This is deep dive into DORA the EU Digital Operational Resilience Act.

For more details refer to the Codific website: https://codific.com/summary-of-dora/

This episode covers the EN-40000 standards that serve as a provisional basis for CRA Horizontal Standards.

This is the summary of resources collected on complycra.eu for the full story and presentation please refer to the website:

https://complycra.eu/cra-standards/

This content is a summary of a deep dive by the Codific team.

For the full coverage refer to the article on the Codific Website: https://codific.com/secure-controls-framework-a-comprehensive-overview/

This is a summary of interviews in the Codific website.

For the full stories please refer to the Codific website:

https://codific.com/codifics-customers-success-stories/

This is a summary of a deep dive by the Codific team.

For the full article please refer to the Codific website:

https://codific.com/nis-2-directive-compliance-guide-fines-scope/

This is a summary of a deep dive by Aram Hovsepyan.

For the full article refer to the Codific website: https://codific.com/nist-ssdf-1-2-explained/

In this International Women’s Day interview, we speak with Kim Wuyts, a privacy engineer and privacy by design advocate with 15+ years across security and privacy. Kim helped develop LINDDUN, a privacy threat modeling framework, and regularly speaks at international security and privacy conferences.This conversation is for women who are considering cybersecurity or privacy, women already in tech who want to move into security, and anyone who wants a clearer, more realistic picture of what the work looks like.What we cover:- Why cybersecurity is bigger than “super technical” roles- What the job actually looks like day to day, and why it’s often collaborative and human- How to start small, pick a lens, and stay curious- Ways to “taste the field”, meetups, OWASP, short courses, CTFs, and shadowing security or privacy reviews- The real skill, asking better questions, not knowing everything- Confidence tips, including “I’ll get back to you” and applying before you feel 100% ready- Community and mentorship, how to find your tribeRead the press release here: https://securitybrief.co.uk/story/women-in-cybersecurity-what-it-really-looks-like-and-where-you-can-fit

This episode is based on analysis by Aram Hovsepyan.

For the full story refer to his blog post here: https://codific.com/claude-code-security-will-ai-disrupt-application-security/

In this episode, Viktor Lukachyk, Security Manager at Sigma Software, joins Nicolas and Dag from Codific to break down the Cyber Resilience Act (CRA) and what it means for software and digital product companies operating in the EU.We discuss how CRA fits alongside regulations like NIS 2 and DORA, which products fall into scope, and why CRA is focused on secure by design principles rather than company level compliance.This episode is a practical discussion for security leaders, product managers, compliance teams, and engineering organizations preparing for CRA and looking for a realistic path forward.In this conversation, you will learn:- What the Cyber Resilience Act is and why it matters- Which products are in scope, and why SaaS is excluded- CRA product classifications and self assessment versus third party attestation- Key obligations such as SBOMs, vulnerability management, updates, and risk based security- Where companies are most likely to struggle with CRA compliance- The business and operational impact of CRA on product teams- How OWASP SAMM and other frameworks can help prepare for CRA- Why documentation, evidence, and structure matter more than ever- Practical first steps to get started with CRA readiness

ISO 27001, NIST CSF, NIST SSDF, CIS Critical Security Controls Framework. All these things are called frameworks. But what are they really? Why do we need them? And are they only relevant for GRC teams in large organizations? If all your tools show green dashboards, isn’t that enough to claim your software product is secure?

In this episode of AppSec Science I explain why frameworks are essential for systematically managing risk across teams, business units and entire organizations. I map out the full domain of application security, from the broad world of information security all the way down to the most scoped domain, the software development lifecycle.

One of the key takeaways, compliance almost never leads to real security. Strong security on the other hand will drastically reduce the effort needed to achieve compliance. And in that space, the best framework to start with by far is OWASP SAMM.