- Enables manufacturers to build more secure products with lower total cost of ownership while complying with the European Unionโs Cybersecurity Resilience Act (CRA)
- This platform combines essential foundational software components to reduce security vulnerabilities
NUREMBERG, Germany–(BUSINESS WIRE)–embedded world, Hall 4, Stand 325 โ Green Hills Software today announced the availability of its Platform for CRA, a comprehensive and production-proven set of foundational software components to help manufacturers of digital products confidently comply with regulations for the European Unionโs Cybersecurity Resilience Act (CRA). The platform not only supports compliance with CRA requirements but also enables significant cost savings by minimizing the number of security-related updates in deployed products over their operational lifetimes.
Leveraging decades of leadership in embedded systems security, the Green Hills Platform for Cybersecurity Resilience helps manufacturers address core principles of the EUโs CRA regulation across the entire product lifecycle:
- Security by Design
- Cybersecurity Risk Assessment
- Vulnerability Handling and Reporting
- Secure Updates Over the Product Lifetime
- Software Bill of Materials (SBOM) and Third-Party Components
Security By Design
At the core of the platform is the INTEGRITYยฎ real-time operating system (RTOS), architected from its inception to meet the most stringent security requirements. Its separation kernel has undergone rigorous penetration testing and is independently proven to securely isolate software components. By minimizing code that executes in kernel space, INTEGRITY reduces attack surface while providing provable separation and freedom-from-interference for applications, drivers, the INTEGRITY kernel, in addition to guest operating systems like Linux.
As a result, no vulnerabilities have been reported for the INTEGRITY kernel in its 28 years of deployment โ a track record that stands in contrast to operating systems with vulnerabilities that are discovered and reported in some cases on a weekly basis, necessitating a large number of security patches and costly field updates.
INTEGRITY has been deployed in millions of products across automotive, avionics, mobile, industrial, IoT, medical, and railway sectors. It has been certified at the highest levels for ISO 26262, DO-178B, ISO/SAE 21434, IEC 61508, and EN 50128/50657, and is supported by comprehensive cybersecurity and safety manuals for system developers.
Secure Boot, Run-time Protection, and Lifecycle Management
The platform integrates secure boot and cryptographically verified image signing to protect devices from the first instruction executed. Based on the Cypherbridgeยฎ integrated suite of products for device lifecycle management, the Platform for CRA includes:
- Image signing (Cypherbridge WSLAM)
- Over-the-air updates via CDX Server and CDX Client
- Image verification and secure boot with uLoadXL
Together, these components, and optionally other partners in the Green Hills ecosystem, provide secure device lifecycle management, enabling safe updates and maintenance over the productโs operational life.
Product Security, Transparent Vulnerability Handling, and Long-Term Support
Green Hills Softwareโs internal Product Security Incident Response Team (PSIRT) efficiently handles security advisories and manages responses and customer communication.
Manufacturers benefit from the companyโs flexible long-term maintenance options, including:
- Feature updates and security patches for the life of the product
- Ongoing vulnerability reporting and remediation
- Detailed security change logs and patch documentation
SBOM and Third-Party Components
To address CRA regulation requirements related to INTEGRITY and third-party components, Green Hills provides an SBOM for INTEGRITY and provides a framework to isolate middleware and third-party software from security-critical components. Configuration tools for INTEGRITY-based systems provide an auditable security policy governing the capabilities of each software component in the system.
Security From the Start
Green Hills offers many powerful security analysis tools for developers to use while writing their C, C++ and Rust application code. The MULTIยฎ integrated development environment (IDE) identifies security vulnerabilities and coding errors early in the development process. By enabling early detection, customers reduce downstream remediation costs and shorten compliance cycles.
- MISRA C/C++ adherence checking improves code safety, security, portability and reliability
- DoubleCheckโข static source code analysis identifies programming errors at the time of compilation
- Run-time stack error detection
- Additionally, the Cypherbridge CDX server offers optional automated and continuous binary vulnerability scanning on deployed binaries
- Advanced debugging capabilities to help developers find and fix every bug quickly and efficiently, allowing developers to minimize costly and embarrassing delays between fulfilling CRA reporting requirements and providing a fix
Availability
The Green Hills Platform for CRA is available today and will be demonstrated at embedded world in Nuremburg, Germany, March 10-12, 2026, in the Green Hills booth in Hall 4, Stand 325.
About Green Hills Software
Founded in 1982, Green Hills Software is the worldwide leader in embedded safety and security. In 2008, the Green Hills INTEGRITY-178 RTOS was the first and only operating system to be certified by NIAP (National Information Assurance Partnership comprised of NSA & NIST) to EAL 6+, High Robustness, the highest level of security ever achieved for any software product. Our open architecture integrated development solutions address deeply embedded, absolute security and high-reliability applications for the military/avionics, medical, industrial, automotive, networking, consumer and other markets that demand industry-certified solutions. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom. Visit Green Hills Software at https://www.ghs.com.
Green Hills, the Green Hills logo, INTEGRITY, MULTI, and DoubleCheck are trademarks or registered trademarks of Green Hills Software LLC, in the U.S. and/or internationally. All other trademarks are the property of their respective owners.
Contacts
Media Contact:
Green Hills Software
Christopher Smith
Phone: +1-805-965-6044
E-mail: [email protected]
