Why not approach security with a lighter touch? Security topics are often labeled “too complex,” “too serious,” or simply “not sexy enough.” But who says weighty topics cannot also be tackled with a sense of enjoyment? Together with our partner ReversingLabs, we decided to prove the opposite—with our Winterbeer event. Pressing challenges in software supply chain security met an exclusive, entertaining, and genuinely delicious craft beer tasting.

The concept had already been tested. That only made the anticipation greater. A few weeks earlier, the time had come: boxes of excellent craft beer arrived at our office—and, fittingly for the holiday season, we turned into Christmas elves. We packed gift boxes for our participants, each containing two sets of three beer varieties. One of them had even been brewed especially for the event: our IdentiBeer, in the seasonal strong-beer edition “TOMATOR,” brewed by our partner BrauDich. Once the precious cargo was sent out again, all that was left for us to do was wait a few more weeks.

Then, on January 23, 2025, our Winterbeer after Four event finally began. As always, the special setting—our craft beer tasting, complete with all the relevant details about each beer’s characteristics and flavor profile—was a highlight for everyone involved. But of course, we had not devoted ourselves only to the culinary side of things. Once again, the real focus was on combining enjoyment with professional expertise. This time, the central topic was (software) supply chain security.

Focusing on the challenges

In a time of increasing connectivity and growing dependence on software, companies face a central challenge: they need to ensure the security of their software supply chain—from the ground up. That means not only identifying potential vulnerabilities, but also building a broader understanding of the conditions and risks connected to them.

One important factor is the regulatory pressure created by frameworks such as DORA (Digital Operational Resilience Act) and NIS2 (Network and Information Security Directive). It is therefore becoming increasingly urgent to build theoretical knowledge in these areas and apply it in practice. With exactly these challenges in mind, the agenda for our Winterbeer after Four event took shape. After taking a look at the risks within the software supply chain, the surrounding regulatory environment—and, naturally, after tasting the next cold, hoppy beer—the session moved into the practical part.

In an open discussion round, the participants took center stage. Some briefly presented the software security approaches they already had in place and valued the exchange with us as industry experts. Questions such as “What steps is your company taking to reduce software security risks?” and “How are you dealing with the growing dependency on third-party software?” were at the heart of the conversation. The lively discussion made one thing clear: many of the challenges are shared across industries—and that offered valuable inspiration for potential solutions.

Our experts from USO and ReversingLabs rounded out this part of the program with a concrete overview of supply chain security requirements—and managed to resolve some of the question marks that had come up.

Another highlight was the detailed look at the technical foundations, especially the question: What is software, really—and why are binaries such a major issue? In an interactive session, we explained clearly how software consists not only of code, but also of countless dependencies that often remain invisible when dealing with compiled binaries rather than open source code. We then took a closer look at those binaries to show how serious security vulnerabilities can stay hidden if they are not analyzed properly.

Our live demo on binary analysis illustrated how companies can uncover potential risks and address them in a targeted way. For our participants, it was one of those real aha moments—something that delivered practical value well beyond theory.

After a good hour and a half—rather than the one hour originally planned—the whole event was already over again. Our participants closed their laptops with refreshed and newly gained knowledge, with a first taste of what effective binary analysis can reveal, and with the lingering flavor of good beer on their tongues. And we, too, took something away from the event: this will not have been USO’s last beer event. Promise.