Session Name: Software Development in the Age of Compliance
The way we write software is about to change - and it’s the governments of the world driving us to do it. Upcoming regulatory shifts, starting next year, from the EU and the US are stirring up the software development world, ushering in an era of enhanced security and trust in all products - open source or commercial. The EU’s Cyber Resilience Act (CRA) is introducing a required ‘CE’ marking for most software products, making it a badge of cybersecurity assurance for everyone involved. Also in 2024 in Europe the NIS2 Directive is raising the safety net of risk management and incident reporting practices across the EU’s critical industries. Across the pond, the US Cybersecurity Strategy 2023 is joining the chorus, emphasizing stronger shields for critical software infrastructure and liability for developers. This talk is all about diving into how riding the wave of these regulatory changes propels the software development world into a new era for all. It is useful for everyone involved in software development for a forward look on what is coming our way as an industry.
Ilkka is an experienced DevOps engineer and has worked with companies across 40 different countries to implement, maintain and improve their DevSecOps pipelines and Software Supply Chain practices. He is a passionate advocate of Value Stream Mapping and steady caffeination. In his day job, he leads Sonatype's Solutions Architecture and Developer advocacy divisions. During his free time, he likes to pretend he knows how to compose synthwave in front of his synthesizer.