Bridging Security Maturity and Regulatory Compliance: How SAMM Enables CRA Essential Requirements for FOSS Projects
Nessim Kisserli
Technical Expert, Cyber & Privacy
PwC
Abstract
The talk explores how SAMM can be the foundation for signalling how compliant with the Cyber Resilience Act’s (CRA) Essential Requirements (ERs) a project currently is. It discusses the capabilities needed to make it demonstrable, and highlights complementary open source tools and frameworks for doing so. Given the limited time, the talk will focus on the CRA’s secure by design requirements rather than vulnerability handling.
Speaker Bio
Nessim is a Technical Expert in PwC’s Cyber & Privacy team with over 25 years of experience in information and application security. He specializes in helping clients enhance the quality and security of their modern application development processes, often serving as a security champion, conducting threat modeling sessions, architectural reviews, and security assessments. He has focused on secure SDLC practices, DevSecOps and CI/CD pipelines, Kubernetes and container security, supply chain security management, and more recently, the CRA. He holds a number of certifications including CSSLP, SABSA, and GIAC-GCSA.
We use analytics cookies to understand how visitors use this site. See our privacy policy.
Cookie preferences
Necessary
Required for the site to work. Cannot be disabled.
Always on
Analytics
Helps us understand how visitors use the site (Google Analytics and Scarf page-view pixels on SAMM model pages). No personally identifiable information is collected.
