We’re thrilled to announce that the agenda for Secure Open Source Software (SOSS) Community Day EU on September 19, 2024, is now live! Join us for a day filled with insightful technical talks, engaging panels, and a hands-on Table Top Exercise (TTX). SOSS Community Day EU will be co-located with the Open Source Summit Europe in Vienna, Austria.
This year, we are back again with two tracks due to overwhelming responses.The agenda features a diverse array of sessions designed to deepen your understanding of open source software security, foster community collaboration, and drive forward the latest security initiatives. Whether you’re a seasoned OSS professional or new to the field, there’s something for everyone.
Agenda Details
- Welcome & Opening Remarks
- Application Security is a Community Effort – Fernando Diaz, Senior Developer Advocate, Security, GitLab
- Keynote Sessions: To Be Announced
- Security Initiatives in Community Driven Projects: Looking Ahead with Python and Rust – Deb Nicholson, Python Software Foundation; Rebecca Rumbul, Rust Foundation
- We Know Security but How Do We Secure GenAI End-to-End? – Mihai Maruseac, Google
- Finally! Automated End-to-End VEX Streams You Can Trust – Adolfo García Veytia, Stacklok
- Secure Consumption of Open Source Components: From Open World Exploration to Guided Adventure – Joshua Lock, Verizon
- Enforcing Organization Policies with Enterprise Contract – Zoran Regvart, Red Hat
- Hitchhikers’ Guide to the Vulniverse – C Rob, Intel
- Play, Learn, Secure: The Power of Gamification in Security Training – Julia Lamenza, Consultant
- Userspace CNI – Developing in the Open with Remaining Secure – Michael OReilly & John O’Loughlin, Intel
- Breaking Barriers: The Art of (Free) Gamified Security Training – Joseph Katsioloudes, GitHub
- OSS Dependency Health: Towards Maturity and Sustainability Risk Assessment Model – Georg Link & Miguel Ángel Fernández Sánchez, Bitergia; Ana Jiménez Santamaría, Linux Foundation; Wietse Braam, ING BANK
- Rules of Engagement for Forking a Dependency – Chris Swan, Atsign
- The Current State of Open Source Security Compliance Tooling Is … Well, Sad. – Philippe Ombredanne, AboutCode
- Nation-State Threats in the Open-Source Software Supply Chain – Ross Bryant, Phylum
- Prioritisation of SCA Findings in Software Dependencies Using Static Reachability Analysis – Joseph Hejderup, Endor Labs
- Managing Vulnerabilities in Open-Source Dependencies – Eva Sarafianou, Mattermost
- Securing Content Distribution with RSTUF, an Incubating OpenSSF Project – Kairo De Araujo, TestifySec; Martin Vrachev, Broadcom
- Secure Coding Guide for Python – Georg Kunz, Ericsson
- Web Developer Security: Best Practices & Beyond – Daniel Appelquist, Samsung
- Exploring a Risk Approach to Software Supply Chain Security – Abdullah Garcia, J.P. Morgan
- Exploring Some Essential Security Checks for Any Open Source Go Project – Cosmin Cojocar, Google
- Let Devs Be Devs Without Sacrificing Security – Andrew McNamara, Red Hat
- TTX Session – The Linux Foundation; Panelist To Be Confirmed
- Security Lessons Learned from Scanning Thousands of Repos – Aviram Shmueli, Jit
- Navigating the Quantum Readiness Journey: Open-Source Cryptography, PKI and Signing Tools – Mike Agrenius Kushner, Keyfactor
- Run GenAI Projects at Scale Securely: From the Operating System to the MLOps Platform – Andreea Munteanu, Canonical
- Closing Remarks – Omkhar Arasaratnam, General Manager, OpenSSF
Table Top Exercise (TTX)
We’re excited about the return of the Table Top Exercise (TTX) at SOSS Community Day EU, following the enthusiastic feedback we received from SOSS Community Day North America (NA). This year, we’re introducing an enhanced format in response to the upcoming EU software regulations. The 90-minute interactive session will simulate a security incident response, aiming to achieve several key goals: providing a practical playbook for maintainers, contributors, and open-source consumers to adapt and implement in their own environments; offering educational insights for developers new to security; and showcasing how current OpenSSF tools and frameworks can support during a security incident.
Attendees will actively participate, bringing their expertise across various aspects of open-source software security—from production and distribution to vulnerability management and incident response. Join us for this engaging and valuable experience!
Sponsorship Opportunities
SOSS Community Day EU offers valuable opportunities for sponsorship. For more details on sponsorships, download the prospectus. Connect with us at sponsor@openssf.org to explore various sponsorship options and secure your spot. We look forward to seeing you in Vienna!
Register Now
Secure your spot for SOSS Community Day EU by registering today. Visit our event website for venue details, and don’t forget to book your hotel and travel arrangements promptly to ensure you get the best accommodations.
Join us for a day of learning, networking, and collaboration as we work together to enhance the security of open source software. See you in Vienna!