Towards the Analysis of Software Supply Chain and EU Regulations
摘要
Software supply chain is becoming a relevant topic in cybersecurity, especially the software bill of materials (SBOM) in order to manage libraries and components dependencies. In addition, several European Union (EU) regulations have been approved in the context of cybersecurity. They provide horizontal cybersecurity requirements such as the Cyber Resilience Act (CRA). However, the link between SBOM and the EU regulations is not clear. Therefore, this paper provides an overview of the current literature’ state of the art in SBOMs and highlights its relationships with EU regulations. In fact, there is an evident increase of published research papers since the US executive order for improving Nation’s Cyber Security under the Biden’s administration, but there is scarce reference to legislations. Finally, we analyze the occurrence of key search strings within EU legislations.