Skip to main content

What's Your Software For? Intended Purpose & Security Features

Your users need to understand what your software is designed to do and what security features it has. The Cyber Resilience Act requires you to spell this out clearly (Annex II, point 4). This isn't just about features; it's about setting correct expectations regarding security.

Defining the Basics

For your software, be it an app, game, or a development tool, you must detail:

  • Intended Purpose:
    • What is the software supposed to do? Be specific.
    • What is the security environment it's designed to operate in? For example, is it for personal use on a home computer, or for use within a secured corporate network?
  • Essential Functionalities: What are the core things your software does?
  • Information About Security Properties:
    • What security measures are built in? (e.g., end-to-end encryption for a messaging app, input validation for a web component, secure authentication methods).
    • How does it protect data or system integrity within its scope?

This helps users understand how to use the software safely and what level of security they can expect.

Context is King

For a game engine, the intended purpose might include enabling developers to build interactive experiences, and its security properties might relate to asset protection or secure networking capabilities it offers. For a standalone app, it's more about its direct functionality and user data protection.

Key Takeaway

Clearly communicate your software's intended use, the environment it's built for, its main functions, and its security features. This is crucial for user understanding and is a requirement under Annex II, point 4.