Cyber Resilience Act (CRA)

The Cyber Resilience Act (CRA) is a European Union regulation that standardizes cybersecurity rules across the EU and increases the resilience of applications to cyberattacks.
The regulation applies to products with digital elements (hardware or software) that are directly or indirectly connected to a network.

Software Bills of Materials (SBOM)

The Cyber Resilience Act requires, among other things, that a detailed list of all components of a software solution must be created. This software bill of materials (SBOM) is crucial for identifying security risks.

The Software Bill of Materials documents which open-source software components are included in the products. If open-source components have known vulnerabilities, the SBOM makes it possible to quickly identify the affected applications or containers and take countermeasures (e.g. by applying a patch).

Third-party components are usually the main points of attack in software applications. Today, most applications consist more than half of third party code (open-source software and other third-party components, which in turn may contain vulnerable open-source components).

Further Information

Cyber Resilience Act (Link to "Official Journal of the European Union")