SBOM and DORA

The EU DORA strongly emphasizes robust ICT risk management frameworks including tracking third-party and open-source libraries simplified by SBOM.

Get Started
Continuous SBOM Evaluation and Risk Monitoring

DORA in a nutshell

The European Union's Digital Operational Resilience Act (DORA) emphasizes strengthening IT security for financial entities through the coverage of ICT risk management, third-party risk management, resilience testing, incident reporting, information sharing and oversight of third-party providers.

Deep Risk Assessment
Continuous Monitoring

Third-Party Components

DORA requires tracking 'third-party libraries, including open-source' whether developed internally or by a third-party service provider. This is most easily tracked and managed by machine-readable SBOM - for all types of software components, including open source.

Software Monitoring

DORA Article 10 also requires for any included component 'monitor the version and possible updates of the third-party libraries, including open-source libraries'. This reinforces that instead of a passive checklist, the intent of the regulation is active monitoring of software components for underlying risks - most easily achieved by SBOM integrated with SDLC.

Track Changes
Continuous Monitoring

Incident Reporting

DORA Article 19 also mandates resilience testing and incident response capabilities. SBOMs are designed to minimize response times for zero-day vulnerabilities by tracking software components and their associated vulnerabilities.

See your SBOM Done Right

Interlynk SBOM Automation Platform is for building products securely, streamlining compliance and eliminating manual steps. Our solution is designed to be cost-effective and efficient, saving you valuable time and resources.

See it in Action