KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Attacks via vulnerabilities in commonly used standard libraries such as Log4j have posed major security challenges in recent years. The Software Bill of Materials (SBOM) concept, which is already mandatory in the US and will also come with the EU CRA, is designed to provide the information so that companies know what components are in what software so that they can better respond to attacks and vulnerabilities.
In recent years, there have been targeted attacks on the software supply chain, affecting vendors like SolarWinds and Kaseya. Additionally, identified vulnerabilities in widely used open-source libraries, such as Heartbleed in OpenSSL in 2014 and Log4j in 2021, have impacted numerous systems. These incidents occurred both through the distribution of infected software and the exploitation of vulnerabilities affecting many systems. In May 2021, the USA introduced the obligation to provide an SBOM through the "Executive Order on Improving the Nation’s Cybersecurity." The EU is in the process of approving the draft CRA, which also includes provisions for SBOM. In Germany, the Federal Office for Information Security (BSI) published Technical Guideline TR-03183 Part 2 in August 2023, focusing on Cyber Resilience requirements and specifically SBOM. The first part, covering general requirements, is expected to be released by the end of 2023. This highlights the concrete need for action for all companies producing and distributing software as a standalone product or as part of products such as electronic devices or machinery. Simultaneously, the SBOM concept offers every company the opportunity to better understand and manage their attack surface, allowing for quicker and more effective responses to threats.
