BearingPoint introduces two service lines to deal with the complexity of the software supply chain and the requirements of the EU Cyber Resilience Act. Modern software systems are highly dependent on open-source and third-party software components. This creates a high level of cyber threats and security risks. Organizations require end-to-end software visibility to effectively deal with vulnerabilities. CRA compliance is mandatory by December 2027 for manufacturers.
SBOM Management and Lifecycle Visibility
The SBOM Management Services offered by BearingPoint offer lifecycle visibility for software. The services include strategy analysis, SBOM creation, integration with development, quality assurance, and vulnerability risk analysis. Industry standards such as CycloneDX and SPDX are used to ensure industry compliance. Governance policies, supplier monitoring, and audit-ready reporting improve transparency. Organizations can choose pilot deployment or full operational implementation models. The service works with existing technology and vendor ecosystems. Security by design helps manufacturers prove product safety throughout lifecycle stages.
CRA Compliance and Cyber Resilience Strategy
CRA Compliance Services provide regulatory compliance through OSS inventory audits, vulnerability scanning, development of cybersecurity policies, and compliance documentation. The training programs assist in effective training of engineering and compliance teams. The strategy is in line with international regulations like NIS2 and U.S. Executive Order 14028. Supply chain visibility enables proactive cyber risk management. Compliance is no longer a hindrance to business but a competitive advantage.
“The world around us is becoming increasingly digital, and every device we use today is built on software. Open source is everywhere and a key driver of innovation. At the same time, the risk of cyberattacks and incompliance is growing, and the need for real cyber resilience is becoming critical. With regulations such as the EU Cyber Resilience Act, this responsibility will soon be mandatory rather than optional. This is exactly where our new outcome‑based service comes in: we combine best‑of‑breed software with deep expert capabilities and take end‑to‑end responsibility for ensuring software compliance and security for our clients. Not as a one‑off effort, but as a measurable, sustainable outcome,” says Frank Duscheck, Partner at BearingPoint.
“Once SBOMs become fully enforceable by the CRA, SBOM management is no longer a ‘nice to have’. In the light of the CRA’s lifecycle security and accountability requirements, SBOM management becomes the foundation for security by design, not just a compliance checkbox. Companies that invest early turn regulatory pressure into a competitive advantage. Our new CRA Compliance and SBOM Management services are a powerful instrument for companies of any size to make their CRA compliance journey smooth, efficient, and sustainable,” adds Claus-Peter Wiedemann, Director Software Services, at BearingPoint.
To explore how Security Operations Centers (SOC) play a crucial role in defending against modern cyber threats, read our latest SOC News.
Source: Businesswire
