Navigating Open-Source-Compliance in 2024: The Critical Role of Scanning Depth and SBOMs In the evolving landscape of cybersecurity and software compliance, the importance of open source compliance cannot be overstated. New regulatory requirements like the Cyber Resilience Act (CRA), the Network and Information Security Directive (NIS2), and the Digital Operational Resilience Act (DORA) have introduced stricter obligations for organizations, especially

Ms. Wittman is a lawyer in Munich and a partner at Bitsea. To enhance digital operational resilience, the European Commission has introduced the Digital Operational Resilience Act (Regulation (EU) 2022/2554 – “DORA”) as part of its Digital Finance Package 2020. Currently, regulations on digital resilience are scattered across various sector-specific EU laws and guidelines (e.g., MiF II, CRD, PSD2, Guidelines

Today, we are shedding light on a topic that is still all too readily overlooked as the “little sister of programming”. What hardly anyone cared about 20 years ago is to be placed under state control in the immediate future! As we now know, a major focus of Bitsea is checking for hidden risks in software. Many people typically first

Open source is everywhere: Hardly any product today can do without digital components, from electric toothbrushes and baby monitors to smartwatches. Less obvious to many users is the security risk that such products pose for the end users. The new European Cyber Resilience Act (CRA) aims to ensure that consumers receive secure products. The regulation was announced in the EU

Open source in focus: Dora, vulnerabilities and the security of the software supply chain In a world where open source is ubiquitous, experienced developers no longer rely on reinventing the wheel. Their secret weapon? Open source. The reasons for using it are to improve productivity, shorten development time and reduce development costs. But now the Digital Operational Resilience Act (DORA),

What is DORA? DORA stands for Digital Operational Resilience Act. DORA is EU regulation aiming at financial institutions which defines EU-wide uniform requirements to guarantee a consistent level of maturity in cybersecurity and operational resilience for all their operations within the EU. DORA is structured around four fundamental principles: IT and Cybersecurity Risk Management: Financial institutions would be required to