BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Open Source Security Foundation - ECPv6.15.18//NONSGML v1.0//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
X-WR-CALNAME:Open Source Security Foundation
X-ORIGINAL-URL:https://openssf.org
X-WR-CALDESC:Events for Open Source Security Foundation
REFRESH-INTERVAL;VALUE=DURATION:PT1H
X-Robots-Tag:noindex
X-PUBLISHED-TTL:PT1H
BEGIN:VTIMEZONE
TZID:Asia/Kolkata
BEGIN:STANDARD
TZOFFSETFROM:+0530
TZOFFSETTO:+0530
TZNAME:IST
DTSTART:20240101T000000
END:STANDARD
END:VTIMEZONE
BEGIN:VTIMEZONE
TZID:UTC
BEGIN:STANDARD
TZOFFSETFROM:+0000
TZOFFSETTO:+0000
TZNAME:UTC
DTSTART:20240101T000000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID=Asia/Kolkata:20250614T140000
DTEND;TZID=Asia/Kolkata:20250614T150000
DTSTAMP:20260404T112408
CREATED:20250516T235818Z
LAST-MODIFIED:20250516T235818Z
UID:10000071-1749909600-1749913200@openssf.org
SUMMARY:Open Source LLM Security
DESCRIPTION:As Large Language Models (LLMs) become increasingly prevalent\, the security of their open-source variants presents unique and critical challenges. While offering flexibility and accessibility\, the open nature of these models can expose them to specific vulnerabilities and attack vectors. This talk will explore the emerging security landscape surrounding open-source LLMs\, discussing risks such as data poisoning\, model inference attacks\, and supply chain compromises. Understanding these threats is vital for developers and users to leverage LLMs safely and effectively. We will delve into key security considerations and potential mitigation strategies for building and deploying secure open-source LLM applications.
URL:https://openssf.org/event/open-source-llm-security/
CATEGORIES:India Initiative
END:VEVENT
BEGIN:VEVENT
DTSTART;VALUE=DATE:20250804
DTEND;VALUE=DATE:20250805
DTSTAMP:20260404T112408
CREATED:20250502T131220Z
LAST-MODIFIED:20250728T170524Z
UID:10000066-1754265600-1754351999@openssf.org
SUMMARY:OpenSSF Community Day India
DESCRIPTION:Hosting: Join us for the OpenSSF Community Day India this summer! Co-located with KubeCon + CloudNativeCon India\, this event will bring the open source community together in Hyderabad\, India. \nAbout OpenSSF Community Days: OpenSSF Community Days bring together a vibrant community from across the Security and Open Source ecosystems to share ideas and progress on capabilities that make it easier to sustainably secure the development\, maintenance\, and consumption of the software on which we all depend. These events\, held regionally and co-located with KubeCon or Open Source Summits\, offer an opportunity to engage with the brightest minds in security for a day of collaboration and innovation in software security best practices. As a home for tools\, standards\, and education\, OpenSSF provides attendees the chance to explore these resources\, share their experiences\, and contribute to a safer and more secure digital world.
URL:https://openssf.org/event/openssf-community-day-india-2/
CATEGORIES:India Initiative,OpenSSF Events
ATTACH;FMTTYPE=image/png:https://openssf.org/wp-content/uploads/2025/05/OpenSSF-Community-Day-India-2025-Session-Cards.png
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Asia/Kolkata:20260305T140000
DTEND;TZID=Asia/Kolkata:20260305T150000
DTSTAMP:20260404T112408
CREATED:20260223T151357Z
LAST-MODIFIED:20260223T160826Z
UID:10000090-1772719200-1772722800@openssf.org
SUMMARY:Don’t Gawk. Use GUAC Instead.
DESCRIPTION:The definition of “gawk” is “to stare stupidly\, rudely\, or with amazement\, often with an open mouth”. This perfectly captures the reaction that software engineers have when they encounter supply chain security issues. \nLack of transparency is a huge blindside when working with open source tools. This blind spot could blow up into a project black hole — invisible\, resource depleting\, destructive —  if not handled correctly. How do we build situational awareness from this position of incognizance? \nEnter GUAC! A project built by the community and devised to solve the problem of not knowing your software composition. \nWhether you’re an enterprise or just an enterprising indie dev\, this session has something for you. Learn how to make use of GUAC for improving your supply chain security posture. Find out how teams are benefitting from better knowledge of the OSS components in their toolchain. \nGuest Bio \nShreyas Pandya \nStaff software engineer @Guidewire software \nShreyas Pandya is a results-oriented Software Engineer and leader with deep expertise in web application development. He has built web services (microservices)\, APIs\, and has handled scalability\, security\, and cloud infrastructure. Shreyas possesses  experience in working within agile environments and fast-paced startup teams. He currently serves as a Platform Engineer at Guidewire\, where he leads a team of engineers in the delivery of various products. \nDate: 5th March 2026 \nTime: 2 pm IST
URL:https://openssf.org/event/dont-gawk-use-guac/
CATEGORIES:India Initiative
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=UTC:20260311T140000
DTEND;TZID=UTC:20260311T150000
DTSTAMP:20260404T112408
CREATED:20260305T143059Z
LAST-MODIFIED:20260305T143650Z
UID:10000093-1773237600-1773241200@openssf.org
SUMMARY:The Invisible Threat: Secure & Sovereign Digital Backbone
DESCRIPTION:As India’s critical infrastructure shifts from a hardware-heavy setup to “softwarized” environments\, our national security now depends on the integrity of the software supply chain. Join us for an in-depth session with Arpit Tripathi as we move beyond traditional cybersecurity tropes to discuss why the real battlefield isn’t the radio—it’s the interface. \nWe will explore how modern\, cloud-native telecom systems are vulnerable not just to hackers\, but to fundamental modeling failures in Service-Based Interfaces (SBI) and API trust assumptions. \nKey Discussion Points\n\nThe Shift to Softwarization: Why software supply chain security is now a geopolitical imperative.\nBeyond the Radio: Understanding the new attack surfaces in API-driven\, interconnected systems.\nPolicy & Standards: Insights into Standard-Essential Patent (SEP) governance and the role of the TSDSI in India.\nProactive Defense: Why designing security at the interface level is the only way to move from “reacting” to “preventing.”\n\nMeet the Speaker\nArpit Tripathi is a Telecom Engineer and Research Scholar at the Networked and Wireless Systems Lab (IIT Hyderabad). With a unique background spanning both deep technical engineering and public policy\, Arpit’s work focuses on the intersection of open-source security\, telecom infrastructure\, and the doctrinal analysis of tech policy governance in India. \n  \nDate: 11th March 2026 \nTime: 2 PM IST \n 
URL:https://openssf.org/event/india-tech-and-public-policy-critical-infrastructure/
CATEGORIES:India Initiative
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Asia/Kolkata:20260319T140000
DTEND;TZID=Asia/Kolkata:20260319T150000
DTSTAMP:20260404T112408
CREATED:20260305T091826Z
LAST-MODIFIED:20260309T125439Z
UID:10000092-1773928800-1773932400@openssf.org
SUMMARY:Security In An Open World
DESCRIPTION:Join us on March 19th 2026 for a chat with Abhishek Chauhan\, who leads Sonatype India. \nMillions of software developers trust Sonatype to keep their open source codebases\, libraries\, and dependencies safe. This is one of the oldest companies securing the software supply chain. \nIndia is home to one of the world’s fastest-growing developer communities and is rapidly emerging as a key market for AI-driven software development. The demand for building\, consuming\, and securing code is reaching unprecedented levels as organizations accelerate their adoption of modern technologies. \nAt the same time\, the country continues to produce exceptional engineering talent\, making it a global hub for innovation and technical expertise. Given these factors\, India presents a compelling opportunity for Sonatype to deepen its innovation and talent footprint. \nAnother important topic is the Security Slam event! We will spend a little time talking about what the event is\, what Sonatype aims to achieve\, and how best you can participate in this. \nGuest: Abhishek Chauhan\nSenior Director\, Sonatype \nDate: 19th March 2025\nTime: 2 pm to 3 pm IST
URL:https://openssf.org/event/security-in-an-open-world/
CATEGORIES:India Initiative
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Asia/Kolkata:20260408T140000
DTEND;TZID=Asia/Kolkata:20260408T150000
DTSTAMP:20260404T112408
CREATED:20260403T151238Z
LAST-MODIFIED:20260403T151935Z
UID:10000107-1775656800-1775660400@openssf.org
SUMMARY:Handing Over The Keys to Your Kingdom: AI-Driven Security Woes
DESCRIPTION:The current security landscape reveals a dangerous paradox: the very tools we trust to secure our code—AI agents and DevSecOps utilities—possess the broadest permissions but the weakest oversight. We are currently witnessing a “credential-drift” crisis where automated tools are becoming the primary vectors for supply chain contagion. \nTo prevent the next cascade\, we must move away from reactive patching and toward a Closed-Loop Integrity System. \nThe last 14 days have highlighted a systemic failure in how we manage “privileged automation.” Trivy\, Axios\, LiteLLM\, OpenAI Codex\, and Claude Code have all fallen prey to various supply chain attacks. \nWe are handing the “keys to the kingdom” to AI agents and automated scanners that are\, by nature\, high-value targets. If you aren’t monitoring your security tools with the same intensity you use for your production databases\, you aren’t running a secure shop—you’re just waiting for the next cascade. \nJoin this talk to learn more about how you can prevent supply chain security failures in your AI world. \n  \n \nGuest: Himanshu Sangshetti \nDate: Wednesday\, 8th April 2025 \nTime: 2 PM IST
URL:https://openssf.org/event/handing-over-the-keys-to-your-kingdom/
CATEGORIES:India Initiative
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Asia/Kolkata:20260521T140000
DTEND;TZID=Asia/Kolkata:20260521T150000
DTSTAMP:20260404T112408
CREATED:20260310T160235Z
LAST-MODIFIED:20260403T151956Z
UID:10000105-1779372000-1779375600@openssf.org
SUMMARY:Sword and Shield: Security Strategy Needs Both Offense & Defense
DESCRIPTION:In the world of software development\, security is often treated like the “veggies” of the SDLC—everyone knows they’re good for you\, but most developers would rather just skip straight to the dessert (shipping code). But what happens when the “bad guys” decide to join the party uninvited? \nIn this episode\, we sit down with two titans of the industry to see what happens when the irresistible force of Red Teaming meets the immovable object of Blue Teaming. \nMeghana Rao\, our resident VAPT and Cloud Security specialist\, walks us through the art of the “friendly break-in.” She’ll explain why thinking like a villain is the only way to build a digital fortress. On the flip side\, Shubham Mishra\, a seasoned Threat Hunter and Insider Threat specialist\, shows us how she tracks the whispers in the wires to catch intruders before they even realize they’ve been spotted. \nTogether\, they’ll dive into the “Why” of the tandem. Join us to learn why Red and Blue aren’t rivals\, but actually the ultimate “work spouses.” You will also learn how this maps to the SDLC Lifecycle. Fully understand how to bake security into your code so you aren’t trying to “bolt it on” while the house is already on fire. \nWhether you’re a developer trying to understand why your security lead is crying\, or a CISO looking to harmonize your teams\, this episode provides the roadmap to a safer digital landscape. \nDate: 21st May 2026 \nTime: 2 pm IST
URL:https://openssf.org/event/red-team-blue-team-security-strategy-offense-defense/
CATEGORIES:India Initiative
END:VEVENT
END:VCALENDAR