Nordic expands nRF Cloud with firmware vulnerability scanning

nRF Cloud - CRA vulnerability

nRF Cloud identifies vulnerabilities in firmware and shows exactly which deployed devices are affected, empowering device manufacturers to address EU Cyber Resilience Act requirements

Nordic Semiconductor, a global leader in low-power wireless connectivity solutions, today announced that firmware vulnerability scanning is coming to nRF Cloud, further bolstering its capabilities for empowering device makers to prepare for the EU Cyber Resilience Act (CRA).     

With firmware vulnerability scanning in nRF Cloud, developers will be able to upload their software bill of materials (SBOM) to nRF Cloud and automatically identify common vulnerabilities and exposures (CVEs) present in the SBOM and analyze their exposure across their nRF Cloud-connected production fleet.   

nRF Cloud’s new capability is designed to help device manufacturers meet the CRAs vulnerability monitoring requirement, without taking on the burden of building and maintaining their own CVE identification systems. This new capability works in tandem with nRF Cloud’s firmware over-the-air (FOTA) service, which allows updates to be deployed at scale to devices in the field.   

Shortening CRA compliance to-do lists

The CRA requires the security of connected devices to be maintained across the full device lifespan, which can extend many years into the future, meaning compliance work does not stop once devices are deployed.   

With nRF Cloud’s features including vulnerability detection and FOTA, developers can more effectively manage their compliance burden and stay focused on building innovative products. That means a faster path to market, and once products ship, meeting ongoing compliance obligation with less strain on stretched resources.   

Continuous vulnerability detection with real-world exposure analysis

With nRF Cloud’s new firmware vulnerability scanning, developers upload their SBOMs for each software version, and nRF Cloud will automatically and continuously scan that SBOM.     

The service also highlights exactly how many deployed devices are exposed to each identified vulnerability. This exposure data enables more confident prioritization decisions, and allows real-time monitoring of remediation via security patches, as those updates roll out.   

Detection and remediation in one system

Alongside nRF Cloud's existing FOTA update capability, firmware vulnerability scanning lets device makers move from an identified security issue, to a deployed patch, to a confirmed fix, all in one system backed by a complete audit trail.     

Remediation can be monitored in real time as security patches roll out across the fleet. With the help of nRF Cloud, developers will be able to check several important requirements around vulnerability monitoring and security update delivery off their CRA to-do list.   

Availability

Firmware vulnerability scanning will be released in the coming weeks. Register for our webinar to see it in action and be the first to know when it goes live. nRF Cloud, including features such as FOTA, is available today, and developers can create a free Developer account at any time to start exploring the platform.   

To find out more about the CRA requirements, check out our guide