Secure Coding with Extra SLSA: A Secure & Spicy take, on Software Supply Chains

This event is organized as an on-site event only.

Secure Coding with Extra SLSA:
A Secure & Spicy take, on Software Supply Chains

1. Talk: "Software Security and the Cyber Resilience Act (EU Regulation for Digital Products)"
By: Nicolas Petri (SBA Research)

2. Talk: "SLSA: The taco dip for Software Supply Chain Security""
By: Dimitrij Klesev (Whizus) & Julian Zhuang (Whizus)

3. Talk: "Securing the Software Supply Chain: Practical Strategies"
By: Daniel Liszka (Chainloop)

Speaker & Details:
Dimitrji Klesev (Tech Lead Whizus)
Julian Zhuang (DevOps Consultant Whizus)
Daniel Liszka (Chainloop)
Nicolas Petri (SBA Research)
Talk language: English
On-site event only!: Floragasse 7, 1040 Vienna (5. floor)
Further information will be announced soon!

Agenda
*********
17:55: Gathering
18:10: Talk: "Software Security and the Cyber Resilience Act (EU Regulation for Digital Products)"
18:40: Talk:"SLSA: The taco dip for Software Supply Chain Security"
19:00: Break & Snacks
19:15: Talk: "Securing the Software Supply Chain: Practical Strategies"
19:45: Food, Drinks & Get together

Looking forward to seeing you there!
Picture source: Generated with AI (DALL·E)

Talks & Details:

"Software Security and the Cyber Resilience Act (EU Regulation for Digital Products)

"Shift left" is more than a buzzword — it’s key to aligning security with the software development lifecycle (SDLC). But while developers often see it as overhead, decision-makers may underestimate its value. With new regulations like NIS2 and the Cyber Resilience Act (CRA), structured secure development is no longer optional — it’s mandatory.

"SLSA: The taco dip for Software Supply Chain Security"

With software supply chain attacks on the rise, it's more important than ever to talk about security in today's software ecosystem. In this talk, Julian, a DevOps Engineer from WhizUs, will explain how to improve security in supply chain processes by introducing SLSA, an open-source framework for software supply chain security which helps organizations to enable trust and transparency and protect against tampering in development, build and deployment processes."

"Securing the Software Supply Chain: Practical Strategies"

Drawing from real-world implementations at major enterprises, this talk will guide you through integrating compliance and security controls into your Software Development Lifecycle (SDLC) using open-source tools like Chainloop. Learn how to build an evidence store for your software supply chain, instrument your CI/CD pipelines, and establish effective quality and control gates. We'll show you how to operationalize Software Bills of Materials (SBOMs) and Vulnerability Exploitability eXchange (VEX) files to securely deploy software to production and beyond.