To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
10:00
10:00
40min
Cooperation and Inclusion through Open Source
Laura Dornheim

Government agencies have always been required to cooperate, but so far this cooperation has always been strictly hierarchical and only top-down.
Public administration is supposed to work for the citizens, but in the perception of many people this is not the case.
The use of FOSS leads to a paradigm shift. Suddenly, not only the directly involved authorities are the target group, but in principle everyone, whether administration, business or civil society. There is no need for lengthy cooperation agreements; the formal boundary between authorities and citizens becomes more permeable when everyone can openly see what is being developed and can try it out and develop it further themselves.
I want to introduce you to how the city of Munich is trying to drive this paradigm shift towards more FOSS.

Growing Open Source
Stage 1
10:30
10:30
360min
Live Podcasts Day 1
Richard Littauer

Listen online to live interviews with participants of the conference in Berlin!

You are onsite and want to be part of it? Schedule your slot now!

Podcast Stage
10:40
10:40
20min
Break
Stage 1
11:00
11:00
30min
The Cathedral, the Bazaar, and the Coffee House
Claude Warren, Jr

An exposition on open source risk and a strategy to mitigate it. If the Log4J issues kept you up at night, if the Elasticsearch licence change caused you headaches, if lack of response from open source projects is driving you to insanity, then this is the talk for you.

We will discuss the prevalence of open source in closed source projects, a timeline of identified open source risks, and a proposal to reduce risk.

Attendees should come away with concepts and ideas that can be implemented within their own companies to reduce their risk exposure.

Sustainability & Funding
Stage 2
11:00
30min
The F in FOSS: Affording Open Source in Developing Countries
Ahmed Sobeh

What if you can’t afford the “F” in FOSS? In a country that’s struggling economically, can you afford to open source even parts of your product? Will you have the capacity to have an Open Source Program Office (OSPO)?
The “F” in FOSS stands for free; what if the society itself struggles with freedom of speech, creativity, and expression?

In this talk, we will cover the immense challenges that open source faces in developing countries and the struggle that open source developers face in a commercial-product-first environment. We'll also go through approaches and measures that can be taken to build an open source culture starting by adapting an inner-source strategy that is easier to establish in these environments.

Participants will get an overview of these challenges and how we can support those who carry the flag of open source in these regions to help them grow their open source communities.

Growing Open Source
Stage 1
11:35
11:35
30min
A Vision of FOSS @Mercedes-Benz
Dr. Wolfgang Gehring

At Mercedes-Benz, we decided that we don’t want to “just use FOSS”, but to fully embrace all aspects of it. This means we needed a dedicated Open (and Inner) Source strategy and an Open Source Program Office – but first we had to define what it really means to “embrace FOSS”. Come with me on our journey which we started about 6 years ago. Let me show you what we learned, what the crucial points were in implementing the strategy, and what we wish we had already known at the beginning.

Growing Open Source
Stage 1
11:35
30min
Why isn't the German administration procuring more FOSS?
Miriam Seyffarth

The software procurement by the German administration usually works through the EVB-IT, which are standardized model contracts. These are however not ideally designed for the procurement of FOSS.

A survey by the Open Source Business Alliance among the members of the association revealed typical recurring practical problems with the procurement of Open Source Software by the public administration. In this talk we want to illustrate the reasons for these problems and present ideas how the procurement of Open Source Software can be improved and made easier for all those involved. We combine this with an outlook to the impending changes and developments in public procurement with regard to the public procurement of Open Source Software.

Governance & Community
Stage 2
12:10
12:10
30min
Designing Open Source - Building Communities
Mike Nolan

Design has played an increasingly important role in the development of open source software. Groups such as Open Source Design have discussed and shared new approaches for facilitating design contribution and including designers as core contributors. However, even with this new interest, many designers still have to overcome many practical barriers to contribution given the very different nature of design contributions compared to that of code. In this talk, I will discuss how Open@RIT has utilized design methodologies to work with open source projects to not only better facilitate maintenance of open source projects, but also to better allow for design contributions through other pathways. You can expect to hear about methods for funding and executing this type of work, attitudes and initiatives that we have found most helpful, and stories from our own experience to help you guide yours.

Sustainability & Funding
Stage 2
12:10
30min
git init Berlin
Ingo Hinterding, Victoria Boeck

How do you build an open source community not around a single software or use case, but around an entire city? Since 2019 CityLAB Berlin, a public innovation lab funded by the Berlin Senate Chancellery and run by the Technologiestiftung Berlin, has been working to promote the use of open source software in government contexts.

These efforts include developing open source prototypes for and with Berlin government agencies, creating resources to help both government employees as well as open source developers learn how to become more involved in open source software in the context of the city government, and creating outreach formats for engaging with both city employees and developers around open source.

The goal is to turn http://github.com/berlin into a hub for open source development for the city government. In this talk, members of the CItyLAB Berlin team will discuss how they are trying to create an open source community from the ground up and present a vision for the potential of open source for our cities.

Growing Open Source
Stage 1
12:40
12:40
80min
Break
Stage 1
12:40
80min
Break
Stage 2
14:00
14:00
60min
Making Design More Open: A Design Workshop for Non-Designers
Django Skorupa, ngọc triệu, Eriol Fox

Open Source Software is typically maintained by small groups of enthusiastic developers with growing involvement from the design community. However, FLOSS is not just developer tools and certainly not limited to ‘linux’ and ‘APIs’ there are huge amounts of FLOSS out there that can benefit from better usability for all users (not just the creator and core maintainers!).
FLOSS is starting to understand how UX/UI/Usability design improves how they do their work, but are struggling to know how to bring designers into an ‘open source’ world where the processes, community and focus has historically been developer lead and we’re here to help with this short, active workshop for non-designers in FLOSS to begin to work with design principles and tasks that help you to embrace and understand what design brings as well as know what to ask for in terms of design for your FLOSS as well as feeling prepared to participate in design for FLOSS.

Growing Open Source
Stage 2
14:00
30min
Sustainability beyond funds: Extrospective OSPOs
Josep Prat

When we think about sustainability in open source we think that just throwing money at the problems we see - projects maintained by a single individual in their spare time, and vulnerabilities cascading through our supply chain - will solve everything. But what if there was another way?

With an engineering-based Open Source Program Offices we can have a bigger impact on the supply chain’s sustainability. By providing dedicated engineers to projects we can successfully and reliably share the maintenance burden and improve project’s long term stability.

In this talk we will explore how to properly set up such an OSPO and how to convince leadership that actively helping rather than just financing is the right way to move forward. If you're looking at an innovative way to properly sustain the projects your company relies on with a successful OSPO initiative... This session is for you.

Sustainability & Funding
Stage 1
14:00
60min
Writing open source documentation
Jim Hall

Source code is only part of a successful open source project. Before people can use your program, they need to know how to run it. Before others can contribute to your project, they need to know how it works. That means good open source projects need to have great documentation.

In this workshop, we’ll learn about how to write good documentation. From how to arrange elements so your audience can read the documentation more easily, to how to proofread and edit your documentation. Your project documentation will shine after attending this workshop.

Diversity & Inclusion
Online Stage
14:35
14:35
30min
Dependency Management: Risk vs. Crisis Management
Radoslava Zheleva, Velichka Atanasova

The dependency graphs of modern applications greatly demonstrate how we build software today – we focus on our unique innovation and deal with common challenges by leveraging existing solutions. Though that’s a fine software development approach, each third-party component we use drags along dependencies that drag along their dependencies, and we end up with tons of known and unknown dependencies which could get us into legal and security trouble.

To identify and mitigate risks, we need increased knowledge of all software assets, choosing dependency wisely, tacking changes, and timely updating them.

In this talk we are going to explore the legal and security dependency management challenges and argue that risk management planning is better than crisis management.

Legal & Compliance
Stage 1
15:00
15:00
30min
Break
Stage 2
15:00
30min
Break
Online Stage
15:05
15:05
25min
Break
Stage 1
15:30
15:30
30min
Contributor engagement and monetization opportunities
Omotola Eunice Omotayo

Big companies use projects maintained by small open source teams and individual contributors who do not benefit from the upside or profits generated by companies using the open source projects. In this talk, I’ll discuss models and opportunities for distribution of revenues with open protocols like Interledger and inclusive platforms like Chimoney. I’ll discuss how Chimoney increased contributor engagement at Hacktoberfest by providing incentives and growth opportunities for contributions

Sustainability & Funding
Stage 2
15:30
60min
Designing Your Governance with CommunityRule
Nathan Schneider

Too many of our communities adopt default governance practices that rely on the unchecked authority of founders, admins, or moderators, lacking even basic features of small-scale democracy. The purpose of CommunityRule is to help communities establish appropriate norms for decision-making, stewardship, and culture. This hands-on workshop will use CommunityRule to help participants assess their community's current governance practices, and envision the kinds of governance they would like to adopt in the future. Whether your community is new or maturing, this workshop will help you think through how power flows in constructive, creative ways.

Governance & Community
Online Stage
15:30
30min
Open Source and Open Science - a happy partnership?
Malcolm Bain

The European Commission and many governments are pushing for Open Science as a paradigm for doing research and publishing results. This talk looks at the interface between Open Science and Open Source software, including topics on not just licensing (the obvious topic) but also about open research project management and its simularities and differences with open source projects and communities. Ending with some recommendations for transferring and leveraging the knowledge and experience of open source for open science projects and maximising open source in the recent huge research programmes.

Growing Open Source
Stage 1
16:05
16:05
30min
OSPOs: Key Lever for Open Source Sustainability
Ana Jimenez Santamaria

Enabling continuity in executive support, funding, software development practices, and OSS project prioritization. Within organizations, Open Source Program Office’s role can include setting code use, distribution, selection, auditing, and other policies, as well as training developers, ensuring legal compliance, or promoting and building community engagement.

OSPOs bring many benefits to both, the open source ecosystem and organizations in equal parts, yet sometimes, the path to follow is unclear.

During this session, Ana will share a set of actionable tips based on the TODO community learnings that any organization can implement to start building their Minimal Viable OSPOs, as well as ways to overcome the ongoing challenges ( culture, tooling, process, and continuity).

This talk welcomes any open source professional, CTO, or executives willing to catalyze their organization's open source operations and become better citizens in the open source development community.

Sustainability & Funding
Stage 1
16:05
30min
Securing OSS across the whole supply chain and beyond
Nick Vidal

As we celebrate the triumph of open source software on its 25th anniversary, at the same time we have to acknowledge the great responsibility that its pervasiveness entails. Open source has become a vital component of a working society and there's a pressing need to secure it across the whole supply chain and beyond. In this session, we'll take the opportunity to look at three major advancements in open source security, from SBOMs and Sigstore to Confidential Computing.

Open source plays a vital role in modern society given its pervasiveness in the Cloud, mobile devices, IoT, and critical infrastructure. Securing it at every step in the supply chain and beyond is of ultimate importance.

As we prepare for the "next Log4Shell", there are some technologies that are emerging on the horizon, among which SBOMs, Sigstore, and Confidential Computing. In this session, we'll explore these technologies in detail.

While SBOMs (Software Bill Of Materials) allow developers to track the dependencies of their software and ensure that they are using secure and reliable packages, Sigstore allows developers to verify the authenticity and integrity of open source packages, ensuring that the code has not been tampered with or compromised,

Confidential Computing, on the other hand, protects code and data in use by performing computation in a hardware-based, attested Trusted Execution Environment, ensuring that sensitive code and data cannot be accessed or tampered by unauthorized parties, even if an attacker were to gain access to the computing infrastructure.

SBOMs, Sigstore, and Confidential Computing provide a powerful combination to address security concerns and ensure the integrity and safety of open source software and data. They focus on “security first,” rather than perpetuating existing approaches which have typically attempted to bolt on security measures after development, or which rely on multiple semi-connected processes through the development process to provide marginal improvements to the overall security of an application and its deployment.

As we celebrate the 25th anniversary of open source, these three technologies emerging represent a step forward on securing OSS across the whole supply chain and beyond. We foresee them playing a key role on minimizing the risk of vulnerabilities and protecting software and data against potential attacks, providing greater assurances for society as a whole.

Governance & Community
Stage 2
16:35
16:35
10min
Five years of FOSS Backstage
Stefan Rudnitzki, Isabel Drost-Fromm

Our founders Isabel Drost-Fromm and Stefan Rudnitzki will look back on five years of FOSS Backstage!

Stage 1
17:00
17:00
180min
Get-Together

Join us for a drink and a chat at Vagabund Kesselhaus directly after the conference!

Vagabund is a local craft beer brewery and their newly opened Kesselhaus is located right next to TUECHTIG.

Of course, we will also have non-alcoholic beverages available.

Stage 1
09:00
09:00
40min
Open Collaboration and our Lizard Brains
Clare Dillon

The principles of open collaboration make absolute sense, but sometimes efforts can be hampered by what seem to be irrational emotional reactions from those we rely on to make collaborations work. We think of ourselves as rational, but very often many of our interactions are driven by primal emotional responses. Drawing on neuro-science and psychology, Clare will take a look at how we can sometimes unintentionally trigger unhelpful emotional responses in our efforts to enable open collaborations. She will examine some of the frameworks that can help us make sense of how our lizard brains overrule our rational brains, and how we can use these same framework to plan for successful open source and InnerSource communities!

Governance & Community
Stage 1
09:40
09:40
20min
Break
Stage 1
10:00
10:00
30min
Contributor Growth Strategies for OSS Projects
Dawn Foster

Maintaining an open source project is hard work that often extends out over several years, and maintainer burnout is common within open source projects. It can be hard for already overworked maintainers to balance the day to day work required to keep the project running while also investing in additional activity to increase future community sustainability. This includes getting help with all of the different types of contributions required to make an open source project successful: documentation, marketing, community management, and so much more. The good news is that we have best practices, resources, guides, and templates available to make it easier for maintainers and projects to build a contributor strategy that leads to a strong and growing community for an open source project over the long term. This talk will help you apply those resources in your project.

This talk will have several major sections. 1) Discussion about the major factors that impact contributor growth. 2) Developing and executing on a long-term contributor growth strategy, including governance, new contributor onboarding, and mentoring. 3) Using contributor ladders to promote contributors into leadership positions as more maintainers to share the workload can reduce maintainer burnout over time. 4) Metrics for measuring project sustainability.

The audience will walk away with a better understanding of how to grow their contributor base and build a community around their open source project.

Governance & Community
Stage 1
10:00
180min
Inner Source Commons Gathering

InnerSource Commons is partnering with FOSS Backstage to bring you an InnerSource Gathering as a fringe event. It will be held as a 3-hour workshop and comprise of a mix of short presentations and workshops in an unconference-style session.

This is an event aimed at experienced InnerSource practitioners. Be prepared to connect, create and contribute to the global InnerSource community!

Our event goals:
- To connect and network with the world’s foremost InnerSource practitioners and experts
- Build on our existing body of InnerSource knowledge
- Fast-track the creation of new assets and resources for InnerSource Commons.

You get to shape the agenda! Vote for your favourite themes, such as:
- Getting Started with InnerSource
- Scaling your InnerSource practice
- InnerSource Tools & Processes
- InnerSource Community Building
- InnerSource Culture Change
- InnerSource ROI & Convincing Leadership
- InnerSource Metrics & Measurement
- InnerSource Legal & Finance
- InnerSource Program Offices (or InnerSource in OSPOs)
- InnerSource Commons - Building our Community

This event is for experienced practitioners who have hands-on experience with InnerSource and will be held under the usual InnerSource Commons Code of Conduct.

Kantine
10:00
30min
Open Source Dystopia
Crystal Dionysopoulos, Sigrid Gramlinger

Open source projects often like to see themselves as welcoming communities. Software written “by the people, for the people” is inclusive by default…or is it?

As our project has discovered, if your community is not actively inclusive, it is passively exclusive. In this talk, we will share some of the many challenges that we plan to address in order to be truly diverse, inclusive, and accessible for our global community. There are places where we’ve succeeded in our efforts—and places where we have failed and need to do better.

Topics will range from systemic barriers to contribution, to inclusive user research practices, to encouraging a safe environment for people to participate in the community, and more.

Join us as we explore together how we can do better for FOSS and the communities that depend on us.

Diversity & Inclusion
Stage 2
10:30
10:30
360min
Live Podcasts Day 2
Richard Littauer

Listen online to live interviews with participants of the conference in Berlin!

You are onsite and want to be part of it? Schedule your slot now!

Podcast Stage
10:35
10:35
30min
Best Practices for an Effective Open Source Contribution
Ruth Ikegah

When you struggle through your first contribution, there's an excitement that comes from a "greener than grass" Github contribution graph. It is easy to get carried away trying to meet your target number of contributions that you fail to focus enough on quality. How often should you contribute to open source? Frequently. However, you should prioritize making valuable contributions.
During this session, we'll discuss Quality Over Quantity. You’d learn;
- How to create a strategic approach for your contributions
- What to watch out for and consider while contributing.
- Tips for maintaining the quality of your contributions.
- Quality and quantity: striking a balance

Growing Open Source
Online Stage
10:35
30min
Open roadmaps for your open communities
Oleg Nenashev

As open source projects and communities grow, it becomes difficult to understand what’s going on inside. A public and up-to-date roadmap can encourage new contributors to join the project and guide the efforts of existing contributors, and also give confidence to adopters about the direction and sustainability of the projects. Is it easy to create a public roadmap? Probably. Is it easy to maintain it? Not exactly.

Oleg will share the experiences of public roadmaps in the projects he has contributed to: Jenkins, Keptn, OpenTelemetry, CDF, etc. He'll share the reasons and principles that have guided creation of open roadmaps, the challenges encountered, the techniques and technologies that could be used in your projects. We’ll talk about maintaining roadmaps, mistakes we made there and how we addressed them.

In particular, Oleg will describe building a roadmap with help of GitHub Projects and modern features offered by the GitHub ecosystem. That could be the easiest way for new projects and communities, and can be also useful for established projects.

Governance & Community
Stage 1
11:05
11:05
20min
Break
Stage 1
11:05
20min
Break
Stage 2
11:10
11:10
45min
Intellectual Property Primer
Jim Jagielski

If you write or contribute to Open Source, you will inevitably need to interact with the legal aspects of your contribution. We normally just think about the Licensing aspects of Open Source, but all open source projects really need to consider all parts of what is termed “Intellectual Property”. This session, specifically oriented to the open source community, both contributors and users, individuals and companies, will provide an overview of what Intellectual Property really is, why awareness and understanding is vital when engaging with open source, and how to ensure compliance to allow you to make the most of the benefits that Open Source provides. You will leave with a solid working knowledge of not only Licensing, and the different between various Open Source Licenses, such as BSD and GPL, but also patents and marks.

Legal & Compliance
Online Stage
11:25
11:25
30min
Open source work is work
Per Ploug

At Spotify, we believe that every company must play a role and do their part to help sustain the future of open source. For our part, we think it should come from three important investments that all play into the same stream of making OSS sustainable. These are:

1.Funding Open Source with money
2.Funding Open Source with time
3.Establishing Open Source business models

With our FOSS fund we fund open source projects we depend on with money, with no strings attached.

For our internal projects we measure amount of work done within working hours and set strict guidelines for our leaders to dedicate time to open source, to ensure everyone can participate in open source, not just the small group of people willing to invest evenings and weekends.

In 2020 we launched Backstage and donated it to CNCF and are now creating a commercial ecosystem around it, to show a third path towards sustainable open source through creating an open source business model.

Based on these 3 models, this session will showcase our concrete strategies and initiatives inside Spotify to drive an increase in oss sustainability, which we believe will also have a positive impact on the diversity and in return reduce our strategic risks of adopting open source projects.

Sustainability & Funding
Stage 2
11:25
30min
The code of conduct has been broken. Now what?
Paloma Oliveira

Code of conduct is an indispensable item for any event or community nowadays. Derived from the Contributor Covenant, such rules have been replicated as a template, and are rarely created by communities, creating a void between what is written and what is needed. Based on my point of view as co-organizer of PyLadies Berlin, this talk intends to share our experience so that other organizers can have tools at hand to better act when code is hurt.

Governance & Community
Stage 1
12:00
12:00
10min
Build license management into your pipelines
Floor Drees

We’re all moving fast and in order to do so we’re relying on a lot of dependencies to give us that commercial edge. In doing so we’re trusting the work of strangers on the internet, and also that of vendors who may change their mind on who can benefit from their software.

The 2022 OSSRA (Open Source Security and Risk) report, examines the results of more than 2,400 audits of commercial codebases, of which 97% contained open source. Four of the 17 industry sectors represented in the report—Computer Hardware and Semiconductors, Cybersecurity, Energy and Clean Tech, and IoT—contained open source in 100% of their audited codebases.

If you install Electron and have to add 87 packages — that means 87 license dependencies. Every single package is likely to have its own dependencies, and therefore, another license you need to comply with. As you can imagine license management can’t be done manually and when done incorrectly can create a technical debt.

License litigation may end up forcing you to release your code under the same license as the package dependency you used. Other potential problems include being sued for financial liability by the creator of the component, and/or losing reputation and getting negative press coverage.

Find out how to do a software composition analysis to create an SBOM (Software Bill of Materials), and how to monitor changes in your components’ licenses every time you deploy.

Legal & Compliance
Stage 2
12:00
40min
Funding FOSS
Di Luong, Tara Tarakiyee, Marie Gutbub, Ramy Raoof, Slammer

Funders speaking on this panel are supporting open source software development as a key area of focus. Representatives are from organizations funding the development, maintenance, and sustainability of FOSS projects around the world. Panelists will discuss experiences, best practices, as well as challenges in supporting FOSS.

Sustainability & Funding
Stage 1
12:00
30min
Open-Source: Open Choice - A DevOps Guide for OSS Adoption
Hila Fish

Choosing the right open-source project to use can be quite challenging - not knowing if it’s going to be the right fit, how it will behave, and if you end up wasting time trying to make it all work. We’ve all been there.

But what if I told you there’s a practical way to have a clear understanding of how to incorporate an OSS project in your environment?

In this talk, I’m going to speak about the DevOps perspective on open-source and the challenges Infra-focused engineers have with choosing the right project for their environment.

As a DevOps Engineer, I’ve seen a lot of things, stumbled upon a lot of non-based decisions, and so will present practical advice on how to choose an OSS project for your dev/prod environment and will talk about the business mindset you should have to evaluate the key indicators based on your needs and specific pain points.

Growing Open Source
Online Stage
12:10
12:10
10min
Community² - A community of Open Source Community Managers
Ariane Segelitz-Karsten, Jan Klippel

Open Source Software runs the world and a myriad of communities are constantly contributing to the foundations of modern technology. A growing number of projects are realizing the importance of a dedicated role to foster a vivid and thriving community: the Community Manager. But what exactly do Community Managers do? What challenges do they face? What are the secrets of leveraging a welcoming environment for contributors? Aiming to find answers to these questions, Community² is a newly launched network of Open Source Community Managers in which we share best practices, discuss strategies and join forces to foster vivid Open Source Communities. Are you ready to improve your skills and build a foundation for future Community Managers? We invite you to join our initiative!

Governance & Community
Stage 2
12:20
12:20
10min
OpenDevRel: Tales of Developer Relations in Open Source
Dotan Horovits

We all know DevRel (Developer Relations): our company brings a novel approach to the industry, a new and better way of doing things, and we need someone to evangelize this concept, this approach, and then our product. But what if your company has an open source play? Clearly DevRel has a major stake in that, but how exactly does it work?

In this talk, Horovits will share his DevRel experience around OpenTelemetry, Jaeger, OpenSearch and other prominent projects, and will offer some best practices and guidelines running an effective DevRel program for open source. Whether you found your own open source project, or whether there’s an established OSS project your company wishes to get involved in, this talk will give you fruit for thought.

Governance & Community
Stage 2
12:30
12:30
10min
A security.txt for gits?
Gregor "Little Detritus" Bransky

We want to propose to start the discussion on a machine-readable standardized addition to git repositories which will serve two purposes:

a) Coordinated Vulnerability Disclosure
Provide necessary information for an anonymous, easy access, legally secure and ethical CVD process.

b) Up- & Downstream Vulnerabilities
Allow projects using the code to receive reports on vulnerabilities in a feed before the CVE is public.

Cunningham's Law states "the best way to get the right answer on the internet is not to ask a question; it's to post the wrong answer." we ask this talk to be understood in this sense. Pls let us know how this would be done proper in the linked issues (CVD, Up- & Downstream Vulnerabilities)

To our understanding, securing FOSS requires two kinds of measures. Preventive measures like pen-tests and audits, and reactive measures like CVD process and up- and down streaming relevant information.

Why do we care about this?

The “InÖG - Innovationsverbund Öffentliche Gesundheit e.V.” is a german based open-source project working on GovTech solutions for administration2X communication, since 2021.

Our solution IRIS-Connect [1] ran in 54 public health centers in four states (North Rhine-Westphalia, Hessian, Saxony, and Thuringia) serving 30.4 million German citizens as the link between public health centers and contact tracing apps.

To us security questions were central due to two main reasons:

A) The sensitive information, including health data IRIS-connect handled.
B) The non-negligible attack surface of public health centers

Due to A) IRIS offers E2EE communication between public health centers and apps used by the population at large. The relevance of the second point was stressed by the known vulnerabilities reported in similar solutions [2].

Given this situation, the government institutions interested in using our software wanted to know “whom they could call” if something is wrong. Given the imminent situation, we were able to find practical short time solutions but the issue remains. Especially with the EU's Cyber Resilience Act [3] on the horizon, the question of how to reach out to OSS projects will become more relevant.

For a more comprehensive view on the challenges of FOSS procurement, please see Miriam Swyffarths talk: ”Why isn't the German administration procuring more FOSS?”

This talk is part of the InÖGs current cooperation with the BSI - Germanys cybersecurity agency – in the project “B3 - Buntes Bug Bounty” as part of the BSIs annual Cybersicherheitsdialog. For more information, please visit the project websites of both partners [4][5]. We acknowledge funding by the BSI in the form of reimbursements of expenses of the volunteering contributors.

[1] https://github.com/iris-connect
[2] https://algorithmwatch.org/en/tracers/vulnerability-in-german-contact-tracing-app-luca/
[3] https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act
[4] https://www.inoeg.de/b3/
[5] https://www.dialog-cybersicherheit.de/workstreams/

Governance & Community
Stage 2
12:35
12:35
30min
How We Updated Drupal's Code of Conduct
George DeMet

In 2022, the Drupal Community Health Team began the process of updating the project's 12-year old code of conduct. This session will provide an overview of the approach the team took to this task, including:

  • Incorporating feedback from past community discussions and surveys
  • Reviewing codes of conduct from other communities for inspiration
  • Prioritizing what elements were important to have in an updated code of conduct
  • Ensuring that the updated code of conduct was written in a way that was clear and understandable
  • Soliciting input from community stakeholders prior to sharing with the community-at-large

We'll discuss what changes were made, and how the new code of conduct was designed to meet the unique needs of the Drupal project and community.

Governance & Community
Online Stage
12:40
12:40
80min
Break
Stage 1
12:40
80min
Break
Stage 2
13:05
13:05
55min
Break
Online Stage
14:00
14:00
30min
Diversity in Open Source, an Asian Perspective
Masae Shida

Many open source communities struggle to achieve strong community participation from Asia despite the
region representing 60% of the entire world population. Although there are numerous participants from
India and China, the number is disproportionately low when compared with North America and Europe.
An obvious reason could be time zones, however, as a Japanese woman who grew up and worked in
Japan, and as a wife and a mother, it seems probable this could be explained by culture and other social
barriers like language. Although we appreciate the benefit of diversity in open source, it remains
challenging to have an optimally balanced community. Do we compromise by having some people in
each region to convince ourselves that we’ve achieved a target? Or do we look for ways to overcome the
barriers enabling real benefit from multiple perspectives? Many DEI categories are grouped together
which removes our ability to identify areas needing improvement. Asia consists of 40 countries whose
culture and languages are very different, and Asians who grew up in North America have different
perspectives from those who grew up in Asia. Diversity is defined by a combination of multiple factors.
Let’s look at our goals more closely and see what communities can actually do to bring real value.

Diversity & Inclusion
Stage 2
14:00
30min
The State of Open Source Software in 2023
Javier Perez

Open source software continues to grow and expand. We see more open source and more contributions to open source projects every day. A whopping 85% of organizations increased the use of open source in the last 12 months. This is just one of many research findings revealed in the 2023 state of open source survey, where over a thousand industry professionals from around the world provided inside on how they are using open source software in their organizations.
What open source technologies are the most used today in organizations? What are the support challenges while using open source? What is the level of open source maturity in organizations? How many have OSPOs and Innersource projects? This session will reveal what is happening in open source, from infrastructure and programming languages to data technologies and DevOps tooling. The latest trends in open source strategy and reasons to continue the adoption and contributions to open source.

Growing Open Source
Online Stage
14:00
30min
The rockstar of my community is a bot: Where are the humans?
Miguel Angel Fernandez

The use of automated accounts (Bots) in free, open-source software projects has been increasing over time. These accounts facilitate certain maintenance and management tasks, but also complicate the analysis of the activity that the community carries out within those projects. Added to this is the difficulty of identifying individuals (both humans and bots) that use different accounts in various tools commonly used in the development of software projects.

Differentiating these automatic accounts and their contributions from those coming from human developers causes an increasing impact when analyzing the information related to the real activity generated by the community in these projects.

This talk presents the common challenges when identifying automatic accounts in software projects and solutions to alleviate this problem (such as the creation of unique identities that group different profiles from the same or different sources of information). In addition, we will study the impact and evolution of these accounts in a subset of Wikimedia Foundation repositories over the last 10 years or so. This study raises the possibility of observing the differences between the activity of humans and bots, seeing how it evolves in the future, and comparing it with the activity of other communities.

Governance & Community
Stage 1
14:35
14:35
30min
LibreOffice: Improving a Large FOSS Project Sustainability
Italo Vignoli

LibreOffice was announced in 2010. After 10 years, it was necessary to review and update the strategy based on the evolution of the office suite market, to improve the sustainability model. Enterprises are not supporting the project as much as individual users. Over time, this can represent a threat for the sustainability of the project. We have changed our strategy to educate enterprises about the right approach to FOSS, by giving back to ensure the long term sustainability of the LibreOffice project.

Sustainability & Funding
Stage 2
14:35
30min
Plan like Einstein
Scott Jenson

“If I had an hour to solve a problem I'd spend 55 minutes thinking about the problem and five minutes thinking about solutions.” -- Albert Einstein

My first two FOSSBack talks on the relationship between UX and FOSS focused on: 1. The problem 2021 and 2. initial solutions 2022. Now I'd like to tackle a bigger point: integrating UX into your community. The two communities are famous for talking past each other and Einstein gives us one solution: step away from the day to day execution and approach UX as part of your planning process. I will call out 3 specific ways to integrate UX into your community that will build consensus and reduce unnecessary conflict.

Growing Open Source
Online Stage
14:35
30min
The Role of Open Source for an Interoperable Europe
Axel Thévenet

The European Commission’s Open Source Observatory (OSOR) Team will present the Interoperable Europe Act (IEA) and its implications for the free and open source software ecosystem. The Act, which the European Commission adopted as a proposal for a regulation in November 2022, aims to reinforce the cross-border interoperability of the public sector in the EU. Practically, it aims to facilitate “the co-creation of an ecosystem of interoperability solutions across the EU”.

This talk will mainly present two aspects. First, the governance structure, in which the Interoperable Europe Board and the Interoperable Europe Community will work together to implement the Act’s provisions. The free and open source software community will have a role in this governance structure, so input will be needed on how interoperability policy can benefit free and open source software.

Second, the OSOR Team will present the Act’s article 4, "Share and reuse of interoperability solutions", as well as a brief look at the IE portal, the IE agenda, the interoperability assessment and regulatory sandboxes.

The attendees will also have the opportunity to learn more about the OSOR platform’s offer and how OSOR will be helping national and local governments with free and open source software strategies in 2023.


Get your ticket now!

Register for FOSS Backstage in our ticket shop! We also have online tickets and reduced tickets for students available and you can find more information about our Diversity Ticket Initiative here!

Governance & Community
Stage 1
15:10
15:10
30min
Lessons Learned for increasing the accessibility for RTL
Batool Almarzouq, Abdulrahman Alswaji

Title: Lessons Learned for increasing the accessibility for Right-to-Left Language support in Open Source Community.

The default language input for most open-source tools is left-to-right. However, this excludes a huge community that predominantly uses right-to-left (RTL) language and non-Latin scripts such as Arabic, Urdu and Farsi. Right-to-left functionality in many Open Source technologies has long been neglected. This talk will present the lesson we learned in the Open Science Community Saudi Arabia (OSCSA) while localizing Open Source tools (e.g. the Turing Way), introducing new resources, documentation and open educational materials for open source in Arabic. We will present the challenges we went through and the lessons we learned for increasing the accessibility of Open Source tools to RTL users. OSCSA is part of [the International Network of Open Science & Scholarship Communities (INOSC). It is open to individuals from all Arabic-speaking regions without prior knowledge or experience in Open Source. It was built to support inclusive learning communities for novice learners to acquire open-source skills. While growing the community over the last two years, we learned many lessons, which include the know-how for localization of Open Source tools to RTL language. This falls under the internationalization space that is largely overlooked. Localization is especially important in open source projects to support and satisfy the needs of the locales and adapt them to the language and culture of a specific target locale.

Diversity & Inclusion
Online Stage
15:10
30min
ORT: Automate compliance using Open Source & InnerSource
Thomas Steenbergen, Surya Santhi

Setting up or maintaining a FOSS compliance processes is not simple as most organizations use a wide variety of programming languages, code build tools and delivery methods. Ideally, you want to automate most of the compliance work but as most Open Source Program Offices (OSPO) have found out, there are often significant gaps between what is offered by most tools and what you would like to have. Given this, several OSPOs have been collaborating to build OSS Review Toolkit (ORT).

In this session Thomas demonstrates how one can use ORT to safely use, integrate, modify and redistribute third party software including FOSS in your software project(s). He will show a FOSS review from start to finish e.g. from scanning a repository for packages, licensing and vulnerabilities to fixing found issues and generating attribution documents, source bundles and SBOMs (CycloneDX/SPDX).

By the end of this session you should be able to replicate an ORT-based compliance process within your organization including automating your FOSS policy using Policy as Code and save process/review time by using an InnerSource-based review process and re-using FOSS clearance artifacts from the community.

Legal & Compliance
Stage 2
15:10
30min
Understanding Maintenance as a Turing Way
Anne Lee Steele, Danny Garside

The Turing Way - an open guidebook for data science and research - emerged in response to the crisis of reproducibility in science, amidst a growing movement for new ways of managing research data: through initiatives such as the FAIR principles and various open source software projects. As the movement has matured, it has also entered a new phase that has asked different questions about its sustainability, governance, funding, and diversity. As these questions have evolved, so has the wider landscape of technology more broadly, pushing back against the ethos of ‘moving fast and breaking things’ as questions of maintenance come to the forefront. This talk discusses open source maintenance in the context of The Turing Way, within computational communities and open science more broadly: extending into the culture of research itself. It discusses the tensions between developing new ideas to change research culture and the cultivation of maintenance as an ethos for developing, contributing to, and participating in an open source community like The Turing Way.

Governance & Community
Stage 1
15:45
15:45
40min
On the Shoulders of Giants: Security in FOSS
Isabel Drost-Fromm, Thomas Fricke, Gregor "Little Detritus" Bransky

In a world where we stand on the shoulders of giants, where we build systems that are increasingly interconnected, supply chain security is becoming more and more important. As Free and Open Source projects, we believe that we can lead the way for the industry in terms of processes, best practices and technology patterns.

In this open panel, we want to discuss the importance of security in Free and Open Source Software projects. We want to encourage participants of FOSS Backstage to share their questions and insights about topics like supply chain security, security processes, vulnerability disclosure, bug bounties and more.

Governance & Community
Stage 1
16:30
16:30
15min
Closing Session
Plain Schwarz Team

The two day conference is dedicated to everything related to FOSS governance and open collaboration. The fifth edition of FOSS Backstage will take place as a hybrid conference both online and in Berlin at our venue TUECHTIG. Talk will be streamed live and virtual attendees will be able to ask speakers questions.

FOSS Backstage provides a space to discuss a broad spectrum of issues related to community management, vendor neutrality and leading projects without discretionary power. Conference topics will include open source project leadership best practices, community management, open source project metrics, open source strategy for enterprise, adopting open source collaboration in corporations, legal matters when dealing with open source and many more.

With a focus on decentralised decision making and open collaboration FOSS Backstage will be a great place for: developers, architects, sysadmins, community leaders, students and anyone interested in building and managing communities within the open source space, to get together and exchange ideas.

Stage 1
16:45
16:45
30min
Online Get-Together at Spatial Chat
Stage 1
16:45
30min
Online Get-Together at Spatial Chat
Stage 2
16:45
30min
Online Get-Together at Spatial Chat
Online Stage
16:45
30min
Online Get-Together at Spatial Chat
Podcast Stage
16:45
30min
Online Get-Together at Spatial Chat
Kantine