SBOM Focus: The SBOM and the CRA

Published by oej on

The Software Bill of Materials is a core part of the CRA. We have covered this in our SBOM live podcast earlier. The discussion lives on, as there are not much guidelines. What is the bare minimum? The answer can be divided in many parts. The CRA mentions an SBOM that the market authorities will need access to if there’s an issue. But the manufacturer is still responsible for all the components in the product, including the first party code produced by the manufacturer. In order to work with that, to make sure compliance and vulnerability management works, a full SBOM is needed both in the source code mode and in the build and delivery phase. These SBOMs may be different versions of the data.

Let’s meet at SBOM Focus and discuss this! See you in Stockholm April 10th, 2026!

Categories: CRA - EU Cyber Resilience ActEventsSBOM

Related Posts

About Events SBOM sbomfocus

Allan Friedman participates in SBOM Focus!

SBOM Focus is the new European SBOM conference that starts in Stockholm, Sweden on Friday April 10th 2026. We can now confirm that Dr Allan Friedman will participate in the conference. Allan has during his Read more…

What type of SBOM is required by the EU CRA?
About CRA - EU Cyber Resilience Act SBOM SBOM Europe Live

The CRA requires a SBOM. But what does that mean?

The other day we were talking about the CRA and SBOMs. It’s quite clear that the manufacturer needs an SBOM, but what type of SBOM do they mean? CISA has defined many types of SBOMs Read more…

About SBOM

Got an SBOM? But Is It the Right One?

In today’s complex software landscape producing digital products, the Software Bill of Materials (SBOM) has emerged as a crucial tool for understanding the components within our applications. Organisations are increasingly adopting them, driven by security Read more…