Let’s be honest: keeping up with cybersecurity regulations feels like a full-time job. Between the EU Cyber Resilience Act (CRA), Payment Card Industry Data Security Standard (PCI DSS), NIS2, NIST’s Secure Software Development Framework (SSDF), and FedRAMP, security and compliance engineers are being buried in a mountain of complex, mandatory requirements. It’s no longer just about checking a box; it’s about proving—with machine-readable evidence—that your software supply chain isn’t a liability.

In this session, Roman Zhukov, Open-Source Security Strategy at RedHat, Dr. Andreas Kotulla, Founder & CEO of Bitsea, and Alex Rybak, Sr. Director of Product from Anchore, are discussing:

• CRA Survival Guide: Explaining the key upcoming deadlines for timely vulnerability reporting and full compliance.
• SBOMs as a Secret Weapon: Why the Software Bill of Materials is now the foundational element for transparency and global market access.
• Automating Compliance Processes: How to continuously operate compliance processes that satisfy reporting requirements and simplify external audits.
• Anchore v6 Sneak Peek: A look at the new Applications view and how to stop chasing CVEs manually.
• A Real-World Playbook: A practical walkthrough of moving from a "failed" scan to a "clean pass" by automating the remediation loop.