Integrity and Transparency for Trustworthy Supply Chain
[ 12 ] European Union Cyber Resilience Act( CRA), https:// www. cisa. gov / sites / default / files / 2023-09 / EU % 20Commission % 20SBOM % 20Work _ 508c. pdf
[ 13 ] FIPS 140-3( Security Requirements for Cryptographic Modules), https:// csrc. nist. gov / pubs / fips / 140-3 / final
[ 14 ] Drug Supply Chain Security Act( DSCSA), https:// www. gs1us. org / supply-chain / standardsand-regulations / drug-supply-chain-security-act
[ 15 ] Internet Engineering Task Force( IETF) Supply Chain Integrity, Transparency and Trust( SCITT) working group, https:// datatracker. ietf. org / group / scitt / about / and“ What is SCITT?”, https:// scitt. io / index
[ 16 ] Linux Foundation, Digital Bill of Materials( DBOM), Standardizing Attestation Sharing, https:// dbom. io /
[ 17 ] Linux Foundation, in-toto framework to secure the integrity of software supply chains, https:// in-toto. io /
8 ACKNOWLEDGEMENTS
The views expressed in the OMG Journal of Innovation are the author’ s views and do not necessarily represent the views of their respective employers nor those of the Object Management Group ®( OMG ®).
© 2025 The OMG logo is a registered trademark of Object Management Group ®. Other logos, products and company names referenced in this publication are property of their respective companies.
‣ Return to the beginning of this article
‣ Return to the Table of Contents
68 May 2025