Alice Sowerby
Alice has been supporting the FreeBSD Foundation as a contract service provider since mid-2024. She is a multi-skilled program manager and open source leader with over 20 years in technical roles across cloud native, AI/ML, and DevOps. Currently active in the FreeBSD Foundation, CHAOSS project, and the TODO Group, she brings expertise in program management and strategic leadership. Alice’s past roles include Program Director at Equinix, with other experience spanning product management, UX, and developer relations. She is known for her collaborative approach and commitment to impactful, community-driven initiatives.
Session
Learn what the EU Cyber Resilience Act is and what it means for you. Then, deep dive into SBOMs and discover how to choose the right tools for dependency management.
The European Union Cyber Resilience Act (CRA), along with similar international legislation, will come into force during 2026 and 2027. These regulations introduce new legal obligations requiring software to be secure by design and by default, while also imposing strict deadlines for reporting exploited vulnerabilities.
This session will explain the obligations introduced by the new legislation and explore how they affect open source developers and companies that market “products with digital elements” (PDEs).
While some view these changes as risky or burdensome - particularly for open source developers - this session takes a different perspective, focusing on the opportunities this new legal framework creates.
This session combines an overview of the CRA with practical guidance on the tools and processes that can help developers and organisations adapt. More importantly, it frames the legislation as an opportunity: a chance for the free software community to strengthen supply chain transparency, improve dependency management, and bring established software engineering practices more fully into everyday development.