STDA030 April   2026 AM620-Q1 , AM623 , AM625 , AM625-Q1 , AM62A1-Q1 , AM62A3 , AM62A3-Q1 , AM62A7 , AM62A7-Q1 , AM62P , AM62P-Q1 , AM6411 , AM6412 , AM6421 , AM6422 , AM6441 , AM6442 , TDA4AEN-Q1 , TDA4AH-Q1 , TDA4AL-Q1 , TDA4AP-Q1 , TDA4VE-Q1 , TDA4VEN-Q1 , TDA4VH-Q1

 

  1.   1
  2.   Abstract
  3. 1Introduction
  4. 2Scope of CRA
  5. 3Product Requirements
  6. 4Vulnerability Handling Process
  7. 5Information and Labeling
  8. 6TI Processors Meeting the Requirements of the CRA
  9. 7Conclusions
  10. 8References

4 Vulnerability Handling Process

The CRA requires that manufacturers identify and document all dependencies and vulnerabilities, provide a software bill of materials (SBOM), and track these items continuously, while verifying that no known vulnerabilities remain and any dependencies and vulnerabilities which surface must be addressed without delay. Manufacturers must test the security of the digital product, publicly disclose information about fixed vulnerabilities, maintain a coordinated vulnerability disclosure policy, facilitate sharing of potential vulnerability data, and deliver patches promptly, free of charge, with advisory messages.