Skip to main content

Talking OSS Security in Europe this February

By January 26, 2023Blog
OSS Security

By Brian Behlendorf, OpenSSF

This February, along with many others, we’ll be discussing Open Source Software (OSS) Security in Europe – first in Brussels during the EU Open Source Policy Summit and then at FOSDEM, followed by the State of OpenCon in London. I’m pleased to be participating in the following events.

EU Open Source Policy Summit: Feb 3

The Open Source Policy Summit is happening in Brussels, right before FOSDEM this year. Europe’s key to success is collaboration. In the digital sphere, collaboration can be spelled Open Source. Open Source is intricately linked to Europe’s collaborative culture. This has made Europe an Open Source champion. With the Open Source innovation model being a fundamental building block of our digital reality, Europe is well-placed to achieve its digital policy goals using Open Source as a strategic tool.  The EU Open Source Policy Summit 2023 will explore Europe’s opportunities when leveraging these modes of technological collaboration at scale. Looking at digital policy through this lens, open and collaborative innovation is a source of optimism.

You won’t want to miss this Panel: From Software Security to Digital Sovereignty: What’s on the Agenda for OSS Funders?

EU Open Source Policy Summit 2023

This panel brings together stakeholders from a variety of sectors to speak about the current state of OSS funding and future directions for OSS funding in Europe including myself, Cailean Osborne, Researcher at the University of Oxford & the Linux Foundation, Emmy Tsang, Engagement Lead at Invest in Open Infrastructure, Govind Shivkumar, Director, Responsible Technology at the Omidyar Network and Jean-Luc Dorel, Programme Officer at Next Generation Internet, DG CNECT, European Commission. 

The panel will begin by setting the scene of OSS funding (best) practices: who funds OSS (governments, companies, philanthropies, etc.), what are their interests and priorities, and what are their funding models (corporate sponsorship, community grants, public-private models, etc)? Subsequently, we will move on to discuss the needs and potential pathways for OSS funding in Europe. We’ll discuss questions, such as: What should OSS funding priorities in Europe be? Should there be a coordinated EU-wide OSS funding strategy? Who should be involved in funding European OSS projects? Overall, the panel aims to inspire and inform the policy agenda concerning funding as a critical motor for the growth and sustainability of OSS across Europe and beyond.

FOSDEM: Feb 4 – 5

FOSDEM is a yearly event for open source software developers. Once again this year, folks will have the opportunity to gather in person. Plan to attend the weekend of Feb 4 – 5 in Brussels. (If you can’t make it in person, the recordings will be available here after the conference.)

There will be a lot of great security content at FOSDEM this year, and many Linux Foundation projects will be represented. Take a look at some of the places you can meet the LF Europe team early this year.

Main Track

I will speak in FOSDEM’s main track.

Talk Title: Building Strong Foundations for a More Secure Future: Addressing The Systemic Issues in the Software Supply Chain that Led to Log4Shell

When: Sunday, February 5 at 11:00

Room: Janson

Abstract: The open source community has become vulnerable to new kinds of attacks on the software supply chain and there have been efforts by many to address those challenges. Those efforts require new processes, new tools, and new initiatives to drive adoption. Heightened interest, particularly by governments of the world, has driven the open source community to respond with a mobilization plan to achieve specific goals. The Linux Foundation and OpenSSF delivered a first-of-its-kind plan to broadly address open source and software supply chain security outlining approximately $150M of funding over two years to rapidly advance well-vetted solutions to the ten major problems facing open source software security. These concrete action steps are designed to produce immediate improvements and build strong foundations for a more secure future. Find out what you can do to be more secure and support this global security effort.

Don’t miss it!

SBOM Devroom

Software Bill of Materials (SBOM) is on everyone’s list of things to learn more about. If you’re interested in learning more about SBOM, plan to be in the SBOM Devroom on Sunday, February 5. 

SBOM Devroom FOSDEM Feb 5 2023

The SBOM Devroom program committee received a large number and a healthy mix of talk proposals. The FOSDEM team was gracious enough to expand the event to a full day. 

The room’s schedule features talks about seasoned tools, new projects, and use cases. To accommodate a large number of proposals touching on general SBOM subjects, the event will also hold a panel where speakers will discuss their areas of interest such as SBOM contents, usage, quality, and more.

SBOM DevRoom schedule FOSDEM

If you want to learn about SBOM now, listen to this talk from the OpenSSF Day Europe: SBOM Everywhere, by Kate Stewart, Vice President of Dependable Embedded Systems, Linux Foundation.

State of Open Con 23: Feb 7-8

The UK’s Open Technology Conference, State of Open Con 23, will focus on topics like Open Source Software, Open Hardware & Open Data in London just after FOSDEM. I will speak on the following panel with Anjana Rajan, Assistant National Cyber Director for Technology Security, The White House and Guy Podjarny, Founder, Snyk.

State of Open Con 23

Panel: International Security Policy

When: Wednesday, February 8 at 1:00 PM

I look forward to discussing everything from the state of OSS security funding to international security policy in Europe this February and hope to see you in Brussels and London.