Skip to main content

đź“© Stay Updated! Follow us on LinkedIn and join our mailing list for the latest news!

OSS Security Adventure: Recap of Recent Security-Focused Events Featuring OpenSSF

By August 6, 2024Blog
RecentSecurityEvents

In July, Open Source Security Foundation (OpenSSF) participated in three key events that highlight its dedication to enhancing open source software security for the global public good: the United Nations OSPOs for Good 2024 Conference and the What’s Next for Open Source? Workshops both in New York City, as well as the OECD Global Forum on Digital Security for Prosperity (GFDSP) in Seoul, South Korea. These events provided valuable platforms for engaging with industry leaders, policymakers, and the broader community, emphasizing the critical importance of collective action in securing open source ecosystems. Let’s take a closer look at what we learned from these events.

OSPOs for Good 2024 Conference

The OSPOs for Good 2024 Conference, held at the United Nations Headquarters in New York City, focused on promoting Open Source Program Offices (OSPOs) as a global force for social good, highlighting their role in driving positive change through open source initiatives. 

Our Participation

OpenSSF’s participation featured keynote addresses and panel discussions led by OpenSSF leadership, including Omkhar Arasaratnam, General Manager, and Arun Gupta, Governing Board Chairperson. Their sessions highlighted the importance of building a global network through OSPO collaboration to address worldwide challenges, initiatives to enhance open source security, and the pivotal role of community engagement in fostering a secure ecosystem. 

Key Takeaways

Throughout the conference, the theme of global collaboration emerged as crucial for enhancing open source security, underscoring the necessity of international cooperation. OSPOs were highlighted as pivotal in establishing a secure and sustainable open source environment, playing a key role in fostering best practices and community engagement. Attendees echoed these sentiments, emphasizing the ongoing need for collaboration and advocating for innovative approaches to security to address evolving challenges effectively. 

“What’s Next For Open Source”

Right after OSPOs for Good, What’s Next for Open Source?, a series of workshops, took place at Microsoft’s office in New York City.

Our Participation

OpenSSF played a pivotal role in shaping discussions across three interactive tracks: OSPOs & Social Impact, Open Source Software (OSS) Community, and Digital Infrastructure. This structure facilitated diverse engagements that explored the future trajectory of open source, highlighting key challenges and opportunities facing the community.

During the event, OpenSSF shared resources with new innovative open source projects that serve for “good,” empowering participants with tools and frameworks to boost innovation in the open source space. Additionally, connecting with open source professionals allowed discussions on the intersection of security, sustainability, and innovation.

OpenSSF hosted a workshop titled “Safeguarding Our Public Goods for Everyone” where Omkhar Arasaratnam, Arun Gupta and other community members and industry experts delivered insights on critical aspects. They discussed the significant role of secure open source software in bolstering societal resilience, strategies for fortifying the open source supply chain, and ensuring the long-term sustainability and security of open source initiatives.

Key Takeaways

The workshop fostered interactive discussions among participants and speakers, offering hands-on activities and in-depth conversations that provided practical insights into securing the open source software supply chain. Key insights emphasized the importance of proactive measures to enhance the sustainability and security of open source projects. 

  • During the workshop, speakers emphasized the importance of prioritizing security as a first principle, and recognized that the process of developing software is as important as the software itself. 
  • The panel discussions covered important messages such as how to alleviate burdens on OSS maintainers, highlighting the benefits of enhancing security visibility and tools for securing the supply chain. 
  • Omkhar and Arun’s opening and closing remarks focused on facing vulnerabilities with resilience, emphasizing that “our faith is bigger than fear”. 

These discussions underscored the importance of community collaboration and innovative strategies in advancing open source security and sustainability as a community.

OECD Global Forum on Digital Security for Prosperity (GFDSP)

The OECD Global Forum on Digital Security for Prosperity (GFDSP) is in its fifth year, focusing on joining the policymaking and technical communities to strengthen digital security in open source, supply chains, and zero trust. Hosted by the Ministry of Science and ICT of Korea and sponsored by Korea Internet & Security Agency, this year’s event took place in Seoul, South Korea.

OpenSSF’s Chief of Staff, Harry Toor, participated as a moderator of Session 2 alongside panelists İsmail Erkek, Advanced Cybersecurity Operations Coordinator, TR-CERT of the Information and Communication Technologies Authority of Türkiye (BTK); Kyoungae Kim, Open-source task team leader, LG Electronics; Melanie Rieback, CEO and co-founder, Radically Open Security; and Taketo Yamada, Director for Cybersecurity Strategy, Ministry of Economy, Trade and Industry (METI) of Japan. Session 2 focused on vulnerability management within the OSS ecosystem. With a diverse and global community of developers, discussions centered on optimizing resources for faster and more effective detection, response, and remediation of security incidents.

Harry Toor also participated as a panelist in Session 3, which focused on managed service providers and their role in digital security. Although the event was held under Chatham House Rule, the diversity of topics led to conversations that will continue throughout the year.

Our Efforts Are a Continuing Process

Our efforts are a continuing process, emphasizing the importance of these engagements in advancing the security of open source software. We encourage the open source community to continue engaging in these events to contribute to a more secure and resilient ecosystem. The inspiring discussions and valuable insights gained will drive our collective efforts forward, and we’re excited to continue these important conversations and work together towards a stronger, more secure digital future.