November 19 @ 3-7pm
Compliance in Action: Securing Open Source and the SSC
Addressing NIS2, DORA, and CRA
Regulation Is Reshaping Software Supply Chain Security — Are You Ready?
November 19, 2025 | 3:00 - 7:00 PM
Oslo, Norway
Across Europe, a new era of software regulation has arrived. The NIS2 Directive, Digital Operational Resilience Act (DORA), and Cyber Resilience Act (CRA) are transforming how organizations manage third-party software risk, secure open source, and demonstrate due diligence across their digital ecosystems.
Compliance is no longer a checkbox — it’s a mandate for visibility, control, and verification over every component that enters your environment.
And it comes at a time of increased software supply chain attacks. From customer data exfiltrated with the Salesloft/Drift compromise to two of the largest open-source attacks seen last month with Shai-Hulud and the Qix NPM Compromise.
Please join André Årnes, Partner and Head of Cyber Security, WLC, and Saša Zdjelar, Chief Trust Officer, ReversingLabs for this special in-person event for uniting Nordic and European security, compliance, and procurement leaders. Together, we’ll unpack the new regulatory expectations and explore the technical, operational, and governance frameworks that make continuous compliance possible — without slowing innovation.
Agenda
- Regulatory Compliance Deep Dive - What NIS2, DORA, and CRA expect of vendors and buyers—and how to meet those requirements efficiently
- Anatomy of a Software Supply Chain Attack - Step-by-step walkthrough of recent incidents (e.g., Salesloft/Drift data theft and the Qix NPM compromise) and how attackers move from package to production
- Addressing the AI Coefficient - AI-generated code and automated remediation have changed development. Learn how to identify undisclosed AI models/capabilities within software you build or buy
- Securely Onboarding Commercial Software - How to automate modern security assessments before release, acquisition, or deployments
- Interactive Leadership Q&A
Location
Compliance In Action Session from 3 PM to 5 PM
Spaces: Fjordaléen 16, 0250 Oslo
Compliance In Action Dinner from 5:30 PM to 7 PM
The Thief : Landgangen 1, 0252 Oslo, Norway
André Årnes | Partner and Head of Cyber Security, WLC
Prior to joining WLC, André served 7 years as the Global Chief Security Officer of Telenor Group. He has 20+ years of experience within security leadership, cyber security, and digital forensics. His previous work experience covers working as CIO in Telenor Global Shared Services, a Senior Principal Consultant for Security Architecture with Oracle, and as a Special Investigator the for Norwegian National Criminal Investigation Service. André is also a part-time Professor at the Norwegian Technical University (NTNU) Department of Information Security and Communication Technology.
Saša Zdjelar | Chief Trust Officer, RL
Saša Zdjelar is the Chief Trust Officer at ReversingLabs and Operating Partner at Crosspoint Capital, with nearly 20 years of Fortune 10 executive experience. He leads the CISO/CSO function and drives corporate strategy, product security, and customer advisory initiatives, including the ReversingLabs CISO Council. Previously, he was SVP of Security at Salesforce and held senior roles at ExxonMobil across cybersecurity, software engineering, and digital resilience. Saša is also a founding member of several CISO communities and serves on the BlackHat advisory boards and the Forbes Technology Council.
