@inproceedings{d2dea0af000b461c836e6c5de0d27ae4,
title = "Towards the Analysis of Software Supply Chain and EU Regulations",
abstract = "Software supply chain is becoming a relevant topic in cybersecurity, especially the software bill of materials (SBOM) in order to manage libraries and components dependencies. In addition, several European Union (EU) regulations have been approved in the context of cybersecurity. They provide horizontal cybersecurity requirements such as the Cyber Resilience Act (CRA). However, the link between SBOM and the EU regulations is not clear. Therefore, this paper provides an overview of the current literature{\textquoteright} state of the art in SBOMs and highlights its relationships with EU regulations. In fact, there is an evident increase of published research papers since the US executive order for improving Nation{\textquoteright}s Cyber Security under the Biden{\textquoteright}s administration, but there is scarce reference to legislations. Finally, we analyze the occurrence of key search strings within EU legislations.",
keywords = "CRA, EU regulations, SBOM, software supply chain",
author = "Xabier Larrucea and Izaskun Santamaria",
note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.; 32nd European Conference on Systems, Software and Services Process Improvement, EuroSPI 2025 ; Conference date: 17-09-2025 Through 19-09-2025",
year = "2026",
doi = "10.1007/978-3-032-04291-0\_12",
language = "English",
isbn = "9783032042903",
series = "Communications in Computer and Information Science",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "170--183",
editor = "Murat Yilmaz and Paul Clarke and Andreas Riel and Richard Messnarz and Mikus Zelmenis and Buce, \{Ivi Anna\}",
booktitle = "Systems, Software and Services Process Improvement - 32nd European Conference, EuroSPI 2025, Proceedings",
address = "Germany",
}