
SBOMs & CRA Compliance with Olle Johansson and Anthony Harrison
From Nerding Out With Viktor by Viktor Petersson
March 24, 2026 · 1h 21m · Season 3 · Episode 2
About this episode
The episode discusses SBOMs and CRA compliance with insights from industry experts.
In this episode of Nerding Out with Viktor, host Viktor Petersson sits down with Olle Johansson and Anthony Harrison to explore the intersection of Software Bills of Materials (SBOMs) and the EU Cyber Resilience Act (CRA). Together, they unpack what CRA compliance looks like in practice and why SBOMs are becoming a critical piece of the regulatory puzzle. Olle and Anthony share their hands-on experience navigating SBOM tooling, formats like CycloneDX and SPDX, and the operational challenges teams face when integrating these workflows into real-world development pipelines. The conversation covers how organizations can move beyond checkbox compliance toward meaningful transparency in their software supply chains. They also discuss the timeline and enforcement realities of the CRA, how it interacts with existing standards, and what engineering teams should be doing now to prepare. For anyone building, shipping, or securing software in the EU market, this episode offers a grounded, practical guide to the compliance landscape ahead.
People in this episode
Host: Viktor Petersson
Guests: Olle Johansson, Anthony Harrison
Topics covered
- SBOMs
- CRA Compliance
- Software Supply Chain
- Regulatory Challenges
- Development Pipelines
- Transparency
Keywords
- SBOM
- EU Cyber Resilience Act
- CycloneDX
- SPDX
- compliance
- software supply chain
- transparency
- development pipelines
Mentioned in this episode
Organizations: EU Cyber Resilience Act
Products: Software Bills of Materials, CycloneDX, SPDX
More episodes of Nerding Out With Viktor
- Post-Quantum Cryptography: The Trust Crisis Coming for Every System with David Pollak · May 27, 2026 · 1h 24m
- Rethinking Container Security: Why Isolation Was Never Built In (with Alex Zenla) · April 30, 2026 · 1h 19m
- Biohacking Resilience: Engineering the Human System with Marcelo Garcia · February 11, 2026 · 1h 12m
- CRA Explained: What the Cyber Resilience Act Means for Device Manufacturers · December 17, 2025 · 1h 6m
- UK Online Safety Act: Digital ID and the Risks of a Database State · November 19, 2025 · 1h 6m
- Rethinking Software Security Compliance in the Age of AI with Nick Selby · November 5, 2025 · 57 min
Explore listener stats, chart rankings, contacts and more on the Nerding Out With Viktor podcast page.