Understanding the Cyber Resilience Act (CRA): What software and product companies need to know
In this episode, Viktor Lukachyk, Security Manager at Sigma Software, joins Nicolas and Dag from Codific to break down the Cyber Resilience Act (CRA) and what it means for software and digital product companies operating in the EU. We discuss how CRA fits alongside regulations like NIS 2 and DORA, which products fall into scope, and why CRA is focused on secure by design principles rather than company level compliance. This episode is a practical discussion for security leaders, product managers, compliance teams, and engineering organizations preparing for CRA and looking for a realistic path forward. In this conversation, you will learn: What the Cyber Resilience Act is and why it matters Which products are in scope, and why SaaS is excluded CRA product classifications and self assessment versus third party attestation Key obligations such as SBOMs, vulnerability management, updates, and risk based security Where companies are most likely to struggle with CRA compliance The business and operational impact of CRA on product teams How OWASP SAMM and other frameworks can help prepare for CRA Why documentation, evidence, and structure matter more than ever Practical first steps to get started with CRA readiness Success story on the Codific & Sigma Software partnership: https://codific.com/building-security... 🔗 Learn more about SAMMY: https://sammy.codific.com/ 📌 Follow us on LinkedIn: / 9420309 🌐 Or visit our website: https://codific.com/ 🔔 Subscribe for more AppSec tutorials and security framework insights!

Is security becoming prompt-driven? The future of AppSec in the age of AI

The European Way To Resilience: CRA(ck), SBOM(b) & AdviSor®y

China Is About To Pop The AI Bubble

Something is jamming GPS over Europe. Here's what we found

From HelloFresh to Head of Product: Why retention always beats acquisition - with Valentin Klein

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026

Attacking AI - Jason Haddix - NDC Security 2026

This Is What 500 Days of Trump's Corruption Looks Like

The World's Most Important Machine

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

Backend web development - a complete overview

Cybersecurity Trends in 2026: Shadow AI, Quantum & Deepfakes

Google & AWS Veteran: What Top Tier Software Architects Do Differently

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Inside the Mind of Anthropic CEO Dario Amodei | The Circuit | Extended Interview
![Nicholas Carlini - Black-hat LLMs | [un]prompted 2026](https://i.ytimg.com/vi/1sd26pWhfmg/hqdefault.jpg?sqp=-oaymwE9CNACELwBSFryq4qpAy8IARUAAAAAGAElAADIQj0AgKJDeAHwAQH4Af4JgALQBYoCDAgAEAEYciBmKDYwDw==&rs=AOn4CLBn1sRfbeYcMnkqD2mtRZhq1TO6JQ)
Nicholas Carlini - Black-hat LLMs | [un]prompted 2026

Privacy Threat Modeling: Learn all about it from two experts in the field!

How to Get and Evaluate Startup Ideas | Startup School

Cybersecurity Zero Trust Architecture : Explained For Beginners

