2026-09-10 –, D.0.07
Learn what the EU Cyber Resilience Act is and what it means for you. Then, deep dive into SBOMs and discover how to choose the right tools for dependency management.
The European Union Cyber Resilience Act (CRA), along with similar international legislation, will come into force during 2026 and 2027. These regulations introduce new legal obligations requiring software to be secure by design and by default, while also imposing strict deadlines for reporting exploited vulnerabilities.
This session will explain the obligations introduced by the new legislation and explore how they affect open source developers and companies that market “products with digital elements” (PDEs).
While some view these changes as risky or burdensome - particularly for open source developers - this session takes a different perspective, focusing on the opportunities this new legal framework creates.
This session combines an overview of the CRA with practical guidance on the tools and processes that can help developers and organisations adapt. More importantly, it frames the legislation as an opportunity: a chance for the free software community to strengthen supply chain transparency, improve dependency management, and bring established software engineering practices more fully into everyday development.
Alice has been supporting the FreeBSD Foundation as a contract service provider since mid-2024. She is a multi-skilled program manager and open source leader with over 20 years in technical roles across cloud native, AI/ML, and DevOps. Currently active in the FreeBSD Foundation, CHAOSS project, and the TODO Group, she brings expertise in program management and strategic leadership. Alice’s past roles include Program Director at Equinix, with other experience spanning product management, UX, and developer relations. She is known for her collaborative approach and commitment to impactful, community-driven initiatives.
Peter N. M. Hansteen is a devops and network security consultant, writer, and sysadmin based in
Bergen, Norway. In addition to writing The Book of PF (4th ed forthcoming), Hansteen is longtime free unixlikes advocate, a frequent lecturer on OpenBSD and FreeBSD topics, an occasional contributor tech magazines and websites and co-organizer of Unix user groups and BSD-themed conferences. Fun fact: Before setting out to write about PF and BSDs in general, Hansteen was a participant in the original RFC 1149 implementation team.
Pierre Pronchery is passionate about Open Source software and Operating System internals in particular, which has led him to join the NetBSD Foundation as Developer in 2012 and then as Director on the Board since 2017. Learning how systems work also teaches how they break, and it only made sense for him to advise and audit major companies professionally as IT-Security Consultant, in a variety of situations involving Penetration-Testing, Incident Response, Reverse Engineering, or Red Teaming. More recently, he joined the FreeBSD Foundation as Security Engineer, where he currently helps the FreeBSD Project as Developer and member of the Security Team.