Dear ORC community,
As commented during the last SIG Call, the next CRA Expert Group meeting will take place on the 22nd of October. The agenda is available
here.
So far, the European Commission has shared with us the following two documents, which are publicly available to guide the SBOM discussion:
- 2025 Minimum Elements for a Software Bill of Materials (SBOM) - CISA - available
here- Technical Guideline BSI TR-03183: Cyber Resilience Requirements for Manufacturers and Products. Part II SBOM - BSI - available
here.
We expect that the guidance on FOSS will also be shared, but there is no proposal yet (public or private).
Please do not hesitate to use this thread to share your thoughts about the two SBOM documents, or about any other topic on the agenda. We will organise an ad hoc session to discuss the CRA EG meeting during the week of the 13th of October.
Have a great weekend,
Juan
-- Juan Rico
Eclipse Foundation: The Community for Open Collaboration and Innovation
Berliner Allee 47, 64295 Darmstadt
Handelsregister: Darmstadt HRB 92821
Managing Directors: Gaël Blondelle, Mike Milinkovich, Michael Plagge
