Over the past few years, security efforts have focused primarily on cloud infrastructure and on preventing or remediating misconfigurations. In modern software development, however, the security of container images is often treated as a secondary concern, with speed of development and convenience taking precedence. Existing components, from libraries to base images, are reused and sourced through complex and opaque supply chains.
Following prominent security incidents such as Log4j and xz, supply chain security has increasingly moved into the spotlight. In 2025, supply chain failures ranked third for the first time in the OWASP Top 10 Critical Security Risks to Web Applications.
The EU’s Cyber Resilience Act (also applicable in Switzerland) will, starting in 2026, introduce binding requirements to promptly remediate actively exploitable vulnerabilities and to provide complete Software Bills of Materials (SBOMs).
In this session, we will explore solutions for making software supply chains more secure in the future while simultaneously meeting the requirements of the CRA.
The talk will be held in German with some Bernese sprinkled in.
Speakers
Stöf
Christoph Raaflaub is a graduate engineer (FH) in computer science and a Platform Architect at Puzzle ITC in Bern. As a member of the Technical Board, he helps shape the company’s technological direction, driven by a strong passion for CI/CD, automation, and cloud-native technologies. His expertise lies at the intersection of platform engineering, DevSecOps, and modern software architecture. With over 15 years of experience, Christoph supports organizations in designing scalable and secure software delivery pipelines that sustainably improve efficiency, quality, and security. He specializes in building Internal Developer Platforms (IDPs) and developer portals (Backstage), with a particular focus on software supply chain security to balance innovation and security.
Ela
Raphaela Seeger joined Puzzle 3.5 years ago as a Platform Engineer after completing her PhD in biological systems. She brought her passion for automation with her and works at Puzzle on CI/CD, DevSecOps, and supply chain security. With her extensive teaching experience, she excels at explaining complex topics, such as security risks in cloud environments, in a clear and accessible way, and at outlining practical solution approaches.
Registration
You can register via Meetup. We look forward to seeing you there!