Security

heise devSec 2026

h

eise devSec is the leading German-language training and networking event for software developers and architects responsible for the security of the software they develop. The conference covers topics such as supply chain security, GenAI and its impact on vulnerabilities and attack techniques, secure software architectures, tools, languages, and legal framew…

Visit the official site
32Voices
24Underwriters
0Exhibitors
78On the bill · sessions
45Companies · in total
§I

The Voices

Programmed at heise, in alphabetical order.
Amin Faez
utilacy
Christian Schneider
Freiberufler
Christian Wenz
Christoph Iserlohn
INNOQ
Clemens Hübner
Giesecke+Devrient
dpunkt.verlag
Falko Strenzke
MTG
Felix Schumacher
INNOQ
Flora Schäfer
secuvera
Frank Ully
Corporate Trust
Jan-Philipp Steghöfer
XITASO
Johannes Bär
condignum
Julia Wasserer
Bundesverwaltungsamt
Klaus Rodewig
Vorwerk Elektrowerke
Lorin Lehawany
ERNW Enno Rey Netzwerke
Mario-Leander Reimer
QAware
Martina Kraus
Kraus IT Consulting
Mehmet Kus
OTARIS Interactive Services
Michael Fuchs
inovex
Mirko Richter
mgm security partners
Niklas Mühleis
Heidrich Rechtsanwälte
N. N.

— and 10 more, by name unsung —

§II

Underwritten By

The houses behind the program. Tiers as disclosed.
SignPathGold
bosch
BWISilber
BWI GmbHSilber
checkmarx
cotech
fhooe
gtb
heidelpay
innoq
INNOQSilber
INOSOFTPlatin
INOSOFT AGPlatin
inovex
iteratec
optimabit
RIGS
rips
searchguard
secodis
Sonatype
synopsys
veracode
WibuSystems
§III

The Programme

Selected from 78 sessions on the bill.
  • 09:00 - 09:15, Dienstag, 22. September

    Eröffnung

  • 09:00 - 9:45, Mittwoch, 23. September

    Cyber Resilience Act & Legacy Code - Warum technische Schulden zum Haftungsrisiko werden

  • 09:00 - 9:45, Mittwoch, 23. September

    LLM-gestützte Code Reviews und Schwachstellensuche: Wirksamkeit und Grenzen

  • 09:00 - 9:45, Mittwoch, 23. September

    Von XZ bis Trivy: Was Supply-Chain-Angriffe über unsere Pipelines verraten

  • 09:15 - 10:00, Dienstag, 22. September

    Keynote [TBA]

  • 10:00 - 10:45, Mittwoch, 23. September

    CRA und IEC 62443-4-1 in der Praxis: Mehr als Threat Modeling und Penetration Testing

  • 10:00 - 10:45, Mittwoch, 23. September

    TBA [Sponsored Talk]

  • 10:00 - 10:45, Mittwoch, 23. September

    Vier grüne Häkchen, trotzdem gehackt: Threat Modeling für agentenbasierte KI

  • 10:30 - 11:15, Dienstag, 22. September

    5 Jahre Application Security in der Praxis – ein Erfahrungsbericht aus der LBBW

Intermission
Part the Second · For the Buyer

What does it mean when 45 companies show up — and 2 bet on three roles at once?

45 companies. two are betting more than once.

The numbers below are derived from the speakers, sponsors, and exhibitors on this page — cross-referenced into one ledger. They are the only thing here that 10times.com cannot tell you.

01Fig. 01 — Composition of the House
2All threespeak · spons · exh
19Sponsoringsponsor only
0Exhibitingexhibitor only
24Companies Speakingspeaker only

The Triple-Threat

INNOQ·inovex

02Fig. 02 — The Voices, by Seniority
  • Other roles32100%

Of 32 on the bill · classified by free-text title

03Fig. 03 — The Heaviest in the Room
  1. 01INNOQSp·S2V
  2. 02inovexSp1V
  3. 03BoschSp
  4. 04BWISp·S
  5. 05CheckmarxSp
  6. 06cotechSp
  7. 07fhooeSp
  8. 08gtbSp
  9. 09heidelpaySp
  10. 10INOSOFTSp·P
  11. 11iteratec GmbHSp
  12. 12optimabitSp
  13. 13RIGSSp
  14. 14ripsSp
04Fig. 04 — By Tier
gold1
4% of 24
platin2
8% of 24
silber3
13% of 24
unspecified18
75% of 24
05Fig. 05 — The Missing · who's at peer events but not here

These companies sponsored two or more peer events recently, but aren't on this program. For an organizer, that's a list of warm prospects.

06Fig. 06 — Adjacent Convocations · by shared underwriters