SecAppDev 2026 lecture details
EU CRA: Survival Workshop for Enterprise & Open Source
A practical deep-dive into the EU CRA for Enterprise and Open Source. Features interactive "In Scope?", "Who Am I?" and a “Live Gap-Analysis” exercises to help navigating your compliance confidently.
Wednesday June 3rd, 11:00 - 12:30
Room West Wing
Add to calendar (ICS) Add to Google calendarAbstract
The EU Cyber Resilience Act (CRA) reshapes security for the global supply chains, but what does it mean for you? This interactive session clarifies requirements for Enterprise Manufacturers, Open Source Contributors and Stewards. We’ll go beyond theory using three practical exercises: an "In Scope or Out of Scope?" task, a "Who Am I?" exercise, and a “Live Gap Analysis” for project of your choice. You'll leave with a developer-friendly toolkit, clear liability answers, and actionable frameworks to navigate compliance without slowing innovation.
Key takeaway
Transform CRA rules from a legal burden into an engineering advantage using open standards, clear role mapping, and practical guidelines.
Content level
Deep-dive
Target audience
Anyone building SW in or for the EU: from engineers to security managers to open-source supporters.
Prerequisites
Basic understanding of software supply chains and SW development, leveraging open-source. No prior legal or deep regulatory knowledge is required.
Join us for SecAppDev. You will not regret it!
Grab your seat now
Roman Zhukov
Principal Architect - Security Communities Lead, Red Hat
Expertise: Open Source & Supply Chain Security, AI Trust & Safety, Cybersecurity Standards & Regulations, SW Security Architecture & DevSecOps practices
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Security by default - A European perspective on cyber resilience
Deep-dive lecture by Freddy Dezeure in room Lemaire
Monday June 1st, 09:15 - 10:30
A technical deep dive into how Microsoft implements security, resilience, and regulatory compliance at scale—mapping NIS2, DORA, and Secure‑by‑Default principles to concrete controls, engineering processes, and tenant‑level protections
Key takeaway: Learn how regulatory requirements become enforceable controls, measurable metrics, and practical Secure‑by‑Default engineering across cloud systems
SBOMs and their Role in Security
Deep-dive lecture by Alexios Zavras in room West Wing
Tuesday June 2nd, 09:00 - 10:30
A practical deep dive into SBOMs: what they are, how they’re built and used, and why they matter for modern software security, from vulnerability response and prioritization to supply‑chain risk and provenance touchpoints.
Key takeaway: Participants will learn about SBOMs, how to think about them in an end-to-end manner, and how to apply them to real security workflows.
RTFR (Read The Bleeping RFC)
Deep-dive lecture by Inti De Ceukelaire in room Lemaire
Wednesday June 3rd, 16:00 - 17:15
We’ve built the internet upon standards established decades ago, resulting in some considerable security consequences today. In this talk, Inti is revealing his RFC research playbook and will discuss some of his recent finds.
Key takeaway: Creating and maintaining standards is hard and small inaccuracies might result in huge mistakes in years from now. Compliant isn't always more secure!