The EU Cyber Resilience Act (CRA) stipulates that, in future, manufacturers and distributors of digital products with an internet connection must provide a Software Bill of Materials (SBOM). This will help to identify potential software vulnerabilities that could be exploited by hackers so that they can be remedied in a timely manner.
The CRA therefore requires a detailed list of all programs, libraries, frameworks, and dependencies for networked devices, machines, and systems, without exception, including the exact version numbers of the individual components, information on the respective licences, details of the authors, and an overview of all known vulnerabilities and security gaps. Many manufacturers struggle to meet these requirements, mainly because they do not receive complete information from their suppliers.
