Dan Stelzer
Staff Product Marketing Manager, Docker
Before Docker, Dan held roles across startups, large enterprises like IBM, and organizations in heavily regulated fields such as banking. His work has centered on software supply chain security and compliance with legislation, spanning the people, processes, and tooling that keep modern software trustworthy. Dan regularly writes about the software supply chain security ecosystem and governance, including AI governance. He’s especially interested in technology regulation such as the EU AI Act, DORA, the EU CRA, NIS 2, and related legislation across Europe and beyond.
Outside of work, Dan experiments with AI tools, drawn to how AI is reshaping the way we work, and in particular how it’s transforming the software supply chain.
More by Dan
What Does EU AI Act Compliance Require?
Learn what EU AI Act compliance requires at each risk tier, key deadlines through 2027, and how engineering teams can operationalize AI governance.
Read now
EU Cyber Resilience Act: Overview, Requirements, and Timelines
Learn what the EU Cyber Resilience Act requires, including SBOM mandates, vulnerability reporting, and compliance deadlines for container teams.
Read now
Docker Hardened Images enhanced vulnerability scanning with Docker and Aikido
Aikido now scans Docker Hardened Images (DHI) with built-in VEX support. Vulnerabilities that Docker has verified as non-exploitable drop out of the queue automatically, so developers spend their time on findings that actually matter. This post walks through what changed, why it matters, and how users can benefit from the new integration. Why teams are…
Read now
NIST Narrows the NVD: What Container Security Programs Should Reassess
On April 15, NIST announced a prioritized enrichment model for the National Vulnerability Database. Most CVEs will still be published, but fewer will receive the CVSS scores, CPE mappings, and CWE classifications that container scanners and compliance programs have historically relied on. The change formalizes a drift that has been visible to anyone pulling NVD…
Read now
Precision Container Security with Docker and Black Duck
The complexity of modern containerized applications often leaves developers drowning in a sea of “noise”—vulnerabilities that exist in the file system but pose zero actual risk to the application. The integration between Black Duck and Docker Hardened Images (DHI) provides a definitive answer to this challenge. By combining Docker’s secure-by-default foundations, using VEX (Vulnerability Exploitability…
Read now
Reduce Vulnerability Noise with VEX: Wiz + Docker Hardened Images
Open source components power most modern applications. A new generation of hardened container images can establish a more secure foundation, but even with hardened images, vulnerability scanners often return dozens or hundreds of CVEs with little prioritization. This noise slows teams down and complicates security triage. The VEX (Vulnerability Exploitability eXchange) standard addresses the problem…
Read now
The Rising Importance of Governance at SwampUP Berlin 2025
On November 12-14, the Docker team was out in numbers at JFrog SwampUP Berlin 2025. We joined technical sessions, put on a fireside chat, and had conversations with attendees there. We’d like to thank the folks at JFrog for having us there and putting on such a great show! Here’s our takeaways from the event about software…
Read now
Docker Joins the AWS ISV Accelerate Program
Docker has joined the exclusive tier of ISVs within the AWS ISV Accelerate Program, which offers new opportunities for strategic collaboration between the companies.
Read now
What Does EU AI Act Compliance Require?
Learn what EU AI Act compliance requires at each risk tier, key deadlines through 2027, and how engineering teams can operationalize AI governance.
Read now
EU Cyber Resilience Act: Overview, Requirements, and Timelines
Learn what the EU Cyber Resilience Act requires, including SBOM mandates, vulnerability reporting, and compliance deadlines for container teams.
Read now
Docker Hardened Images enhanced vulnerability scanning with Docker and Aikido
Aikido now scans Docker Hardened Images (DHI) with built-in VEX support. Vulnerabilities that Docker has verified as non-exploitable drop out of the queue automatically, so developers spend their time on findings that actually matter. This post walks through what changed, why it matters, and how users can benefit from the new integration. Why teams are…
Read now
NIST Narrows the NVD: What Container Security Programs Should Reassess
On April 15, NIST announced a prioritized enrichment model for the National Vulnerability Database. Most CVEs will still be published, but fewer will receive the CVSS scores, CPE mappings, and CWE classifications that container scanners and compliance programs have historically relied on. The change formalizes a drift that has been visible to anyone pulling NVD…
Read now
Precision Container Security with Docker and Black Duck
The complexity of modern containerized applications often leaves developers drowning in a sea of “noise”—vulnerabilities that exist in the file system but pose zero actual risk to the application. The integration between Black Duck and Docker Hardened Images (DHI) provides a definitive answer to this challenge. By combining Docker’s secure-by-default foundations, using VEX (Vulnerability Exploitability…
Read now
Reduce Vulnerability Noise with VEX: Wiz + Docker Hardened Images
Open source components power most modern applications. A new generation of hardened container images can establish a more secure foundation, but even with hardened images, vulnerability scanners often return dozens or hundreds of CVEs with little prioritization. This noise slows teams down and complicates security triage. The VEX (Vulnerability Exploitability eXchange) standard addresses the problem…
Read now
The Rising Importance of Governance at SwampUP Berlin 2025
On November 12-14, the Docker team was out in numbers at JFrog SwampUP Berlin 2025. We joined technical sessions, put on a fireside chat, and had conversations with attendees there. We’d like to thank the folks at JFrog for having us there and putting on such a great show! Here’s our takeaways from the event about software…
Read now
Docker Joins the AWS ISV Accelerate Program
Docker has joined the exclusive tier of ISVs within the AWS ISV Accelerate Program, which offers new opportunities for strategic collaboration between the companies.
Read now