BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//cfp.riscv-europe.org//eu-summit-2026//talk//PC8KYU BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-eu-summit-2026-PC8KYU@cfp.riscv-europe.org DTSTART;TZID=CET:20260609T170000 DTEND;TZID=CET:20260609T171500 DESCRIPTION:The Cyber Resilience Act is fully enforced in for all products "with a digital element" sold in the EU from December 2027. It has highly stringent requirements on manufacturers\, such as products being “secure by design and by default” and “having no known vulnerabilities” at the point of going on sale. Discovered vulnerabilities in the product must be reported within 24 hours for critical exploits. All vulnerabilities mu st be patched within a short time frame\, and support must be for 5 years or longer depending on the product.\nAs a specific example of the effect o f the CRA on consumer products\, the Linux kernel had 4336 reported exploi ts (CVEs) in 2024 (12 per day) and 5779 in 2025 (16 per day). Linux is use d in an increasingly large range of consumer devices\, not least a large p roportion of the world’s smartphones. The able to continue to sell these products in Europe\, then the industry really needs to move to a much mor e securely constructed systems. CHERI systems have memory safety bult-in which resolves 70% of vulnerabilities seen in weaker non-CHERI legacy syst ems.\nResolving such a large proportion of vulnerabilities at source will greatly reduce the support and maintenance costs\, if nothing else. As a r esult of the CRA\, there will be a large shift in the industry to make sys tems much more secure.\nWe expect that much of that shift will be towards CHERI systems as manufacturers wake up to the cost savings. DTSTAMP:20260522T163158Z LOCATION:Plenary SUMMARY:Why the industry needs CHERI to be able to meet the EU Cyber Resili ence Act - Tariq Kurd URL:https://cfp.riscv-europe.org/eu-summit-2026/talk/PC8KYU/ END:VEVENT END:VCALENDAR