the attacks on the AI parts of the system as well. A security…

Read More BSI AI Guideline
AI

How will AI affect the security of industrial systems?
ByStefan Karg 07.06.202325.08.2025

This excellent talk from RSA Conference 2023 tries to answer this question with what is currently known regarding: A clear recommendation to watch this presentation by Jason Kramer and Dr. Ulrich Lang, CEO to anyone in the OT/ICS industry.

Read More How will AI affect the security of industrial systems?
Cyber Resilience Act (CRA)

Understanding “Products with Digital Elements” Under the Cyber Resilience Act (CRA)
ByStefan Karg 16.02.202616.02.2026

If you’re evaluating whether your product falls under the Cyber Resilience Act (CRA), you’ve likely encountered the term “Product with Digital Elements” (PDE). This term is central to the CRA, and understanding it is crucial. The Cyber Resilience Act (CRA) defines the scope of its regulations in Article 2, which explicitly references “products with digital…

Read More Understanding “Products with Digital Elements” Under the Cyber Resilience Act (CRA)
Vulnerabilities

CVE-2024-3094: Why the xz-utils backdoor is more than a technical issue
ByStefan Karg 02.04.202425.08.2025

Despite the Easter holidays, a lot of incredible work was done over the weekend by many researchers analysing the details of the xz-utils backdoor. Some examples are: As the situation unfolds, it is becoming clear that this was not just one of the most sophisticated technical (perhaps the most sophisticated) attempts to introduce a backdoor…

Read More CVE-2024-3094: Why the xz-utils backdoor is more than a technical issue

Similar Posts