OpenSSF heads to Brussels for FOSDEM 2026 and Open Source Week
FOSDEM is one of Europe’s most important gatherings for open source communities, and OpenSSF will participate again in 2026. The event brings together developers, maintainers, researchers, and industry contributors for two days of technical talks, hallway discussions, and collaboration.
Reflecting on the Momentum from FOSDEM 2025
In 2025, the OpenSSF community participated across FOSDEM in a wide range of sessions and discussions. OpenSSF contributors led packed devroom sessions and hands-on security discussions. The community also announced a global initiative focused on helping open source maintainers, manufacturers, and software stewards prepare for cybersecurity regulations, including the EU Cyber Resilience Act (CRA).
The initiative, launched jointly with Linux Foundation Europe, focuses on:
- Community-driven specifications
- Practical compliance guidance
- Tooling that supports maintainers without increasing burden
- Ongoing collaboration across the ecosystem
In addition, OpenSSF contributors led sessions on software supply chain security, Software Bill of Materials (SBOMs), funding models, artifact attestations, GitHub Actions security, and secure development practices. Those conversations reflected what makes FOSDEM special: community-led solutions shaping the future of open source software security.
Leading Up to FOSDEM 2026 and Open Source Week in Brussels
Building on that momentum, FOSDEM 2026 represents another important moment for open source software security. Just before FOSDEM, OpenSSF staff and community members will gather at the GVIP Summit #01 on January 28 to focus on the future of vulnerability intelligence, governance, and trust. Then they will participate in the EU Open Source Policy Summit 2026 on January 30 in Brussels, where policymakers and industry leaders will discuss how open source supports Europe’s digital sovereignty, CRA readiness, trusted AI infrastructure, public sector OSPOs, and the evolving cloud and hardware ecosystem.
Every year, Brussels also becomes a hub for open source through a full Open Source Week, with many fringe, pre- and post-events across the city. Check the full list here. OpenSSF community members and experts will be present at several of these gatherings, contributing to sessions, panels, and collaboration meetings before and after FOSDEM itself.
Focus Area at FOSDEM 2026: CRA in Practice
OpenSSF’s Global Cyber Policy Working Group played an active role in organizing the CRA in Practice devroom, helping move the conversation around the CRA from awareness to practical readiness. Built around OpenSSF’s core areas of focus, the devroom plans to emphasize practical, community-driven approaches to regulatory challenges, exploring how open tooling, automation, documentation, and standards alignment can make CRA compliance achievable in practice. By bringing together developers, maintainers, and ecosystem stakeholders, the sessions highlighted how policy discussions can be transformed into actionable guidance that reduces duplicated effort, supports smaller projects without dedicated legal resources, and keeps solutions open, transparent, and accessible for the entire FOSS community.
OpenSSF’s Booth PresenceÂ
OpenSSF, together with Linux Foundation Europe, will have a presence on the FOSDEM floor alongside other projects from the Linux Foundation ecosystem, including OpenBao. Attendees are invited to stop by the joint stand at K2-A-03, next to the CNCF + OpenInfra stand, to meet contributors and continue discussions spanning supply chain security, policy, and project sustainability.
Session Highlights:
OpenSSF is among the co-organizers of the Open Source & EU Policy devroom at FOSDEM, contributing to a space for dialogue between open source practitioners and European policymakers. OpenSSF’s involvement focuses on enabling informed, technical discussion around how EU policy intersects with open source development.Â
OpenSSF also strongly encourages participants interested in software supply chain security to attend the SBOMs and Supply Chains devroom. Closely aligned with OpenSSF’s activities, the sessions focus on practical, community-driven approaches to SBOM generation, vulnerability tracking, and compliance readiness, particularly with an eye toward reducing burden on maintainers and supporting the smaller projects.
Several sessions across FOSDEM further reflect OpenSSF’s ongoing work and priorities, highlighting the breadth of security and sustainability topics connected to its mission. A dedicated session from the OpenSSF-associated Alpha-Omega project, “The terrible economics of package registries and how to fix them,” explores the economic pressures facing package registries and their growing importance to software supply chain security. The session draws on collaboration with major registries to examine security expectations, real-world tradeoffs, and potential models for long-term sustainability. Additional sessions aligned with OpenSSF’s technical focus include “Current state of attestations in programming language ecosystems,” which reviews how ecosystems such as npm, PyPI, RubyGems, and Maven Central are implementing build and release attestations using Sigstore. This discussion highlights verification methods, implementation choices, and considerations for broader ecosystem adoption. Security assurance and vulnerability management are also central themes, reflected in “It’s Time to Audit Open Source: Success Stories with OSTIF,” which demonstrates the tangible impact of independent security audits across widely used projects. Complementing this, “Vulnerability today: What’s the state of Open Source vulnerability management?” addresses current challenges in vulnerability coordination amid ecosystem strain and regulatory change. The session also connects to the Global Vulnerability Intelligence Platform.
Looking Ahead: Where to Meet OpenSSF Next
We invite you to continue the conversations that begin at FOSDEM, and meet OpenSSF community members, contributors, and experts at these upcoming events in 2026:
- The Linux Foundation Member Summit – February 24 & 25, 2026
- FOSS Backstage – March 16 & 17, 2026
- Open Source SecurityCon EU 2026 – March 23, 2026
- KubeCon + CloudNativeCon Europe 2026 – March 23-26, 2026
We look forward to seeing many of you in Brussels and around the globe in 2026!