Rebecca Deher and Jörg Herter
Rolls Royce and Absint (Germany)
Reducing Costs and Enhancing Security: Modern Testing and Analysis Approaches for Cyber Resilience Act (CRA) Compliance
The Cyber Resilience Act (CRA), coming into force next year, introduces mandatory cybersecurity requirements for all previously unregulated products with digital elements on the EU market. This affects all companies offering such products, including Rolls‑Royce Solutions, which faces several new challenges in software development: adopting certificate‑based processes, reassessing encryption techniques, and accounting for increased execution times.
All legacy software must be updated to meet the new regulations. To prevent late discovery of critical issues, these updates must be tested early in the software lifecycle. Dynamic testbeds are costly and risk long idle periods due to defects such as runtime errors or stack overflows, potentially delaying releases.
Formal methods—especially abstract‑interpretation‑based static analysis—enable early, exhaustive verification of program properties without execution. Rolls‑Royce Solutions uses a preventive toolchain to rule out defects such as stack overflows, runtime errors, and timing violations before dynamic testing. The toolchain includes RuleChecker, Astrée, aiT WCET analysis, StackAnalyzer, and Azure DevOps for continuous integration.
This systematic approach ensures traceable compliance, strengthens regulatory discussions, improves test efficiency, and provides a solid basis for dynamic testing. Initially used in safety‑critical systems, these technologies are now applied broadly to reduce costly dynamic testing and support ongoing CRA compliance.
Comprar Tickets
Rebecca Dreher
My name is Rebecca Dreher. I obtained my master’s degree in mathematics in 2016 from the University of Konstanz. I have been working at Rolls-Royce Solutions since 2019 as a Software Test Manager. Before that I was mainly involved in dynamic uniting testing. My main project is a middleware for engine control systems, and over the past year, I have shifted my focus to static testing. At Rolls-Royce Solutions, I am also responsible for the tool AbsInt’s a3C, and last year I was in charge for releasing new coding guidelines for C derived from MISRA C 2012:2019.
Jörg Herter
Jörg Herter studied Computer Science and received his Ph.D. on predictable dynamic memory allocation for hard real-time systems. He has been a research fellow at Saarland University and the University of Applied Sciences in Saarbrücken.
His current work is focused on functional safety and the formal validation and verification of safety-critical software.
Jörg Herter works as a Senior Technical Consultant for AbsInt Angewandte Informatik GmbH. He also teaches static program analysis, embedded systems technology, and compiler construction at the University of Luxembourg and the Saarland University of Applied Sciences.
