[open-regulatory-compliance] EU CRA SBOM suggestions

["Dick Brooks" <dick@xxxxxxxxxxxxxxxxxxxxxxxxx>]

The EU CRA also refers to the use of SBOM’s in Annex I.

 

I’ve compiled a set of findings and opinions from working with SBOM’s for software supply chain risk management (SCRM) since 2018 that may be useful as documents are being constructed guiding SBOM usage and expectations for the EU CRA;

https://energycentral.com/c/iu/facts-and-opinions-about-sbom-implementation-and-adoption

 

I welcome your thoughts and feedback.

 

Thanks,

 

Dick Brooks

  

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report! ™

Risk always exists, but trust must be earned and awarded.™

https://businesscyberguardian.com/

Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx

Tel: +1 978-696-1788