Bridging Security Maturity and Regulatory Compliance: How SAMM Enables CRA Essential Requirements for FOSS Projects
Nessim Kisserli
PwCTechnical Expert, Cyber & Privacy
Abstract
The talk explores how SAMM can be the foundation for signalling how compliant with the Cyber Resilience Act’s (CRA) Essential Requirements (ERs) a project currently is. It discusses the capabilities needed to make it demonstrable, and highlights complementary open source tools and frameworks for doing so. Given the limited time, the talk will focus on the CRA’s secure by design requirements rather than vulnerability handling.
Speaker bio
Nessim is a Technical Expert in PwC’s Cyber & Privacy team with over 25 years of experience in information and application security. He specializes in helping clients enhance the quality and security of their modern application development processes, often serving as a security champion, conducting threat modeling sessions, architectural reviews, and security assessments. He has focused on secure SDLC practices, DevSecOps and CI/CD pipelines, Kubernetes and container security, supply chain security management, and more recently, the CRA. He holds a number of certifications including CSSLP, SABSA, and GIAC-GCSA.