01
CRA readiness
What the Cyber Resilience Act means for software product teams
Understand CRA readiness, product-version evidence, SBOMs, vulnerability handling, remediation history, and the 2026/2027 readiness timeline.
Ressourcen
Lesen Sie praxisnahe Ressourcen zu Product-Version Evidence, Vulnerability Review und Release-Readiness. Einzelne Artikel bleiben derzeit in englischer Sprache.
Startpunkt
Folgen Sie dem Pfad vom CRA-Readiness Kontext über SBOM Evidence bis zur Vulnerability Review History. Die einzelnen Guides bleiben aktuell auf Englisch.
01
CRA readiness
Understand CRA readiness, product-version evidence, SBOMs, vulnerability handling, remediation history, and the 2026/2027 readiness timeline.
02
SBOM evidence
Learn how CycloneDX and SPDX records become useful evidence when they are validated, linked to product versions, retained, and connected to vulnerability review.
03
Vulnerability review
See how CVE triage, ownership, SLA pressure, review decisions, and remediation updates become retained product-security evidence.
Workflow Mapping
Jeder Guide mappt auf einen Teil des CRA Ledger Evidence Workflows.
Product-Version Evidence und Readiness-Zeitlinien verstehen.
Lernen, wie CycloneDX/SPDX Records retained Evidence unterstützen.
CVE-Triage, Ownership und Remediation-Entscheidungen verbinden.
Strukturierte Evidence Summaries für interne und Kunden-Reviews vorbereiten.
Resource Library
Der erste Pfad deckt Evidence-Grundlagen ab. Diese Ressourcen gehen tiefer in retained Records, Herstellerkoordination, Formate und operative Workflows. Die einzelnen Artikel bleiben aktuell auf Englisch.
Product security evidence
A practical checklist for artifacts, decisions, activity history, and product-version records.
CRA readiness
How product-version records, SBOM retention, and vulnerability handling support readiness workflows.
SBOM evidence
How supported SBOM formats can feed intake, normalization, vulnerability review, and retained evidence.
Vulnerability review
A structured process guide for tracking vulnerability remediation, SLA targets, and retained evidence.
Release readiness
Chronological release checklists to prepare structured security evidence before release reviews.
SBOM evidence
How product leads and engineering leads can organize software component ingestion and retention.
How CycloneDX and SPDX SBOM intake, component normalization, product-version records, and evidence retention support CRA readiness workflows.
How CVE review, severity, ownership, SLA pressure, remediation status, and retained decisions support regulated software product security.
How evidence history, audit trails, SBOM records, review decisions, remediation records, and customer evidence fit regulated software workflows.
How teams review SBOMs, vulnerability findings, remediation status, and retained evidence before regulated software releases.
Topics covered
Next step
Buchen Sie eine fokussierte Produktdemo des SBOM-to-Evidence Workflows.