Onekey resources

Access the latest Whitepaper, Datasheets, research, and security advisories on cybersecurity and compliance—all in one place.

Featured resources

ONEKEY Webinar: CRA Phase I: Incident Reporting & Operational Readiness

Events

May 26, 2026

min read

ONEKEY Webinar: CRA Phase I: Incident Reporting & Operational Readiness

Learn how to prepare CRA reporting, escalation, and PIRT processes for operational compliance readiness. Register Now!

SBOM and VEX Workflows for Scalable Vulnerability Management

SBOMs provide transparency, while VEX enables risk-based prioritisation. Learn how to integrate both into compliance workflows.

RTOS Cyber Security and Compliance in Embedded Systems

RTOS-based products introduce long-term security and compliance risks. This guide outlines governance, vulnerability management, and regulatory strategies.

Beyond the Hype: LLMs, Mythos, and the Future of Firmware Analysis

Discover how LLMs like Claude Mythos are reshaping firmware security, accelerating vulnerability discovery, and why deterministic platforms like ONEKEY remain essential for scalable, reliable firmware analysis.

ONEKEY Webinar: From Raw Firmware to Vulnerabilities: Demystifying AUTOSAR SBOM & Risk Mapping

Learn how to analyze AUTOSAR systems directly from raw firmware. Discover how to extract components, generate SBOMs, and map vulnerabilities using PURLs.

ONEKEY Webinar: CRA Harmonized Standards - - Role, Structure and Practical Application for EU Market Access

Get clarity on CRA harmonized standards & learn how to prepare your organization for their practical application – Register now!

Software Supply Chain Security Best Practices: A Strategic Guide for Product Leaders

The CRA is coming. Learn best practices for securing the software supply chain, from SBOMs to binary analysis. Read now!

Threat Modeling in the SDLC: A Strategic Guide for Product Security

Integrate threat modeling efficiently into all phases of the SDLC. Avoid costly design errors and meet CRA requirements. Learn more!

Latest Developments in Unblob: New Formats, Smarter Extraction, and a More Hardened Release Pipeline

Discover what changed in unblob since release 25.11.25, including new firmware and filesystem format support, smarter extraction workflows, robustness fixes, performance improvements, and stronger release security.

Quentin Kaiser

Lead Security Researcher

ONEKEY Webinar: Post-Quantum Cryptography - Assessing Your PQC Readiness with ONEKEY

Events

Mar 24, 2026

min read

ONEKEY Webinar: Post-Quantum Cryptography - Assessing Your PQC Readiness with ONEKEY

Get a practical introduction to post-quantum cryptography & learn how organizations can assess their PQC readiness using the ONEKEY platform.

ONEKEY Webinar: CRA Harmonized Standards - Role, Structure and Practical Application for EU Market Access

Get clarity on CRA harmonized standards & learn how to prepare your organization for their practical application – Register now!

How OPEX Achieved CRA Readiness Through ONEKEY’s Structured Expert Assessment

Discover how OPEX secured CRA readiness with ONEKEY’s expert assessment. Gain clarity and compliance confidence!

ONEKEY Webinar: What Makes a Good SBOM? Ensuring High-Quality, Actionable Software Bill of Materials

Events

Mar 2, 2026

min read

ONEKEY Webinar: What Makes a Good SBOM? Ensuring High-Quality, Actionable Software Bill of Materials

Learn how to ensure High-Quality, Actionable Software Bill of Materials - Register now!

SBOM For Firmware and Embedded Software in DevSecOps

Learn about the challenges firmware SBOMs pose in DevSecOps and how teams are pragmatically solving them.

What Is a Software Bill of Materials (SBOM)? Meaning, Example & Use Cases

Discover the meaning of a Software Bill of Materials (SBOM), see real examples, and learn how SBOMs strengthen software security and compliance today.

What Is a Security Vulnerability? Definition & Examples

Find out what a security vulnerability is, see common examples of vulnerabilities in security, and learn how to manage risks effectively. Read more!

Meet ONEKEY at embedded world 2026 – Nuremberg

Discover the next level of product cybersecurity & compliance for embedded systems on site in Nuremberg. Book you meeting now!

Meet ONEKEY at the IoT Tech Expo 2026 - London

Meet ONEKEY at IoT Tech Expo 2026 in London to experience automated product cybersecurity and compliance for IoT, OT, and IIoT devices. Secure your systems – at scale.

ONEKEY Webinar Integrating CRA Risk Management into Automated SecDevOps Workflows

Join the ONEKEY webinar to learn how to integrate CRA risk management into automated SecDevOps workflows. Discover best practices for compliance, automation, threat modeling, and continuous security. Register now!

How We Taught Our Platform to Understand RTOS Firmware

Discover how ONEKEY’s platform breaks open real-time operating system (RTOS) firmware. Learn how automated architecture detection, load address recovery, and component identification bring transparency and security to embedded devices in automotive, medical, and industrial sectors.

Quentin Kaiser

Lead Security Researcher

ONEKEY Webinar From Detection to Decision

Events

Sep 17, 2025

min read

ONEKEY Webinar From Detection to Decision

From Detection to Decision | Improve vulnerability management with ONEKEY. Gain insights, enforce policies & prove compliance. Register for the webinar here.

Events

Sep 15, 2025

min read

ONEKEY Webinar From CRA to RED

From RED to CRA | Master new EU cybersecurity requirements with ONEKEY. Understand CRA, ensure compliance & leverage SBOMs. Register for the webinar now.

Reports

Sep 3, 2025

min read

IoT & OT Cybersecurity Report 2025

Discover key insights from ONEKEY’s 2025 IoT & OT Cybersecurity Report: CRA compliance gaps, SBOM challenges, and urgent steps for secure digital products.

No market approval without cybersecurity: How companies can successfully implement the CRA

Blog

Aug 20, 2025

min read

No market approval without cybersecurity: How companies can successfully implement the CRA

The EU Cyber Resilience Act (CRA) makes cybersecurity a must for CE marking. Learn how companies can achieve compliance, ensure security, and secure market access.

Static Source Code Analysis vs. Binary Scanning

Compare static source code analysis and binary scanning. Learn how ONEKEY gives you full visibility, detects real risks, and generates SBOMs – even without source code.

Sebastian Schneider

Customer Success Engineer

ONEKEY Webinar Secure Private Keys in Public Firmware

Events

Aug 20, 2025

min read

ONEKEY Webinar Secure Private Keys in Public Firmware

Secure your connected products. Join our expert-led webinar to learn how to detect, manage, and prevent private key leaks in firmware. Ideal for PSIRTs and product security teams.

Events

Jun 5, 2025

min read

ONEKEY @ All About Automation 2025

Meet ONEKEY at All About Automation Düsseldorf 2025 (Sept 17–18 at Areal Böhler) to explore smart, secure, and compliant industrial automation. Discover how ONEKEY helps secure IoT & OT devices with automated SBOMs, firmware analysis, and IEC 81001-5-1 compliance.

ONEKEY Online Seminar Complying with the EU Cyber Resilience Act

Events

Jun 4, 2025

min read

ONEKEY Online Seminar Complying with the EU Cyber Resilience Act

Get ready for the EU Cyber Resilience Act (CRA). Join our expert-led seminar to understand CRA compliance, SBOMs, secure software supply chains, and automated self-assessments. Ideal for product security professionals.

Events

Jun 4, 2025

min read

ONEKEY Online Seminar RTOS Analysis

Join the exclusive ONEKEY online seminar to discover powerful RTOS firmware analysis techniques for securing embedded systems, automating compliance, and minimizing vulnerabilities. Register now!

Blog

May 23, 2025

min read

ONEKEY Platform Update May 2025

Explore ONEKEY’s latest platform enhancements, including advanced RTOS firmware analysis, ELF dependency visualization and many more

Security Advisory: Remote Code Execution on Diviotec IP Camera (CVE-2025-5113)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Diviotec IP Cameras. Learn about the risks and recommended actions.

Quentin Kaiser

Lead Security Researcher

Security Advisory: Remote Command Execution on Netcomm NTC 6200 and NWL 222

Research

Jun 2, 2025

min read

Security Advisory: Remote Command Execution on Netcomm NTC 6200 and NWL 222

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Netcomm devices. Learn about the risks and recommended actions.

Quentin Kaiser

Lead Security Researcher

Security Advisory: Remote Command Execution on Smartbedded MeteoBridge (CVE-2025-4008)

Research

May 26, 2025

min read

Security Advisory: Remote Command Execution on Smartbedded MeteoBridge (CVE-2025-4008)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Smartbedded MeteoBridge. Learn about the risks and recommended actions.

Quentin Kaiser

Lead Security Researcher

Shell CGI Static Code Analysis - Automatic Discovery of RCEs

Research

May 23, 2025

min read

Shell CGI Static Code Analysis - Automatic Discovery of RCEs

Uncover ONEKEY's new shell CGI Static Code Analysis feature, designed to identify critical Remote Code Execution vulnerabilities. Click now to find out more.

Quentin Kaiser

Lead Security Researcher

ONEKEY @ 8th Annual European Medical Device and Diagnostic Cybersecurity Conference 2025 – Meet Us in Berlin!

Events

May 12, 2025

min read

ONEKEY @ 8th Annual European Medical Device and Diagnostic Cybersecurity Conference 2025 – Meet Us in Berlin!

Visit ONEKEY at Booth 4 during the Medical Device and Diagnostic Cybersecurity Conference 2025, May 13–15 at Mercure Hotel MOA Berlin. Explore our solutions for firmware security, SBOM, and IEC 81001-5-1 compliance.

ONEKEY Online Seminar Automate Vulnerability Management and Impact Assessment in the SDLC

Events

May 8, 2025

min read

ONEKEY Online Seminar Automate Vulnerability Management and Impact Assessment in the SDLC

Join our free 45-minute online seminar on May 15 to learn how to automate vulnerability management and impact assessment in the SDLC using ONEKEY. Live demo included.

ONEKEY @ STARTUP AUTOBAHN 2025 – Meet Us in Stuttgart!

Events

May 7, 2025

min read

ONEKEY @ STARTUP AUTOBAHN 2025 – Meet Us in Stuttgart!

Meet ONEKEY & ETAS at EXPO2025 Stuttgart. Discover how we automate product cybersecurity & compliance across the lifecycle—smart, scalable, risk-based.

Events

Apr 11, 2025

min read

ONEKEY Online Seminar SBOM Management

Join the exclusive ONEKEY online seminar to learn effective SBOM strategies for securing your software supply chain, simplifying regulatory compliance, and reducing security risks. Register now!

ONEKEY @ Embedded World 2025 – Meet Us in Nuremberg!

Events

Feb 4, 2025

min read

ONEKEY @ Embedded World 2025 – Meet Us in Nuremberg!

ONEKEY will be exhibiting at embedded world 2025 in Nuremberg with Booth 5-376, Hall 5. Attending as well? Let’s meet!

Reports

Jan 17, 2025

min read

IoT & OT Cybersecurity Report 2024

ONEKEY's Cybersecurity Report 2024 shows: OT & IoT cyber attacks are rising dramatically – the industry is under pressure to act.

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers

Research

Nov 26, 2024

min read

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers

Discover how severe security flaws, including unauthenticated remote command execution (CVE-2024-11665 & CVE-2024-11666), affect eCharge EV charging controllers. Learn about insecure firmware practices, cloud infrastructure issues, and actionable steps to mitigate risks in EV charging systems.

Quentin Kaiser

Lead Security Researcher

ESCAR Europe 2024: THE WORLD'S LEADING AUTOMOTIVE CYBER SECURITY CONFERENCE!

Events

Nov 1, 2024

min read

ESCAR Europe 2024: THE WORLD'S LEADING AUTOMOTIVE CYBER SECURITY CONFERENCE!

ONEKEY at escar - The World's Leading Automotive Cyber Security Conference 2024 – Elevate Your Automotive Cybersecurity!

HOW SWISSCOM SAVES USD400,000 PER AVOIDED IOT SECURITY INCIDENT THROUGH AUTOMATED FIRMWARE ANALYSIS

Success Stories

Nov 6, 2024

min read

HOW SWISSCOM SAVES USD400,000 PER AVOIDED IOT SECURITY INCIDENT THROUGH AUTOMATED FIRMWARE ANALYSIS

Pioneering IoT Firmware Security as Key to Quality of Service, Vendor Relations, and Brand Reputation!

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones

Research

Nov 17, 2024

min read

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones

Discover critical vulnerabilities in Mitel SIP phones that allow unauthenticated command injection. Learn how outdated input parsing can expose your devices and why it's essential to scan firmware for security risks. Protect your network with our in-depth analysis and expert takeaways.

What is a SBOM and why is it important for cybersecurity?

Learn about the benefits of a SBOM for cybersecurity and how it can improve the security and quality of your products. Read the Latest Blog Post Now!"

Sara Fortmann

Senior Marketing Manager

Reducing Common Vulnerabilities and Exposures (CVEs) in Software Development

Blog

Jan 15, 2023

min read

Reducing Common Vulnerabilities and Exposures (CVEs) in Software Development

Stay informed & stay protected with our blog on the EU Cyber Resilience Act. Learn what the new regulation means for your business & how to stay compliant.

Sara Fortmann

Senior Marketing Manager

Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X

Research

May 26, 2024

min read

Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in the TP-Link Archer C5400X router. Learn about the risks and recommended actions.

Security Advisory: Remote Code Execution in Ligowave Devices

Research

May 13, 2024

min read

Security Advisory: Remote Code Execution in Ligowave Devices

Explore the security advisory detailing remote code execution vulnerabilities in Ligowave devices. Learn about the risks & recommended protections.

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6199)

Research

Apr 25, 2025

min read

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6199)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.

Quentin Kaiser

Lead Security Researcher

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198)

Research

Apr 25, 2025

min read

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198)

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.

Quentin Kaiser

Lead Security Researcher

Research

Jul 8, 2024

min read

The X in XFTP Stands For eXecute

Find out how our platform enhances firmware security by identifying vulnerabilities & bugs in ICT products, ensuring compliance with DORA & NIS2 directive.

ONEKEY 360° Comprehensive Product Cybersecurity & Compliance

Whitepapers

Sep 1, 2024

min read

ONEKEY 360° Comprehensive Product Cybersecurity & Compliance

This whitepaper targets, Head of Product Cybersecurity, Product Owner, Compliance Professionals and Head of Devel- opment of manufacturers of connected devices.

TACKLING SOFTWARE SUPPLY CHAIN RISKS WITH IEC 62443 AND SBOM

Whitepapers

Nov 1, 2023

min read

TACKLING SOFTWARE SUPPLY CHAIN RISKS WITH IEC 62443 AND SBOM

This whitepaper targets security teams of industrial automation and control systems (IACS) asset owners and product suppliers.

Events

May 26, 2026

min read

ONEKEY Webinar: CRA Phase I: Incident Reporting & Operational Readiness

Learn how to prepare CRA reporting, escalation, and PIRT processes for operational compliance readiness. Register Now!

ONEKEY Webinar: Enhancing Firmware Security with ML & LLMs – From Component Discovery to Actionable Insights

Events

May 13, 2026

min read

ONEKEY Webinar: Enhancing Firmware Security with ML & LLMs – From Component Discovery to Actionable Insights

Learn how ML and LLMs improve firmware security through automated component discovery and actionable security insights. Register now.

The AI Vulnerability Storm Is Here. Embedded Manufacturers Need VulnOps.

Blog

May 11, 2026

min read

The AI Vulnerability Storm Is Here. Embedded Manufacturers Need VulnOps.

AI is accelerating vulnerability discovery across firmware and embedded systems. Learn why embedded manufacturers need a VulnOps approach to firmware analysis, SBOM management, continuous monitoring, and scalable vulnerability response with ONEKEY.

Blog

May 11, 2026

min read

Beyond the Hype: LLMs, Mythos, and the Future of Firmware Analysis

Events

Apr 27, 2026

min read

ONEKEY Webinar: From Raw Firmware to Vulnerabilities: Demystifying AUTOSAR SBOM & Risk Mapping

Learn how to analyze AUTOSAR systems directly from raw firmware. Discover how to extract components, generate SBOMs, and map vulnerabilities using PURLs.

Events

Mar 31, 2026

min read

ONEKEY Webinar: CRA Harmonized Standards - - Role, Structure and Practical Application for EU Market Access

Get clarity on CRA harmonized standards & learn how to prepare your organization for their practical application – Register now!

Meet ONEKEY at the IoT Tech Expo North America

Events

Mar 26, 2026

min read

Meet ONEKEY at the IoT Tech Expo North America

Discover the future of Product Cybersecurity & Compliance—automated and all in one platform—book your meeting now!

Research

Mar 26, 2026

min read

Latest Developments in Unblob: New Formats, Smarter Extraction, and a More Hardened Release Pipeline

Events

Mar 25, 2026

min read

Meet ONEKEY at Cybersec Taipei 2026

Discover our All-in-One Platform for Product Cybersecurity and Compliance: Schedule an on-site meeting now!

Oops!

No result found

Please try a different category.

Make cybersecurity and compliance efficient and effective with ONEKEY.

See it in Action

Onekey resources

Featured resources

ONEKEY Webinar: CRA Phase I: Incident Reporting & Operational Readiness

SBOM and VEX Workflows for Scalable Vulnerability Management

RTOS Cyber Security and Compliance in Embedded Systems

Beyond the Hype: LLMs, Mythos, and the Future of Firmware Analysis

ONEKEY Webinar: From Raw Firmware to Vulnerabilities: Demystifying AUTOSAR SBOM & Risk Mapping

ONEKEY Webinar: CRA Harmonized Standards - - Role, Structure and Practical Application for EU Market Access

Software Supply Chain Security Best Practices: A Strategic Guide for Product Leaders

Threat Modeling in the SDLC: A Strategic Guide for Product Security

Latest Developments in Unblob: New Formats, Smarter Extraction, and a More Hardened Release Pipeline

ONEKEY Webinar: Post-Quantum Cryptography - Assessing Your PQC Readiness with ONEKEY

ONEKEY Webinar: CRA Harmonized Standards - Role, Structure and Practical Application for EU Market Access

How OPEX Achieved CRA Readiness Through ONEKEY’s Structured Expert Assessment

ONEKEY Webinar: What Makes a Good SBOM? Ensuring High-Quality, Actionable Software Bill of Materials

SBOM For Firmware and Embedded Software in DevSecOps

What Is a Software Bill of Materials (SBOM)? Meaning, Example & Use Cases

What Is a Security Vulnerability? Definition & Examples

Meet ONEKEY at embedded world 2026 – Nuremberg

Meet ONEKEY at the IoT Tech Expo 2026 - London

ONEKEY Webinar Integrating CRA Risk Management into Automated SecDevOps Workflows

How We Taught Our Platform to Understand RTOS Firmware

ONEKEY Webinar From Detection to Decision

ONEKEY Webinar From CRA to RED

IoT & OT Cybersecurity Report 2025

No market approval without cybersecurity: How companies can successfully implement the CRA

Static Source Code Analysis vs. Binary Scanning

ONEKEY Webinar Secure Private Keys in Public Firmware

ONEKEY @ All About Automation 2025

ONEKEY Online Seminar Complying with the EU Cyber Resilience Act

ONEKEY Online Seminar RTOS Analysis

ONEKEY Platform Update May 2025

Security Advisory: Remote Code Execution on Diviotec IP Camera (CVE-2025-5113)

Security Advisory: Remote Command Execution on Netcomm NTC 6200 and NWL 222

Security Advisory: Remote Command Execution on Smartbedded MeteoBridge (CVE-2025-4008)

Shell CGI Static Code Analysis - Automatic Discovery of RCEs

ONEKEY @ 8th Annual European Medical Device and Diagnostic Cybersecurity Conference 2025 – Meet Us in Berlin!

ONEKEY Online Seminar Automate Vulnerability Management and Impact Assessment in the SDLC

ONEKEY @ STARTUP AUTOBAHN 2025 – Meet Us in Stuttgart!

ONEKEY Online Seminar SBOM Management

ONEKEY @ Embedded World 2025 – Meet Us in Nuremberg!

IoT & OT Cybersecurity Report 2024

Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers

ESCAR Europe 2024: THE WORLD'S LEADING AUTOMOTIVE CYBER SECURITY CONFERENCE!

HOW SWISSCOM SAVES USD400,000 PER AVOIDED IOT SECURITY INCIDENT THROUGH AUTOMATED FIRMWARE ANALYSIS

Security Advisory: Unauthenticated Command Injection in Mitel IP Phones

What is a SBOM and why is it important for cybersecurity?

Reducing Common Vulnerabilities and Exposures (CVEs) in Software Development

Security Advisory: Arbitrary Command Execution on TP-Link Archer C5400X

Security Advisory: Remote Code Execution in Ligowave Devices

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6199)

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198)

The X in XFTP Stands For eXecute

ONEKEY 360° Comprehensive Product Cybersecurity & Compliance

TACKLING SOFTWARE SUPPLY CHAIN RISKS WITH IEC 62443 AND SBOM

All resources

ONEKEY Webinar: CRA Phase I: Incident Reporting & Operational Readiness

ONEKEY Webinar: Enhancing Firmware Security with ML & LLMs – From Component Discovery to Actionable Insights

The AI Vulnerability Storm Is Here. Embedded Manufacturers Need VulnOps.

Beyond the Hype: LLMs, Mythos, and the Future of Firmware Analysis

ONEKEY Webinar: From Raw Firmware to Vulnerabilities: Demystifying AUTOSAR SBOM & Risk Mapping

ONEKEY Webinar: CRA Harmonized Standards - - Role, Structure and Practical Application for EU Market Access

Meet ONEKEY at the IoT Tech Expo North America

Latest Developments in Unblob: New Formats, Smarter Extraction, and a More Hardened Release Pipeline

Meet ONEKEY at Cybersec Taipei 2026

Ready to automate your Product Cybersecurity & Compliance?

Meet ONEKEY at Cybersec Taipei 2026