[FYI] BSI TR-03183-2 v2.1.0 was published

[fvsamson]

... see https://www.bsi.de/dok/TR-03183-en for all three parts of BSI TR-03183.

Additional, recent publications

Along with it, BSI TR-03183-3 "Vulnerability handling" v1.0.0 was released.

Furthermore CISA published "our" (20 governmental IT-security organisations) "Shared Vision of SBOM for Cybersecurity":
https://www.cisa.gov/resources-tools/resources/shared-vision-software-bill-materials-sbom-cybersecurity

BTW, BSI's guidance on the CRA is also available in English: https://www.bsi.de/dok/cra-en
While I am not happy about its quality at some points, it still provides a usable introduction and overview from the perspective of IT-security.

Same content in German

Web-links to the counterparts of aforementioned content in German:

• BSI TR-03183-{1,2,3}: https://www.bsi.de/dok/TR-03183
• BSI's press release for CISA's "Shared Vision of SBOM for Cybersecurity":
  https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/SBOM-Shared-Vision_250903.html
• BSI's guidance on the CRA: https://www.bsi.bund.de/dok/cra

---

--
HTH

P.S.: This issue is "updating" issue #329 for BSI TR-03183-2 v2.0.0, on which discussion #440 for tracking the adaptations for sbomqs was based. It may make sense to establish a similar discussion thread for BSI TR-03183-2 v2.0.0, or deliberately decide to utilise a single location for discussing and tracking this (IMHO preferably so), e.g. this very issue.

[riteshnoronha]

@fvsamson we are adding SPDX3 support to sbomqs, so we aim to get this implement before the year ends.

[fvsamson]

Thank you for the heads up, @riteshnoronha. As I have been out of office most of November and the complete December, I am currently in the process of catching up my messages.

At first glance you nicely implemented various aspects of BSI TR-03183-2 v2.1.0 and made a couple of releases, so assume this is all covered, right?