So, You Now Have Crypto… Planning for Third-Party Security Assurance

Liz James

17 Mar 2026

When a supplier delivers a component implementing complex cryptographic functions, a standard black-box penetration test is entirely insufficient to prove security.

Navigating third-party validation requires a structured, evidence-based assurance framework. This piece outlines how automotive and industrial OEMs can design pre-sales and scoping phases to explicitly uncover and verify structural cryptographic claims. By shifting the conversation from prescriptive activity checklists to objective confidence cases, both OEMs and suppliers gain absolute clarity on what "secure enough" actually looks like in production.

📥 Read the Full Framework

👉Planning for Third-Party Security Assurance — NCC Group

When Inclusion Becomes a Liability: Why IED Must Survive the Backlash

Corporate DEI became a kind of spell. It was repeated in annual reports and all-hands meetings, pinned to office walls, and whispered as proof that an organization possessed a conscience. But somewhere between the town-hall slide deck and the social-media banner, it lost its substance. Now, as the political climate

So What Even Is Threat Modelling? A Practitioner's Guide

Threat modelling is frequently discussed as if it were a singular, monolithic exercise. In reality, applying a one-size-fits-all methodology across diverse engineering and cyber-physical boundaries usually results in misallocated resources, frustrated development teams, and defensive gaps that miss the operational reality of the architecture. This guide serves as a practical

Applied Insights from the NCC Annual Research Report

A brief logging event to mark a significant professional milestone. I was incredibly honored to be shortlisted as a finalist for the Outstanding Security Researcher/Analyst Award at this year’s Security Excellence Awards at One Moorgate Place. While I didn't bring home the physical trophy this time,

Euro 7, Anti-Tampering, and the Expanding Cybersecurity Landscape

While the Euro 7 standard is widely discussed in the media as a final tightening of automotive tailpipe emissions, its implications for software engineering and cybersecurity are far more disruptive. For the first time, regulatory frameworks are introducing explicit, aggressive mandates targeting software anti-tampering measures. This effectively bridges the gap

📥 Read the Full Framework

Read more

When Inclusion Becomes a Liability: Why IED Must Survive the Backlash

So What Even Is Threat Modelling? A Practitioner's Guide

Applied Insights from the NCC Annual Research Report

Euro 7, Anti-Tampering, and the Expanding Cybersecurity Landscape