Agenda: Thursday April 9, 2026

Registration

CVD, CRA and EUVD from the perspective of a national CSIRT

Since its inception in 2003, CERT-SE has played a role in many vulnerability cases. Going forward, NIS2 and CRA both appoint the national CSIRT as a coordinator when a vulnerability has or might have been found. In this talk, Peter will describe how CERT-SE works with CVD cases and what CERT-SE knows today about the EU approach to vulnerability reports from vendors and volunteers, coordinating vulnerabilities across borders and the EUVD. [read more]

Enhancing artefact security with Github attestations

In the evolving landscape of software development, ensuring the integrity of build artifacts like container images is crucial. GitHub Artifact Attestations is an artifact signing solution and PKI built on open source software like TUF and Sigstore. [read more]

Tea break

How to talk to your lawyer

Jimmy will in this talk present his views on how to bridge the gap in understanding between developers, business management, and lawyers. All critical components in implementing CRA conformant procedures within an organization.

OWASP SAMM at scale in diverse organisations

To survive in cyber given the new geopolitical landscape!

Patrik will explain why compliance is not the same as survival, and why traditional budget processes will miss the goal. Sure, one might be lucky, but who bets on his own survival?

Lunch

CRA: We need human firewalls to secure the production and product support

Johanna Parikka Altenstedt will highlight the need of human firewalls as a tool of cybersecurity in modern organizations. A human firewall is a team within an organization that serves as a human layer of protection, where employees are sufficiently trained to help secure the network.

Supply chain security – paving the way for best practices

Break

TBD

Summary and closing