top of page

Post-Quantum Cryptography Conference 2025, Kuala Lumpur

  • Writer: Giuliana Bruni
    Giuliana Bruni
  • 1 minute ago
  • 2 min read

The biggest global gathering dedicated to post-quantum cryptography took place last week in Kuala Lumpur, and we were there.


The Post-Quantum Cryptography Conference 2025, hosted by the PKI Consortium, brought together more than 2,500 experts from 30+ countries to discuss a single, urgent message: Quantum computing is coming fast, it’s time to move from awareness to action.


Sean smiling at a post-quantum cryptography conference in Kuala Lumpur. Background features a conference sign. Text: PKIC 2025.

There was a genuine sense of collective purpose throughout the event. Malaysia’s Ministry of Digital and National Cyber Security Agency (NACSA) took the lead regionally, launching their National Post-Quantum Cryptography Readiness Roadmap, a reminder that post-quantum readiness is a global movement.


SCANOSS joined forces with the Linux Foundation PQCA and IBM to lead a hands-on workshop titled “Advancing CBOM: Hands-On with CycloneDX v1.7 and PKI Extensions.” The session introduced upcoming extensions to the CycloneDX CBOM standard, including new mechanisms for reporting PKI certificates, and explored real-world use cases across telecom, finance, and open source ecosystems.


Together with experts from IBM and the Linux Foundation, we discussed how open tooling from SCANOSS can make cryptographic visibility practical, verifiable, and ready for CI/CD integration. It was a milestone for collaboration, reinforcing a shared principle: you can’t migrate what you can’t see.


We were also proud to see our work highlighted in the PQCA blog, where the Linux Foundation PQCA CBOM Workshop recognised the importance of cryptographic transparency and open discovery datasets.


Sean stands at a podium using a laptop. The background is a neutral wall.

Across sectors, the discussion consistently returned to one theme: the shift from panic to planning. From healthcare to finance, speakers emphasised that post-quantum migration is less about algorithms and more about trust, interoperability, and compliance. The Financial Sector Readiness Roundtable captured this perfectly, as Jaime Gómez García (Banco Santander) joined peers from Citi and Europol to explain how the industry is moving from speculation to structure. His remark summed up the tone of the entire conference: organisations should stop worrying about Y2Q and start focusing on compliance.

 

Crowd at a Post-Quantum Cryptography Conference in Kuala Lumpur. Attendees face a large sign, with wood-paneled walls in the background.

Of course, not everything happened in the conference rooms. The informal dinners were where conversations deepened. Between sessions, we found time to explore a little of Kuala Lumpur, its contrasts of old and new, the skyline of glass towers above the aroma of street-side satay grills. It’s always refreshing to be reminded that behind all the acronyms and protocols, there’s a very human community building this future.


Night market scene with red lanterns above, people browsing food stalls. Bright neon signs, lively atmosphere, diverse street vendors.

The PKI Consortium closed the event with the release of its Post-Quantum Cryptography Maturity Model (PQCMM), a framework to help organisations benchmark readiness and plan migrations. The next stop: Germany 2026, where the conversation will focus on practical implementation and lessons learned.


For us, Kuala Lumpur was a reminder that transparency and collaboration will define how we build trust in the quantum era.

 

Adopt SCANOSS today

Get complete visibility and control over your open source.

bottom of page