Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 77 Software bill of materials

In order to facilitate vulnerabilitymeans a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; analysis, manufacturersmeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should identify and document componentsmeans software or hardware intended for integration into an electronic information system; contained in the products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately;, including by drawing up an SBOM. An SBOM can provide those who manufacture, purchase, and operate softwaremeans the part of an electronic information system which consists of computer code; with information that enhances their understanding of the supply chain, which has multiple benefits, in particular it helps manufacturersmeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; and users to track known newly emerged vulnerabilitiesmeans a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; and cybersecurity risksmeans the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident;. It is of particular importance that manufacturersmeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; ensure that their products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; do not contain vulnerable componentsmeans software or hardware intended for integration into an electronic information system; developed by third parties. Manufacturersmeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should not be obliged to make the SBOM public.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod