Closed shanecoughlan closed 6 months ago
Let's look at adding the following as per call of 2024-02-27:
Suppliers should be aware of and potentially include processes to address regulation from government such as the United State's White House Executive Order [1], the NTIA Minimum Requirements [2], the European Union's Cyber Resilience Act (CRA) [3] and the EU Product Liability Directive [4].
[2] https://www.ntia.gov/report/2021/minimum-elements-software-bill-materials-sbom
[3] https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act
[4] https://single-market-economy.ec.europa.eu/single-market/goods/free-movement-sectors/liability-defective-products_en (2022 draft revision)
Added to end of document as per https://github.com/OpenChain-Project/Reference-Material/pull/73
Should there be a comment about the Biden White House Executive Order, the CRA, demands from regulated industries, etc?