IMPACT 2025
In mid-October, our yearly partner and friends of SBA Research event IMPACT brought together experts, practitioners, and decision-makers from research, industry, and the open-source community. One afternoon with discussion about the latest developments in security, open source, and research and to celebrate our long-standing relationships.
This year’s program offered a mix of keynotes, technical talks, and interactive discussions – all aimed at fostering knowledge exchange and collaboration:
Keynote: Open Source im militärischen Umfeld – Lambert Scharwitzl (Bundesministerium Landesverteidigung)
Modern military conflicts are increasingly hybrid, extending beyond traditional battlefields into the cyber and information domains. The ICT landscape of armed forces now spans multiple domains – from command and control systems to logistics, communications, and intelligence. In this environment, every military device and system is IT-based, making cybersecurity, interoperability, and technological sovereignty decisive factors for mission success.
In his keynote, Lambert Scharwitzl explored the role and potential of open-source software in the military context and discusses criteria for the operational use of open source. The presentation also highlighted practical experiences from the Austrian Ministry of Defence’s transition to LibreOffice, illustrating both the opportunities and challenges of open-source adoption.
CRA & SDLC: I just wanted to build software – and now I’m doing CRA compliance. – Gerald Sendera, Nicolas Petri
The EU is increasingly demanding mandatory cybersecurity measures. The Cyber Resilience Act (CRA) focuses on “products with digital elements.” Since there are currently no harmonized standards or certification schemes – or they are too complex – this paper demonstrates, using selected Essential Security Requirements from Annex I of the CRA and an approach based on SAMM (Software Assurance Maturity Model) and ASVS (Application Security Verification Standard), how these requirements can be addressed in a practical way.
Rainforest or Desert? Software Ecosystems in Crisis?! – Alexander Schatten
Distributed software systems form the digital nervous system of our society. They behave like complex ecosystems – constantly changing, under attack, in competition, and subject to global selection processes. The traditional metaphor of deterministic engineering is misleading when trying to describe or control such systems. Software should therefore be seen not as static, but as a continuously evolving, dynamically stabilized system. Loss of control, severe quality issues, and serious security incidents have become constant companions.
Open-source software plays a central role in this global ecosystem – it is embedded as a critical component, framework, or library in almost all other open-source and commercial software. In a world marked by geopolitical and economic tensions, software has become a strategic factor. This raises key questions: how can we keep these complex systems manageable, maintainable, and mitigate the growing problems?
SBA Research has been active in this field for many years. One of its projects, I-SEE (Integrated Software Ecosystem Evaluation) – a research and commercial collaboration with Objentis – offers a practical approach to assessing the dynamic behavior and risks of complex software systems across technical, social, and security dimensions, thereby supporting sustainable and evolutionary software development.
Security Framework Bund 2.0 – Christian Zec (Bundeskanzleramt), Stefan Jakoubi
In his talk, Christian Zec presented the evolution and outlook of the Security Framework for the Bund (SFB) 2.0. He reflected on the experiences from the predecessor project SFB 1.0, which laid the foundation for a unified and structured security approach across governmental institutions. The new iteration, SFB 2.0, builds on these lessons. Christian Zec outlined the next project steps and highlighted key lessons learned including the importance of cross-agency collaboration and fostering a shared security culture within the public sector.
The event concluded with networking, providing the opportunity to connect with peers and continue the conversations in an informal setting.
© Katharina Schiffl