The EU’s growing focus on SBOMs, highlighted in ENISA’s SBOM Landscape Analysis – Towards an Implementation Guide, is a key step toward greater transparency and resilience in software supply chains. SBOMs are rapidly becoming a central building block for cybersecurity governance under the Cyber Resilience Act (CRA) and related frameworks. From Bitsea’s perspective, this direction is both necessary and overdue.

Introduction to the Syscall Exception The syscall exception maps closely to how the Linux kernel exposes its user-space interface. The boundary covered by the syscall note primarily consists of the kernel’s user-space API (UAPI), which is implemented through header files intended for inclusion by user programs. These headers live mainly under the include/uapi/ directory (and its architecture-specific counterparts under arch/*/include/uapi/)

In September 2025, the npm ecosystem experienced one of the most consequential software supply-chain compromises to date. A self-propagating worm, now commonly referred to as Shai-Hulud, compromised hundreds of npm packages, harvested developer and CI/CD credentials, and used those credentials to spread laterally across the ecosystem by publishing further malicious updates under the identities of legitimate maintainers. Within weeks, a

An Overview of the Creative Commons License Suite Creative Commons (CC) designed its license suite to make sharing creative work easier while allowing creators to retain some control over how others use their work. Founded in 2001 by Lawrence Lessig, Hal Abelson, and Eric Eldred, the Creative Commons Foundation built a flexible legal framework that encourages collaboration and the open

When you work with open source software, you eventually come across a licensing issue that needs fixing. Maybe a GPL component found its way into your proprietary code, or you discovered a library with no clear license at all. That’s where remediation comes in. At Bitsea, we don’t just identify licensing risks, we help you fix them. Our team works

When it comes to managing software security and compliance, understanding and generating Software Bill of Materials (SBOMs) is crucial, especially with the increasing use of third-party and open-source code. The Cybersecurity and Infrastructure Security Agency (CISA) has defined six different types of SBOMs, each linked to different stages of the software development lifecycle (SDLC). Here’s a breakdown of these SBOM

From Efficiency to Exposure: The Rise of Vibe Coding Today, developers rarely write every line of code from scratch. Most software is built on layers of existing libraries. Traditionally, this meant reusing vetted, attributed, and properly licensed open-source code. Enter “vibe coding” — the practice of using generative AI tools to quickly produce scaffolds, utility functions, or even core business

– Practical recommendations in a nutshell The Bitkom publication Practical Recommendations for Open Source Software (version 3.3) provides comprehensive guidance for companies and administrations that want to use and help shape open source in a targeted manner. The complete guide is available here as a PDF (currently only in German available). Key Contents at a Glance 1. Importance, Opportunities and

– The importance of open source for business and administration Open source is no longer a niche topic—in 2025, it is clearer than ever how indispensable open software has become for our digital world. Without open source solutions, large parts of data traffic, many platforms, and even smartphones would come to a standstill. At the same time, the open source

Do you deliver Electronic Equipment with Radio components to the EU? Then the following new Regulation is relevant for you: The Radio Equipment Directive (RED)1, formally known as Directive 2014/53/EU, is the European Union’s framework for regulating devices that communicate via radio waves. Its main objective is to ensure that radio equipment placed on the EU market is safe, does

We cordially invite you to the Cybersecurity Summit 2026 on 26 February from 3 p.m. at Motorworld Cologne. Learn how AI, the Cyber Resilience Act (CRA) and digital sovereignty are inextricably linked. Event content: The speakers: At the Cybersecurity Summit, Dr Kotulla will give a concise introduction to the key requirements of the CRA, specifically risk assessment in accordance with

Open Source Everywhere — And a New Challenge On any given day, tech companies in Europe are shipping products with digital elements. Under the hood, chances are it’s running a wealth of Open Source-code. From encryption libraries to web frameworks, Open Source has become the backbone of digital innovation—indeed, a typical modern software product is often over 90% Open Source

The Challenges of Maintaining Legacy Software A quick, easy-to-understand overview is what many people want in life. Especially with historically grown software systems. Even the developers themselves need a comprehensive overview of the system from time to time, even if the focus during the development phase and afterwards in the maintenance phase is quite different. Where have monster classes formed?

Navigating Open-Source-Compliance in 2024: The Critical Role of Scanning Depth and SBOMs In the evolving landscape of cybersecurity and software compliance, the importance of open source compliance cannot be overstated. New regulatory requirements like the Cyber Resilience Act (CRA), the Network and Information Security Directive (NIS2), and the Digital Operational Resilience Act (DORA) have introduced stricter obligations for organizations, especially

As a member of the OpenChain community Bitsea maintains partnerships worldwide. Today we would like to share insights on open source compliance in Taiwan, provided by Claire Cheng. Cheng has been working for the OCF in Taiwan for a long time and advises companies on open source processes and trains customers on the special features of using open source. This

Imagine you could search through every single component of your software like a map – identify risks at a glance, track down hidden dependencies and effortlessly expose vulnerabilities. This is exactly what a software bill of materials (SBOM) makes possible! This article explains why this “list of ingredients” is indispensable for modern software projects today, especially as open source now

Ms. Wittman is a lawyer in Munich and a partner at Bitsea. To enhance digital operational resilience, the European Commission has introduced the Digital Operational Resilience Act (Regulation (EU) 2022/2554 – “DORA”) as part of its Digital Finance Package 2020. Currently, regulations on digital resilience are scattered across various sector-specific EU laws and guidelines (e.g., MiF II, CRD, PSD2, Guidelines

As the implementation deadline for the revised Network and Information Systems Directive (NIS2) approaches, companies across the EU need to take action to ensure compliance with the directive. NIS2, which came into force on January 16, 2023, replaces the original NIS1 Directive and aims to harmonize and improve cybersecurity across member states. With its broader scope, risk-based approach and focus

Open source is everywhere: Hardly any product today can do without digital components, from electric toothbrushes and baby monitors to smartwatches. Less obvious to many users is the security risk that such products pose for the end users. The new European Cyber Resilience Act (CRA) aims to ensure that consumers receive secure products. The regulation was announced in the EU

What is the NIS2 Directive? The NIS2 Directive, or the Directive on Security of Network and Information Systems, is a European Union (EU) directive that aims to enhance the overall cybersecurity and resilience of network and information systems across various critical sectors. NIS stands for Network and Information Systems. The directive was initially adopted in 2016 and became effective in