banner ad
Event Calendar Event List It's Showtime!
Online Flipbook Archives Breaking News Advisory Board Street Smarts Legacy HTML
Banner Ads Skyscraper Ads Paperless Ads Forum Ads
The Merchant Store Maverick Payments bluu North Merchants Bancard Network Inc.
Dashboard Ad Specifications Production Dates Rate Card
News From the Wire

18:46:04 (UTC) 09-11-2025

Remi Tech ushers in a new era of compliant stablecoin settlement

18:43:28 (UTC) 09-11-2025

TrustCommerce, FinMed white paper helps leaders navigate complex patient payments

18:41:10 (UTC) 09-11-2025

The9 will own 19% of $9BIT token supply, bridging Wall Street, Web3

18:39:30 (UTC) 09-11-2025

Onosys achieves new integrations across POS, loyalty, delivery, payments

18:38:03 (UTC) 09-11-2025

Smart Router, Lava Network boost reliability for Wyoming-sponsored stablecoin

18:36:33 (UTC) 09-11-2025

Bitcoin Lightning Network powers 50% of Chipper Cash transactions

16:37:55 (UTC) 09-11-2025

MC, NCR Atleos, ITCARD to enhance contactless experiences at ATMs

16:35:53 (UTC) 09-11-2025

Personetics launches MCP server for developing agentic AI apps

News from the Wire

Software bills of materials are key to digital resilience, Onekey finds

Thursday, September 11, 2025 — 16:19:07 (UTC)

Düsseldorf, September 11, 2025 — As more and more devices connect to the internet — from smart homes to Industry 4.0 — the potential for cyberattacks grows. Therefore, updating and securing software is crucial to ensuring that digital systems can withstand cyberattacks. According to ONEKEY's latest "IoT & OT Cybersecurity Report 2025," only 12 percent of German industries have a complete overview of the programs used in their devices, machines, and systems. ONEKEY is a Düsseldorf-based cybersecurity company. A Software Bill of Materials (SBOM) provides this overview. It is a list of all the components contained in the software. "OT" stands for "operational technology," which includes industrial control systems. "IoT" stands for "Internet of Things" and refers to networked devices ranging from digital children's toys to medical equipment in hospitals.

Survey of 300 Industrial Companies

For its latest security report, available online at www.onekey.com/resource/iot-ot-cybersecurity-report-2025, ONEKEY surveyed 300 German industrial companies regarding OT and IoT security. Forty-four percent confirmed that they are addressing the issue of SBOM. Just under a third (32%) have created an SBOM for some of their networked devices, machines, and systems. However, only 12% have done so for all affected products and systems. Twenty-five percent do not have an SBOM for any of their digital devices. Another 25 percent said they were uncertain about the SBOM issue.

"The result is surprising, as the Cyber Resilience Act (CRA) will require a Software Bill of Materials for all products with digital elements by 2027 at the latest," said Jan Wendenburg, CEO of ONEKEY. He clarified: “This is an EU regulation, not just a directive. This means that this cybersecurity standard will become legally effective immediately in accordance with EU timelines, without requiring national implementation. Therefore, there will be no delay due to the implementation of the CRA in Germany, as is the case with the NIS2 cybersecurity standard."

Noteworthy: The companies surveyed do not consider creating a Software Bill of Materials (SBOM) to be the biggest challenge in meeting CRA requirements. Only 29 percent consider creating an SBOM particularly difficult. By comparison, 37 percent consider the obligation to report security incidents to the relevant authorities within 24 hours to be the CRA's biggest challenge. According to ONEKEY, this underestimation of the SBOM effort will prove to be an extraordinary challenge in connection with CRA compliance."

Many Hurdles on the Way to a Complete SBOM.

"In an industrial environment, obtaining an up-to-date and complete Software Bill of Materials is anything but easy," explained ONEKEY CEO Jan Wendenburg. Given the wide range of devices, machines, and systems, compiling the relevant information is a huge task for many companies. Additionally, many machines and their control systems are based on outdated and proprietary components, which makes achieving complete transparency nearly impossible. Complex supply chains and a lack of understanding among suppliers outside the European Union of EU-specific regulations further complicate matters.

The Cyber Resilience Act will require all manufacturers supplying connected products to the EU to provide an SBOM as part of their technical documentation. This SBOM must contain detailed information about the various software components. However, many suppliers would have difficulty compiling a complete SBOM because their upstream suppliers would not provide them with complete information. Jan Wendenburg explained: "Overall, the CRA requires detailed documentation of all programs, libraries, and components, including exact version numbers, license information, author details, and an overview."

It is an Ongoing Challenge Rather Than a One-Time Effort.

According to the Düsseldorf-based security company that operates a platform for automatically generating SBOMs, creating an SBOM is not a one-time effort. Rather, the Software Bill of Materials must be kept up to date on an ongoing basis. ONEKEY reports that the German Federal Office for Information Security (BSI) recorded an average of more than 2,000 software product vulnerabilities per month, 15 percent of which the office classified as "critical."

"With around 70 new potential gateways for hackers every day, it is particularly important for all manufacturers to keep track of things," Jan Wendenburg said. "The key challenge for manufacturers is to regularly check whether their products are affected by new vulnerabilities, so they can react quickly and proactively if necessary. This is exactly where the Cyber Resilience Act comes in. With the CRA, product cybersecurity is important not only on the day a product is delivered but also throughout the entire product life cycle. Those who create transparency about potential security gaps can act confidently and in compliance with the law in an emergency."

ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of the automated ONEKEY Product Cybersecurity & Compliance Platform (OCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes - without source code, device, or network access. Proactively audit software supply chains with integrated Software Bills of Materials (SBOM) generation. "Digital Cyber Twins" enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the EU Cyber Resilience Act (CRA) and requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform (OCP) and ONEKEY Cybersecurity Experts.

Further information: ONEKEY GmbH, Sara Fortmann, Email: sara.fortmann@onekey.com, Kaiserswerther Straße 45, 40477 Düsseldorf, Germany, Web: www.onekey.com

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.

Source: Company press release.

Categories: Reports and research

skyscraper ad
  • Home
  • Forums
  • Emagazine
  • Flipbook
  • News From the Wire
  • Breaking News
  • Ad Page
  • Podcasts
  • Calendar of Events
  • Community Voices
  • Resource Guide
  • Advisory Board

    • © 1983-2025 The Green Sheet, Inc.