The conference focuses on the effects of the coming regulation – what will need to change, how will we work, how will we interact between vendors? What is the role of Open Source?
Here are some suggested topics that speakers will cover:
- Compliance – the road to CE marking your product
- Software supply chain security
- Horisontal standards and related work – like ISO 27001 etc
- DevSecOps and software transparency
- Software transparency artefacts: SBOM, VEX, attestations
- Formats: CycloneDX, SPDX
- Digital signatures
- Secure by design development process
- Secure Code Frameworks
- CVD: Coordinated vulnerability disclosure
- Vulnerability handling – updating, prioritising and interacting with customers
- Tools for scanning, vulnerability checking, compliance, SBOM and artefact management
- The EU regulation: The Cyber Resilience Act, RED-DA and NIS2 as well as the umbrella – Cyber Security Act
- What is the current status?
- Who will be affected?
- EU certification: EU-CC, Certificate of compliance, CE-mark
- Vulnerability databases: CVE, NVD, OSV and others – including the coming EU vulnerability database
- Process: How to modify the product development process to adopt to the regulation
- Shift security left: How to integrate cyber security professionals early in the process
- Customer perspective: How does a customer manage software transparency
- Interacting with Open Source projects – 3rd party dependencies
- Open Source projects and their role