Pierre Pronchery
Pierre Pronchery is passionate about Open Source software and Operating System internals in particular, which has led him to join the NetBSD Foundation as Developer in 2012 and then as Director on the Board since 2017. Learning how systems work also teaches how they break, and it only made sense for him to advise and audit major companies professionally as IT-Security Consultant, in a variety of situations involving Penetration-Testing, Incident Response, Reverse Engineering, or Red Teaming. More recently, he joined the FreeBSD Foundation as Security Engineer, where he currently helps the FreeBSD Project as Developer and member of the Security Team.
Session
Learn what the EU Cyber Resilience Act is and what it means for you. Then, deep dive into SBOMs and discover how to choose the right tools for dependency management.
The European Union Cyber Resilience Act (CRA), along with similar international legislation, will come into force during 2026 and 2027. These regulations introduce new legal obligations requiring software to be secure by design and by default, while also imposing strict deadlines for reporting exploited vulnerabilities.
This session will explain the obligations introduced by the new legislation and explore how they affect open source developers and companies that market “products with digital elements” (PDEs).
While some view these changes as risky or burdensome - particularly for open source developers - this session takes a different perspective, focusing on the opportunities this new legal framework creates.
This session combines an overview of the CRA with practical guidance on the tools and processes that can help developers and organisations adapt. More importantly, it frames the legislation as an opportunity: a chance for the free software community to strengthen supply chain transparency, improve dependency management, and bring established software engineering practices more fully into everyday development.