Supply Chain Security
Details
Built Fast, Poorly Protected? Supply Chain Security Between Container Convenience and the CRA (Cyber Resilience Act).
Abstract
Over the past few years, security efforts have focused primarily on cloud infrastructure and on preventing or remediating misconfigurations. In modern software development, however, the security of container images is often treated as a secondary concern, with speed of development and convenience taking precedence. Existing components, from libraries to base images, are reused and sourced through complex and opaque supply chains.
Following prominent security incidents such as Log4j and xz, supply chain security has increasingly moved into the spotlight. In 2025, supply chain failures ranked third for the first time in the OWASP Top 10 Critical Security Risks to Web Applications.
The EU’s Cyber Resilience Act (also applicable in Switzerland) will, starting in 2026, introduce binding requirements to promptly remediate actively exploitable vulnerabilities and to provide complete Software Bills of Materials (SBOMs).
In this session, we will explore solutions for making software supply chains more secure in the future while simultaneously meeting the requirements of the CRA.
The talk will be held in German with some Bernese sprinkled in.
Speakers
#### Stöf
Christoph Raaflaub is a graduate engineer (FH) in computer science and a Platform Architect at Puzzle ITC in Bern. As a member of the Technical Board, he helps shape the company’s technological direction, driven by a strong passion for CI/CD, automation, and cloud-native technologies. His expertise lies at the intersection of platform engineering, DevSecOps, and modern software architecture. With over 15 years of experience, Christoph supports organizations in designing scalable and secure software delivery pipelines that sustainably improve efficiency, quality, and security. He specializes in building Internal Developer Platforms (IDPs) and developer portals (Backstage), with a particular focus on software supply chain security to balance innovation and security.
#### Ela
Raphaela Seeger joined Puzzle 3.5 years ago as a Platform Engineer after completing her PhD in biological systems. She brought her passion for automation with her and works at Puzzle on CI/CD, DevSecOps, and supply chain security. With her extensive teaching experience, she excels at explaining complex topics, such as security risks in cloud environments, in a clear and accessible way, and at outlining practical solution approaches.
Sponsors ans patrons
Thanks to our sponsors and Patrons, this event is free of charge. Even better: we’ll have an apéro after the talk, plus plenty of time for networking and some good old-fashioned nerdy shop talk.
Code of Conduct
We have a clear Code of Conduct that we actively uphold. Please make sure to follow it throughout the event.
Photos & Social Media
We’ll be taking photos during the event to share later on social media. If you’d prefer not to appear in any pictures, please let us know before or after the event, then we’ll make sure you’re not included.
Feedback
We’re always happy to receive feedback. It helps us grow at Guild42. Please share it respectfully, we’ll receive it openly. As the organizing team, your feedback motivates us and helps us keep improving Guild42 events for you.
We’re looking forward to seeing you!