Register today for this unique conference focusing on the EU Cyber Resilience Act! Let's meet in Stockholm April 8-10 to discuss, learn and build networks.

https://nsss.se

#CRA #EUCRA #APPSEC #cybersecurity #SBOM

SBOM-first isn't just a buzzword—it's the architecture that makes continuous security actually possible 🔄

Feel the difference ⚡

https://anchore.com/platform/

#SBOM #CRA #SoftwareSupplyChain #Compliance

The moar #CRA and #SBOM articles are getting out ... the moar people are getting scared ;)

https://craevidence.com/blog/how-to-generate-firmware-sbom?lang=en

NetRise Provenance wants to track who writes your open source code after XZ backdoor scare

https://fed.brid.gy/r/https://nerds.xyz/2026/03/netrise-provenance-open-source-risk/

"SBOMs are not a cure-all... They're effective at managing known vulnerabilities. They don't necessarily extend to detecting unforeseen threats." — Russ Eling

Don't confuse a compliance artifact with a security strategy.

Here is how to bridge the gap: https://anchore.com/blog/sbom-sprawl-paradox/

#SBOM #Compliance

Generating an SBOM is the easy part.

Marc Herren leads a hands-on workshop at DevOpsDays Zürich 2026 on professional SBOM management and risk mitigation. Work with OWASP Dependency-Track and VEX to turn static SBOMs into a living security ecosystem.

The EU Cyber Resilience Act demands more than a scan. Learn how to deliver it.

https://www.devopsdays.ch/event/program/workshops/marc-herren/

#DevOpsDays #DevOps #SBOM #SupplyChainSecurity

Scale-out architecture for web-scale environments 📈

Because your containers don't wait for security scans ⏱️

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

"Source code is to build artifacts as data sets are to AI models."

Kate Stewart (The Linux Foundation) explains why you can't trust your AI if you don't know what trained it.

Read why the "S" in SBOM is standing for System: https://anchore.com/blog/the-s-in-sbom-is-for-system/

#SoftwareSupplyChain #SBOM