NXP EdgeVerse Techcast

MCUXpresso Installer: End Embedded Setup Nightmares (MCUXpresso, Zephyr & Matter)
In this EdgeVerse Techcast episode, co-hosts Bridgette Stone and Kyle Dando interview Alexandra Maracine, a software engineer on the MCUXpresso Installer team, about how the MCUXpresso Installer simplifies embedded development environment setup. Alexandra explains the common pain points—scattered tool downloads, dependency and version conflicts, broken PATHs, and team-wide consistency issues. Then she covers how the Installer centralizes sources, manages multiple coexisting versions across MCUXpresso SDK, Zephyr, and Matter, configures environments automatically, supports offline installs, and works across Windows, macOS, and Linux. She contrasts monolithic IDE installers with modular, package-driven approaches and describes key engineering challenges such as isolating installs from unpredictable user systems (including Python virtual environments) and handling enterprise constraints like proxies and restricted networks.
Episode resources:
MCUXpresso Installer Overview
Download MCUXpresso Installer (MacOS, Linux, Windows)
MCUXpresso for VS Code: Getting Started
00:00 Welcome to EdgeVerse
00:49 Why Setup Is Painful 
01:29 Meet Alexandra 
02:12 Furniture Analogy 
03:35 Real Dependency Nightmares
05:35 Key Benefits Breakdown 
06:56 Offline and PATH Magic 
08:05 Alternatives and Trends
10:16 Hardest Engineering Challenges 
11:40 Respecting User Systems 
12:24 Enterprise Constraints
13:32 How to Get and Update
14:16 VS Code Integration
14:50 Wrap Up and Takeaways

CRA Week Ep. 4: Maintaining CRA Conformity Across the Product Lifecycle
In the fourth and final episode of CRA Week, hosts Kyle and Bridgette wrap the series up with 3 CRA experts Asim Zaidi, Julien Delplancke, and Louis Rodriguez.
Asim explains why CRA compliance continues long after a product ships and highlights key underestimated challenges. (Architecture drift, maintaining secure configurations, Crypto agility, Documentation (including SBOMs). 
Julien describes manufacturing-stage security needs and how EdgeLock 2Go centralizes secure credential provisioning, supports secure over-the-air updates, and enables credential renewal and crypto agility for devices in the field.
Louis outlines the role of a PSIRT, and reviews core lifecycle vulnerability processes including intake, triage and impact assessment, remediation, coordinated communications, multi-vendor coordination, and notification obligations.
Episode Resources:
NXP CRA web page: EU Cyber Resilience Act (CRA)
NXP PQC web page:Post-Quantum Cryptography
EdgeLock 2GO | IOT Service Platform for Secure Deployment and Management
NXP PSIRT: Product Security Vulnerability
Security Certification: Security Certification
00:00 Welcome to CRA Week Finale
01:39 Why Lifecycle Matters
01:58 Hidden Long Term Challenges
05:00 Future Proof Architecture
06:41 SBOM and Crypto Agility
08:16 Manufacturing Security Basics
09:51 EdgeLock 2Go for Updates
11:50 PSIRT and Governance
15:14 Vulnerability Management Processes
16:49 CRA Week Recap and Closing

CRA Week Day 3: Proving Compliance—Your "Recipe" for EU Cyber Resilience Act Conformance
On Day 3 of CRA Week on the EdgeVerse Techcast, hosts Kyle Dando and Bridgette Stone are joined by NXP expert Carlos Serratos to explain how manufacturers can prove compliance with the EU Cyber Resilience Act (CRA). Carlos connects Risk Assessment and Security by Design to the need to demonstrate cybersecurity conformance. 
Using a baking analogy, he outlines key CRA compliance "ingredients":
 A risk assessment
Vulnerability management policy
Secure development process
Support period policy,
User information
Product class identification
Conformity assessment
Technical documentation
Declaration of Conformity
A CE mark
He then details a step-by-step process to "bake the ingredients": perform risk analysis and select mitigations/components, analyze conformance against CRA essential requirements, verify conformance per applicable standards and product class, collect evidence and draft the declaration, ensure support period and vulnerability management are reflected in the risk assessment and user guidance, apply the CE mark, and retain documentation for 10 years after market placement!
Episode resources:
CRA web guidance
Security process descriptions and certifications
CRA Paradigm Shift Training
NXP's vulnerability management policy
 
00:00 Day 3 Proving Compliance
01:25 Why Compliance Matters
02:52 Risk Assessment Drives Decisions
03:31 Security by Design Lifecycle
03:55 CRA Cake Ingredients
05:46 Step by Step Conformance
07:24 Not Legal Advice Start Now
08:05 NXP Tools and Resources
09:08 Wrap Up and Next Episode

CRA Week: Step 2 Security by Design
Day 2 of CRA Week covers the 2nd major step in CRA Compliance, Security by Design. NXP security expert Marc Vauclair explains that CRA security is about managing risk, and that Security by Design reduces risk compared to adding security later.
The episode outlines the following CRA expectations:
Shipping products in a secure state
Enabling security features by default
Using encryption and data minimization
Minimizing components and unused interfaces to reduce attack surface
Ensuring only trusted software runs at startup 
Marc encourages threat modeling, security into product requirements alongside traditional constraints, and accurate risk assessments. 
Apply what is discussed with a wireless keyboard example. It illustrates threats such as snooping, data injection, and denial-of-service via wireless flooding, and explains decomposing threats into risk factors, asset-centric impact analysis, and using threat intelligence and vulnerability severity to derive project-specific risk levels. At the end threats are mapped to mitigations like authentication to prevent spoofing and cryptographic integrity checks to prevent tampering. 
Marc also highlights NXP technologies that support Security by Design:
Encrypted firmware and key installation
Secure debug/configuration
Remote key provisioning
Memory encryption
Isolation between secure and non-secure areas
Secure connectivity features (origin attestation, secure communication, accelerated networking, remote key management)
Incident detection/response/recovery with measured boot, runtime attestation, cyber resilience recovery, tamper detection, and battery-backed monitoring 
Don't miss this detailed episode to better understand Security by Design for CRA!
Episode Resources:
NXP CRA page: EU Cyber Resilience Act (CRA)
NXP page: Security Certification
00:00 Welcome to CRA Week Day 2
00:48 Meet Marc Vauclair
01:49 What Security by Design Means
02:54 CRA Secure by Default Requirements
04:13 Lifecycle Threat Modeling
06:02 Making It Practical in Development
07:30 Right Sizing Security Effort
09:23 Threat Modeling Keyboard Example
12:13 Risk Assessment Basics and Factors
14:25 NXP Technologies for Security
16:14 Recap and Step 3 Teaser

CRA Week: Step 1 Risk Assessment, Threat Analysis, and Product Classification
In this kickoff episode of CRA Week on the EdgeVerse TechCast, hosts Kyle Dando and Bridgette Stone welcome NXP security evaluation and certification expert Eve Atallah to break down the 1st of 4 major steps in Cyber Resilience Act (CRA) compliance: Risk Assessment and product categorization.
Eve explains that manufacturers must first define a product's purpose and core functionality to determine its CRA product category, applicable standards, and conformity assessment path, then perform a risk assessment tailored to the product's specific conditions of use to identify which essential CRA cybersecurity requirements and security measures apply.
She clarifies the difference between threat analysis (which attacks are possible, including vectors and attacker profiles) and risk assessment (what should not happen, likelihood, impact, and risk acceptability)
To wrap up, Eve explains how classification drives the conformity route: self-assessment for default, guided self-assessment for important Class 1, and mandatory third-party assessment for important Class 2 and critical. She notes that harmonized standards are being finalized to assist manufacturers with assesments.  These standards are xpected before CRA enforcement in 2027.
Episode Resources:
www.nxp.com/CRA
Training: Cyber Resilience Act(CRA) Paradigm Shift
White Paper: Complying with the Cyber Resilience Act (CRA) 
00:00 Welcome to EdgeVerse TechCast + Introducing CRA Week
01:19 Meet the Expert: Eve Atallah & Why Risk Assessment Is Step One
02:29 Step One Foundations: Product Purpose, CRA Categorization & Risk Assessment
03:58 Risk Assessment vs Threat Analysis: What's the Difference?
06:29 Who Does What? Teams, Expertise & Risk Assessment Deliverables
08:00 How to Identify Device-Specific Threats (Assets, Environment, Interfaces)
10:10 CRA Product Classification: Default vs Important (Class 1/2) vs Critical
12:29 Conformity Assessment Paths: Self-Assessment vs Third-Party + Standards
14:22 Recap, Next Steps (Security by Design) & Closing Announcements