SecAppDev 2026 - Governance

A technical deep dive into how Microsoft implements security, resilience, and regulatory compliance at scale—mapping NIS2, DORA, and Secure‑by‑Default principles to concrete controls, engineering processes, and tenant‑level protections

Key takeaway: Learn how regulatory requirements become enforceable controls, measurable metrics, and practical Secure‑by‑Default engineering across cloud systems

A practical deep dive into SBOMs: what they are, how they’re built and used, and why they matter for modern software security, from vulnerability response and prioritization to supply‑chain risk and provenance touchpoints.

Key takeaway: Participants will learn about SBOMs, how to think about them in an end-to-end manner, and how to apply them to real security workflows.

Post-Quantum Cryptography (PQC) answers the threat posed by quantum computers. We discuss the emerging standards and national agencies' recommendations for migration. We conclude with performance benchmarks and crypto agility challenges.

Key takeaway: If you have not yet developed a PQC migration strategy, you should do so in the next 6 months.

This lecture introduces the concepts of dark patterns from interdisciplinary (HCI, privacy, and legal) literature to highlight the evolution of this UX design phenomena, with implications for the age of AI.

Key takeaway: Dark patterns are a persistent 'threat' to users in a different fashion; security perspectives can contribute to ongoing mitigation efforts.

A practical deep-dive into the EU CRA for Enterprise and Open Source. Features interactive "In Scope?", "Who Am I?" and a “Live Gap-Analysis” exercises to help navigating your compliance confidently.

Key takeaway: Transform CRA rules from a legal burden into an engineering advantage using open standards, clear role mapping, and practical guidelines.

Cybersecurity shapes society. This talk shows how ethical frameworks can guide security analysis and design. It covers harms to privacy and property, transparency and disclosure, and AI impacts, all based on real-world cases.

Key takeaway: An increasingly digital society implies that software developers are facing more ethical issues; this requires critical reflection.