Cybersecurity Administration and National Institute of Cyber Security Host SBOM Workshop, Guidelines Expected in H2
Taiwan's Ministry of Digital Affairs' Cybersecurity Administration (MODA CSA) and the National Institute of Cyber Security (NICS) co-hosted an SBOM (Software Bill of Materials) workshop, with plans to release SBOM practical guidelines in the second half of this year. This initiative aims to help domestic industries align with international standards and enhance Taiwan's leading position in the global supply chain.
📋 Article Processing Timeline
- 📰 Published: April 29, 2026 at 21:16
- 🔍 Collected: April 29, 2026 at 21:31 (15 min after Published)
- 🤖 AI Analyzed: April 30, 2026 at 01:23 (3h 51m after Collected)
Taipei, April 29 (CNA) — The Ministry of Digital Affairs' Cybersecurity Administration (MODA CSA) and the National Institute of Cyber Security (NICS) today jointly hosted a Software Bill of Materials (SBOM) workshop, inviting eight domestic information and communication technology (ICT) companies with many years of SBOM production experience to participate. The MODA CSA stated that it plans to release practical reference guidelines for SBOM in the second half of this year to help domestic industries align with international norms and expand Taiwan's leading capabilities in the global supply chain.
The MODA CSA and NICS today jointly hosted the "SBOM Present and Future: Vulnerability Management Implementation and International Trend Outlook Workshop." In addition to focusing on practical sharing from experienced SBOM producers, it also delved into international development trends from the perspectives of policy compliance and contractual compliance.
The MODA CSA explained that SBOM can be regarded as a "list of ingredients" for software, similar to the ingredient labels on food packaging. It helps enterprises understand the components contained in their own products, allowing for timely tracing and remediation if related components have vulnerabilities, thereby reducing supply chain risks.
The MODA CSA stated that with software development highly dependent on open-source components and third-party libraries, the software supply chain is complex and difficult to trace. Once a vulnerability appears in a certain underlying component, it is often difficult for enterprises to confirm at the first instance whether their own products are affected.
The MODA CSA pointed out that the EU's "Cyber Resilience Act" has incorporated SBOM establishment and vulnerability handling as statutory obligations for manufacturers. Taiwan, through policy guidance, encourages common supply contract vendors to provide SBOM and other related component information to enhance the cybersecurity quality of government-procured software.
The MODA CSA stated that establishing SBOM is no longer merely a cybersecurity recommendation but a critical threshold for domestic enterprises to globalize and maintain international competitiveness. It plans to release practical reference guidelines for SBOM in the second half of this year, providing a reference for all sectors to implement and helping domestic industries align with international norms. (Editor: Yang Lan-hsuan) 1150429
Choose to stand with facts, every sponsorship of yours is a force to protect press freedom.
Download CNA's 'First-hand News' APP to grasp the latest information instantly.
The text, images, and videos on this website may not be reproduced, publicly broadcast, or publicly transmitted and used without authorization.
The MODA CSA and NICS today jointly hosted the "SBOM Present and Future: Vulnerability Management Implementation and International Trend Outlook Workshop." In addition to focusing on practical sharing from experienced SBOM producers, it also delved into international development trends from the perspectives of policy compliance and contractual compliance.
The MODA CSA explained that SBOM can be regarded as a "list of ingredients" for software, similar to the ingredient labels on food packaging. It helps enterprises understand the components contained in their own products, allowing for timely tracing and remediation if related components have vulnerabilities, thereby reducing supply chain risks.
The MODA CSA stated that with software development highly dependent on open-source components and third-party libraries, the software supply chain is complex and difficult to trace. Once a vulnerability appears in a certain underlying component, it is often difficult for enterprises to confirm at the first instance whether their own products are affected.
The MODA CSA pointed out that the EU's "Cyber Resilience Act" has incorporated SBOM establishment and vulnerability handling as statutory obligations for manufacturers. Taiwan, through policy guidance, encourages common supply contract vendors to provide SBOM and other related component information to enhance the cybersecurity quality of government-procured software.
The MODA CSA stated that establishing SBOM is no longer merely a cybersecurity recommendation but a critical threshold for domestic enterprises to globalize and maintain international competitiveness. It plans to release practical reference guidelines for SBOM in the second half of this year, providing a reference for all sectors to implement and helping domestic industries align with international norms. (Editor: Yang Lan-hsuan) 1150429
Choose to stand with facts, every sponsorship of yours is a force to protect press freedom.
Download CNA's 'First-hand News' APP to grasp the latest information instantly.
The text, images, and videos on this website may not be reproduced, publicly broadcast, or publicly transmitted and used without authorization.