interlynk-io
[FYI] BSI TR-03183-2 v2.1.0 was published
... see https://www.bsi.de/dok/TR-03183-en for all three parts of BSI TR-03183.
Additional, recent publications
Along with it, BSI TR-03183-3 "Vulnerability handling" v1.0.0 was released.
Furthermore CISA published "our" (20 governmental IT-security organisations) "Shared Vision of SBOM for Cybersecurity": https://www.cisa.gov/resources-tools/resources/shared-vision-software-bill-materials-sbom-cybersecurity
BTW, BSI's guidance on the CRA is also available in English: https://www.bsi.de/dok/cra-en While I am not happy about its quality at some points, it still provides a usable introduction and overview from the perspective of IT-security.
Same content in German
Web-links to the counterparts of aforementioned content in German:
- BSI TR-03183-{1,2,3}: https://www.bsi.de/dok/TR-03183
- BSI's press release for CISA's "Shared Vision of SBOM for Cybersecurity": https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/SBOM-Shared-Vision_250903.html
- BSI's guidance on the CRA: https://www.bsi.bund.de/dok/cra
-- HTH
P.S.: This issue is "updating" issue #329 for BSI TR-03183-2 v2.0.0, on which discussion #440 for tracking the adaptations for sbomqs was based. It may make sense to establish a similar discussion thread for BSI TR-03183-2 v2.0.0, or deliberately decide to utilise a single location for discussing and tracking this (IMHO preferably so), e.g. this very issue.
