I’m proud to announce the release of the Secure Coding for Embedded Systems course on Udacity — a project I had the honor of contributing to as one of the authors, together with Dennis Kengo Oka.
My focus was on some of the most critical and timely areas of embedded system security: Hardening, Supply Chain Risk Management, TLS, and Secure Updates. These aren’t just best practices — they’re quickly becoming regulatory requirements, particularly in light of the European Union’s Cyber Resilience Act (CRA) and Radio Equipment Directive (RED) updates.
Why Secure Coding Matters — Now More Than Ever
Embedded systems and IoT devices are everywhere — in homes, hospitals, factories, vehicles, and cities. But as these systems become more connected, they also become more exposed. In response, the regulatory landscape is evolving quickly to enforce security-by-design at the software level.
Here are two regulations every embedded developer needs to know:
📜 1. The EU Cyber Resilience Act (CRA)
The Cyber Resilience Act, formally adopted by the EU in 2024, introduces mandatory cybersecurity requirements for all products with digital elements — including embedded systems and software.
Key obligations include:
- Products must be secure-by-design and secure-by-default.
- Must be in place a process to implement vulnerability handling and provide timely security updates.
- Risk assessments, technical documentation, and conformity declarations will be required.
Non-compliance may result in penalties up to €15 million or 2.5% of global annual turnover.
The CRA is expected to become enforceable by 2026, and it will directly impact how embedded systems are developed, tested, and maintained — especially in critical infrastructure and consumer devices.
📻 2. Radio Equipment Directive (RED) – Article 3(3)(d)(e)(f)
Since 2022, the Radio Equipment Directive (2014/53/EU) has been extended with new cybersecurity requirements under Delegated Regulation (EU) 2022/30, specifically:
- Devices must not harm network functionality or misuse resources.
- They must protect user privacy and personal data.
- They must include fraud prevention mechanisms.
These rules apply to wirelessly connected devices (Wi-Fi, Bluetooth, LTE, etc.), including most IoT devices, wearables, smart appliances, and industrial controllers.
🗓️ Enforcement begins in August 2025, meaning manufacturers and developers must ensure compliance now — including implementing secure communication protocols and robust update mechanisms.
What This Course Delivers
The Secure Coding for Embedded Systems course is designed to equip developers with the practical skills needed to meet these real-world security challenges and regulatory expectations. In the modules I authored, you'll learn how to:
🛡️ Harden Embedded Systems Reduce the attack surface by removing unused components, implementing secure boot, and gaining visibility into vulnerabilities in third-party libraries.
🔗 Manage Supply Chain Risks Evaluate and mitigate risks introduced by third-party code and dependencies. You'll build Software Bills of Materials (SBOMs), understand upstream threat vectors, and adopt processes for lifecycle security management.
🔐 TLS and Secure Updates Enhance the security of embedded devices by securing communication with TLS, implementing mechanisms for secure over-the-air (OTA) updates, and ensuring the integrity and authenticity of firmware.
For Developers, Engineers, and Product Teams
Whether you're an embedded developer, systems engineer, or security architect, this course helps you build systems that are compliant, resilient, and future-ready. And more importantly — it empowers you to build trustworthy technology in a world that depends on it.
Final Thoughts
The secure-by-design shift isn’t just about risk management — it’s about building confidence, meeting regulatory requirements, and future-proofing your products.
👉 Explore the course on Udacity
💬 Let’s Connect
If you found this course helpful, or if you want to chat more about how to improve it in the future revisions — I’d love to hear from you.
Feel free to reach out on LinkedIn
Always happy to connect with fellow developers, researchers, and security-minded folks.
Stay curious. Stay secure. 🔒🚀