Agenda: Thursday April 9, 2026

8:30 – 9:00

Registration

9:00 – 9:30

Olle E. Johansson
Olle E. Johansson, Conference chair

Welcome to NSSS: Resilience under pressure

Olle E. Johansson

9:30-10:00

Peter Jonegård
Peter Jonegård, NCSC, CERT-SE

CVD, CRA and EUVD from the perspective of a national CSIRT

Since its inception in 2003, CERT-SE has played a role in many vulnerability cases. Going forward, NIS2 and CRA both appoint the national CSIRT as a coordinator when a vulnerability has or might have been found. In this talk, Peter will describe how CERT-SE works with CVD cases and what CERT-SE knows today about the EU approach to vulnerability reports from vendors and volunteers, coordinating vulnerabilities across borders and the EUVD. [read more]

10:00-10:30

Fredrik Skogman
Fredrik Skogman, Github

Enhancing artefact security with Github attestations

In the evolving landscape of software development, ensuring the integrity of build artifacts like container images is crucial. GitHub Artifact Attestations is an artifact signing solution and PKI built on open source software like TUF and Sigstore. [read more]

10:30-11:00

Tea break

11:00-11:30

Jimmy Ahlberg
Jimmy Ahlberg
Ericsson

How to talk to your lawyer

Jimmy will in this talk present his views on how to bridge the gap in understanding between developers, business management, and lawyers. All critical components in implementing CRA conformant procedures within an organization.

11:30-12:00

Louise Tranborg

Simon Wendel, Anna Rikardsson och Louise Tranborg
Decerno

OWASP SAMM at scale in diverse organisations

12:00-12:30

Patrik Fältström, Netnod
Patrik Fältström
Netnod

To survive in cyber given the new geopolitical landscape!

Patrik will explain why compliance is not the same as survival, and why traditional budget processes will miss the goal. Sure, one might be lucky, but who bets on his own survival?

12:30-13:30

Lunch

13:30-14:00

Johanna Parikka Altensted
Johanna Parikka Altenstedt
Cybernode.se

CRA: We need human firewalls to secure the production and product support

Johanna Parikka Altenstedt will highlight the need of human firewalls as a tool of cybersecurity in modern organizations. A human firewall is a team within an organization that serves as a human layer of protection, where employees are sufficiently trained to help secure the network.

14:00-14:30

Magnus Eklund, Red Hat
Magnus Eklund
Red Hat

Supply chain security – paving the way for best practices

14:30-15:00

James Barclay, CrabNebula
James Barclay

The Advisor on the Factory Floor: Everyone Works Better with a Defined Role — Even AI

The Cyber Resilience Act extends the CE mark to software, bringing 100 years of product liability, conformity assessment, and manufacturing accountability to the codebase. The industry response has been to automate compliance with AI. This talk examines why that instinct has the model backwards.

15:00-15:30

Break

15:30-16:00

Mikael Barbero
Head of Security, Eclipse Foundation

Open Source Security at the Eclipse Foundation: Batteries Included

The Eclipse Foundation Security Team helps projects strengthen their security posture across the software lifecycle. This talk covers how the team facilitates coordinated vulnerability disclosure, mentors projects in generating, publishing, and maintaining SBOMs, conducts Rapid Security Reviews, and develops practical tools such as Eclipse Otterdog. It shows how these services and practices enable project teams to take a more systematic, scalable, and proactive approach to open source security.

16:00-17:00

Olle E. Johansson
Olle E. Johansson

Summary and closing

Explore the conference agenda

Wednesday:
Training
Thursday: Conference
Friday:
SBOM Focus
Register
now!
Open Source Security Foundation
OWASP Foundation
Open regulatory compliance working group (ORCWG.ORG)

Register today!