To address the escalating cybersecurity challenges, the U.S. and European countries have introduced various cybersecurity regulations and actively advocate for enterprises to adopt a SBOM to enhance software supply chain transparency. SBOM enables organizations to promptly update software components to mitigate known vulnerabilities or leverage detailed insights to accelerate response times, minimizing the impact of attacks. Implementing SBOM not only strengthens proactive security measures within the software supply chain but also helps organizations adapt to evolving threats, making it a critical cybersecurity tool. This session will provide a comprehensive overview of SBOM’s fundamentals, its driving factors, and its necessity, along with real-world implementation cases showcasing its benefits in improving transparency and vulnerability risk management. Additionally, we will address common challenges and concerns faced during implementation, offering practical recommendations to help organizations enhance resilience and competitiveness in combating cybersecurity threats.

As SBOM (Software Bill of Materials) becomes an essential component of software supply chain security management, leveraging it for vulnerability management presents new challenges. This session will explore the applicability of Zero CVE as a security standard, analyze why adopting such a strategy is crucial despite its limitations, and share practical insights on balancing security requirements with real-world supply chain constraints in software development.

Since 2024, zero-day vulnerabilities and supply chain attacks have been considered the ""golden combination"" of threats that pose the greatest concern to businesses. Combined with geopolitical pressures, this has intensified the focus on cybersecurity within product supply chains, prompting countries to elevate security standards for product software and firmware. As a result, product supply chain cybersecurity reviews are expected to become a standard practice.

This presentation will explore how to integrate cybersecurity engineering into product development and supply chain management, implementing a ""shift-left"" security approach to combat increasingly automated hacking techniques and support enterprises in building a trusted supply chain.

Additionally, it will highlight how Delta Electronics introduces innovative thinking into its technical architecture to ensure end-to-end product lifecycle from research and development through to deployment. This strategy enhances supply chain transparency, improves vulnerability management efficiency, strengthens dynamic software security, and bolsters product resilience—ultimately boosting market confidence and competitiveness.

The Cyber Resilience Act (CRA) is a legal framework in the EU aimed at descripting cybersecurity requirements for products with digital elements within its region. As of 2026, relevant product manufacturers will be required to comply with reporting obligations. These rules are mandatory, and non-compliance will result in substantial fines. This talk will share how our PSIRT Team is preparing to comply with this act and turn it into a security defense barrier.

In this talk, we will summarize the regulations, which exceed 100 provisions, into categories such as development and production requirements, vulnerability management requirements, market sales rules, and market supervision regulations. We will highlight special provisions and commonly overlooked aspects. We will also explain how our PSIRT Team ensures that these regulations are under control. For example, the CRA has reporting obligations. When manufacturers encounter severe incident or discover actively exploited vulnerabilities, they must provide designated information to the EU within specified timeframes. We will share how the PSIRT Team has established a process to address this.

The EU Cyber Resilience Act (CRA) will be enforced on December 11, 2027, impacting the majority of digital products sold in the European Union. This means products will need to meet stricter cybersecurity requirements, including more robust vulnerability reporting and handling mechanisms, as well as longer-term security update support.

This course will provide a comprehensive yet accessible introduction to the EU CRA, covering its key aspects, core security functionality requirements, and implications for product development processes. While the detailed compliance specifics of the EU CRA are not yet fully clear, this course will share our practical experience in implementing secure development management for industrial control products. This will provide you with pragmatic preparation recommendations to help your products meet the EU CRA requirements, while also preparing you for potential future cybersecurity regulations.

With Trump’s return for his second term as the U.S. president, the CMMC's future whether it will be enforced or significantly modified? Defense supply chain security reflects a nation's ability to safeguard strategic resources, maintain defense self-reliance, and protect critical sensitive information. Taiwan, a key player in the global high-tech supply chain, has long been a target of cyber threats and malicious attacks. In considering CMMC adoption, Taiwan should prioritize "security and self-reliance" as national strategic goals with practical implementation. Strengthening defense supply chain security is not just about expanding industrial cooperation with friendly countries but also ensuring industrial sustainability, self-reliance, and national resilience.