mxmehl/mehl.mx
1
0
Fork 0
Code Issues 3 Pull Requests Actions Releases Wiki Activity

add mastodon URLs to recents posts
All checks were successful
Website build and deploy / build (push) Successful in 2m10s
Details

Browse Source
This commit is contained in:
Max Mehl
2026-03-02 18:04:51 +01:00
parent 323fc7a02a
commit 907db96de0
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
content/blog/2026-01-fosdem-supply-chain-strategy/index.md
View File

@@ -19,6 +19,7 @@ slides: https://fosdem.org/2026/events/attachments/ZSWH3N-deutsche-bahn-supply-c
event: event:
name: FOSDEM 2026 name: FOSDEM 2026
href: https://fosdem.org/2026/schedule/event/ZSWH3N-deutsche-bahn-supply-chain-cra-strategy/ href: https://fosdem.org/2026/schedule/event/ZSWH3N-deutsche-bahn-supply-chain-cra-strategy/
mastodon_toot_url: "https://mastodon.social/@mxmehl/116160561981890042"
--- ---
At FOSDEM 2026, I presented Deutsche Bahn's software supply chain strategy in the context of the EU Cyber Resilience Act (CRA), but made clear from the start that CRA was the context, not the trigger. We didn't adopt SBOMs because of regulation regulation validated the direction we were already taking based on operational needs. The presentation positioned our work at the intersection of CRA compliance requirements, IT operation best practices, and the practical realities of running IT infrastructure for an organization with 220,000+ employees, 7,000+ IT applications, and 100,000+ Open Source components. At FOSDEM 2026, I presented Deutsche Bahn's software supply chain strategy in the context of the EU Cyber Resilience Act (CRA), but made clear from the start that CRA was the context, not the trigger. We didn't adopt SBOMs because of regulation regulation validated the direction we were already taking based on operational needs. The presentation positioned our work at the intersection of CRA compliance requirements, IT operation best practices, and the practical realities of running IT infrastructure for an organization with 220,000+ employees, 7,000+ IT applications, and 100,000+ Open Source components.

1
content/blog/2026-02-fosdem-sbom-collection/index.md
View File

@@ -19,6 +19,7 @@ slides: https://fosdem.org/2026/events/attachments/7EYTRJ-deutsche-bahn-large-sc
event: event:
name: FOSDEM 2026 name: FOSDEM 2026
href: https://fosdem.org/2026/schedule/event/7EYTRJ-deutsche-bahn-large-scale-sbom-approach/ href: https://fosdem.org/2026/schedule/event/7EYTRJ-deutsche-bahn-large-scale-sbom-approach/
mastodon_toot_url: "https://mastodon.social/@mxmehl/116160570821178215"
--- ---
At FOSDEM 2026, I presented Deutsche Bahn's journey from operational need to concrete implementation of large-scale SBOM collection and use. The scale is staggering: approximately 500,000 SBOMs across our software supply chain expected, covering 7,000+ IT applications, 100,000+ Open Source components, and diverse sourcing streams from software we build ourselves to what we buy and operate. The talk focused on how we moved from understanding that "we need to know, in real-time, which exact component is used where and how" to actually making this happen in an organization with 220,000+ employees and hundreds of subsidiaries. At FOSDEM 2026, I presented Deutsche Bahn's journey from operational need to concrete implementation of large-scale SBOM collection and use. The scale is staggering: approximately 500,000 SBOMs across our software supply chain expected, covering 7,000+ IT applications, 100,000+ Open Source components, and diverse sourcing streams from software we build ourselves to what we buy and operate. The talk focused on how we moved from understanding that "we need to know, in real-time, which exact component is used where and how" to actually making this happen in an organization with 220,000+ employees and hundreds of subsidiaries.