Cyber Resilience Act (CRA)
The Cyber Resilience Act (CRA) is a European Union regulation that standardizes cybersecurity rules across the EU and increases the resilience of applications to cyberattacks.
The regulation applies to products with digital elements (hardware or software) that are directly or indirectly connected to a network.
Software Bills of Materials (SBOM)
The Cyber Resilience Act requires, among other things, that a detailed list of all components of a software solution must be created. This software bill of materials (SBOM) is crucial for identifying security risks.
The Software Bill of Materials documents which open-source software components are included in the products. If open-source components have known vulnerabilities, the SBOM makes it possible to quickly identify the affected applications or containers and take countermeasures (e.g. by applying a patch).
Third-party components are usually the main points of attack in software applications. Today, most applications consist more than half of third party code (open-source software and other third-party components, which in turn may contain vulnerable open-source components).
Binary Composition Analysis (BCA) with CodeSentry
CodeSentry, the leading Binary Composition Analysis (BCA) tool of CodeSecure Inc, analyses your binaries, creates an SBOM and shows dependencies and hierarchical relationships of software components. CodeSentry identifies open-source components, the use of AI and ML components, common dependencies in binaries, including firmware, containers, and mobile or desktop applications. The SBOM provided by CodeSentry is linked to VulnDB (the industry's most comprehensive database of software vulnerabilities). EPSS- and KEV-catalog data (Known Exploited Vulnerability) are also provided to simplify the classification of reported vulnerabilities.
Software supply chain security risks (SSCS risks) are minimized by using CodeSentry.
Further Information
Cyber Resilience Act (Link to "Official Journal of the European Union")
CodeSentry
