Are you ready for the CRA?

The Cyber Resilience Act (CRA) is the EU’s new regulation aiming to make digital products — both hardware and software — more secure by design and throughout their lifecycle. It applies to nearly every connected product on the EU market, from smart fridges to SaaS platforms.
‍
But what exactly counts as a “product with digital elements”? What are “essential cybersecurity requirements”? And how does this affect manufacturers, importers, or devs working with open-source?

Learn more about the CRA

Why Trust balena with Your Next Project?

Harden Your Edge and IoT Solutions

Deploy secure, resilient devices and meet regulations like the EU's CRA with balena's end-to-end security features.

Secure from the Start

Minimalist & Hardened OS

Remotely Patch Vulnerabilities

Ensure Supply Chain Integrity

Learn more about balenaOS

Built for Security and Compliance

Meet regulations like the EU's Cyber Resilience Act (CRA) and secure your fleet with balena's integrated security platform.

CRA-Ready SBOMs

Lifecycle Security

Secure Update & Patching

Auditable Security

Learn more about the CRA

Build Resilient Edge Devices

From secure boot to remote patching, use balena's foundational security to harden your devices against emerging threats.

Secure Boot & Disk Encryption

Reduced Attack Surface

Vulnerability Management

Failsafe Updates

Learn more about secure boot and FDE

End-to-End Edge Devices Security

Secure your entire device lifecycle—from development and supply chain to deployment and EOL—all on one platform.

Secure by Design

Supply Chain Accountability

Continuous Protection

Secure Decommissioning

Learn more about supply chain security

OTA Updates for Enhanced Security

Safeguarding security with reliable, verifiable updates, providing consistent application and kernel updates to keep fleets protected from potential attacks.

HostOS updates docs

OTA docs

User Access Management

Offering secure authentication methods, including credential-based login, OpenID Connect (e.g. GitHub, Google), 2FA, TOTP, and SAML-based Single Sign-On for enterprises.

Single Sign-On docs

Security Acknowledgments

At Balena, we welcome collaboration with external security researchers who discover vulnerabilities in our platform. We encourage researchers to responsibly introduce themselves and work with us to address issues. Please contact us at [email protected] to report potential vulnerabilities, or for further information about our responsible security disclosure process.

Last Updated: June 14, 2024

Name

Affiliation

Contribution

Disclosure Date

Resolution Date

Marco Jansen of Lorkeers

ThreatLabs

Marco reported a vulnerability in the 2FA recovery key management

April 22, 2024

June 14, 2024

Marco Jansen of Lorkeers

ThreatLabs

Marco reported a vulnerable gap in the 2FA setup

May 22, 2024

May 30, 2024

Santhoshkumar Chandramohan

—

Santhoshkumar reported a vulnerability in the email invite redirect parameter allowing malicious link injection

January 19, 2025

February 27, 2025

Rudi Kosiór

Secure Channel

Rudi reported a bug in our cookie consent banner ignoring preferences for visitors who customized their experience

July 28, 2025

Vasileios Flengas

—

Vasilieios reported a privilege escalation vulnerability in balenaEtcher for Windows (versions prior to 2.1.4)

May 12, 2025

July 29, 2025

Security

Securing your IoT Edge devices

Are you ready for the CRA?

Why Trust balena with Your Next Project?

Still got questions?

Chat with our customer success team.