Software supply chain is becoming a relevant topic in cybersecurity, especially the software bill of materials (SBOM) in order to manage libraries and components dependencies. In addition, several European Union (EU) regulations have been approved in the context of cybersecurity. They provide horizontal cybersecurity requirements such as the Cyber Resilience Act (CRA). However, the link between SBOM and the EU regulations is not clear. Therefore, this paper provides an overview of the current literature’ state of the art in SBOMs and highlights its relationships with EU regulations. In fact, there is an evident increase of published research papers since the US executive order for improving Nation’s Cyber Security under the Biden’s administration, but there is scarce reference to legislations. Finally, we analyze the occurrence of key search strings within EU legislations.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Towards the Analysis of Software Supply Chain and EU Regulations

  • Xabier Larrucea,
  • Izaskun Santamaria

摘要

Software supply chain is becoming a relevant topic in cybersecurity, especially the software bill of materials (SBOM) in order to manage libraries and components dependencies. In addition, several European Union (EU) regulations have been approved in the context of cybersecurity. They provide horizontal cybersecurity requirements such as the Cyber Resilience Act (CRA). However, the link between SBOM and the EU regulations is not clear. Therefore, this paper provides an overview of the current literature’ state of the art in SBOMs and highlights its relationships with EU regulations. In fact, there is an evident increase of published research papers since the US executive order for improving Nation’s Cyber Security under the Biden’s administration, but there is scarce reference to legislations. Finally, we analyze the occurrence of key search strings within EU legislations.