1.15 fossback26 2026-03-16 2026-03-17 2 00:05 https://program.foss-backstage.de https://program.foss-backstage.de/media/fossback26/img/23_FOSSBack_Logo_standard_colour_b0ALw0H.jpg Europe/Berlin Auditorium Keynote 2026-03-16T10:05:00+01:00 10:05 00:40 The tech Industry has relied heavily on Free and Open Source Software for 20 years but under-investing in its security and maintenance has increased global cybersecurity risk. Æva Black will reflect on this history and show how regulations could improve security across the ecosystem. fossback26-85709-can-open-source-be-secure-by-design Security Æva Black en For twenty years, the tech industry has externalized more and more risk into the digital commons of free and open source software. Despite the undeniable economic benefits of open source collaboration, by withholding security-essential features and under-investing in communities which maintain that commons, industry has invited disaster. In response to the sharp rise in global cybersecurity incidents and the role FOSS has played in some of them, some governments mobilized investments and contemplated regulations — such as SOSSA in the U.S. and the CRA in Europe — to improve the safety of our now-digital world. Æva Black will reflect on historical inflection points that led to these challenges and share their view of how the Cyber Resilience Act could create a once-in-a-generation opportunity to improve the sustainability of open source communities through Voluntary Security Attestations. false https://program.foss-backstage.de/fossback26/talk/TYUAXM/ Auditorium Talk 2026-03-16T11:00:00+01:00 11:00 00:30 Policy debates often assume FOSS adoption delivers digital sovereignty. But does it? Sovereignty stems not from license freedoms but from technical capacity and community influence. Active participation in FOSS development—not mere adoption—determines whether nations achieve independence from proprietary lock-in and foreign control. fossback26-83390-does-foss-buy-sovereignty-participation-vs-ownership Governance & Community Mirko Boehm en Digital sovereignty has become central to EU technology policy, with FOSS frequently positioned as a solution to dependencies on foreign proprietary systems. But simply deploying open source software does not automatically deliver sovereignty. This talk examines what actually confers digital sovereignty, license freedoms or something more demanding: sustained participation in development communities, institutional knowledge, and capacity to shape technological trajectories. The critical distinction is between passive adoption (downloading and deploying FOSS) and active engagement (contributing code, influencing governance, operating critical infrastructure). Analysis of different national strategies reveals a counterintuitive finding: copyright ownership matters less than developmental participation. More provocatively, certain forms of international collaboration enhance rather than compromise strategic autonomy, a concept this talk frames as "interdependent autonomy." Participation in global FOSS communities can strengthen rather than weaken national capabilities. Key takeaways: what sovereignty requires beyond license compliance, why passive adoption often fails to deliver independence, how different FOSS governance models affect sovereignty outcomes, and whether collaborative innovation can compete with proprietary R&D for strategic capabilities. The implications reshape procurement policy, workforce development strategies, and alliance frameworks for technology cooperation. false https://program.foss-backstage.de/fossback26/talk/AY3X7W/ Auditorium Talk 2026-03-16T11:35:00+01:00 11:35 00:30 Discover how European local governments successfully collaborate on open source solutions. Based on 5 in-depth case studies including Consul Democracy, Digitransit, and Golemio, learn proven governance models, collaboration archetypes, and actionable strategies for scaling sustainable cross-border digital public services. fossback26-83375-open-source-in-local-governments-lessons-from-across-the-eu Growing Open Source Nicholas Gates en As Europe aims for 100% online public services by 2030, local governments face unique challenges in adopting and reusing open source software, particularly when building internal capacity, adapting for the needs of the public sector, working within existing regulations, and collaborating across borders. This talk presents exciting research from a new Open Source Observatory (OSOR) study on open source in local governments, examining five mature European case studies of local government open source collaboration, from Madrid's Consul Democracy platform used globally to Prague's Golemio smart city solution. Participants will discover three critical collaboration archetypes: local governments as adopters, community actors as stewards, and service suppliers as technical enablers. They will learn how cities overcome barriers like conservative procurement practices, limited technical capabilities, and vendor lock-in through innovative governance models and cross-border partnerships. Key takeaways include: proven strategies for designing reusable solutions from day one, funding models that ensure project sustainability, effective roles for local government associations, and recommendations for building capable service supplier ecosystems. Whether you're a policymaker, technologist, or open source advocate, you will gain practical insights for creating and sustaining digital infrastructure through collaborative open source development in the public sector. false Slides https://program.foss-backstage.de/fossback26/talk/YXBVP3/ Auditorium Talk 2026-03-16T12:10:00+01:00 12:10 00:30 Between major updates for Log4J, substantially increasing test coverage for SystemD, updating hundreds of CVE reports at NIST for Yocto and providing a new infrastructure-as-code solution for PHP, work on FOSS projects for the Sovereign Tech Agency is as varied as it is impactful. This talk recaps the highlights from that past two and half years. fossback26-82853-2-5-years-of-sta-bug-resilience-how-we-helped-a-lot-of-foss Security Jan Lehnardt en Since October 2023 Neighbourhoodie Software has been the Sovereign Tech Agency’s partner for the Bug Resilience Program and has helped improve a large number of high-profile FOSS projects. For FOSS maintainers, this talk covers how the program works, how you can apply and what you can expect from it. For the generally curious, this talk gives a fascinating insight into the variety of the FOSS landscape, what projects of different sizes, ages and importances struggle with, and how the team at Neighbourhoodie managed to make substantial contributions. The insights begin with the peculiarities of how certain projects organise their project communication, what they think is important to address (versus what the world might think is important) and we’ll cover the gratitude project maintainers send us after a job well done. This talk also covers strategies for how to become a valuable contributor in projects of high complexity and impact in just a couple of days. Communication and honesty are obviously key, but some skill is required and this talk will help you get up to speed, should you want to join and help a project. false https://program.foss-backstage.de/fossback26/talk/U9WVEF/ Auditorium Talk 2026-03-16T14:00:00+01:00 14:00 00:30 Digital sovereignty is becoming a key objective of societies and nations. Learn how Digital Public Goods (DPG) like Mastodon can build a decentralised internet and challenge big tech. A joint talk by DPGA & Mastodon—we'll unpack the concept, analyse EU policy, and offer concrete strategies for a sovereign digital future. fossback26-83277-building-the-open-alternative-dpgs-for-digital-sovereignty Growing Open Source Andy Piper en Digital sovereignty—the ability for nations, organisations, and individuals to control their own digital future—is one of the key policy priorities of our time. This joint talk, shared between a representative from the Digital Public Goods Alliance (DPGA) and a team member from Mastodon, will explain how Digital Public Goods (DPGs) are a key building block for achieving greater digital sovereignty in the wake of geopolitical insecurity. We will start by unpacking the term "digital sovereignty" and the role open source technologies and digital public goods play in it. We will then discuss the strengths and weaknesses of core EU policies that support the open source ecosystem, mandating interoperability and data portability as key measures to level the playing field and provide opportunities for open alternative solutions. We will use Mastodon as a prime example of a globally recognised, federated DPG that challenges entrenched market powers, discussing practical pathways for seizing the opportunities EU policies provide. We aim to move beyond philosophical debates to offer concrete strategies for leveraging FOSS for the public good, helping to build and maintain a decentralised and democratically controlled internet infrastructure with sovereignty at its heart. false Slides https://program.foss-backstage.de/fossback26/talk/8HNECT/ Auditorium Talk 2026-03-16T14:35:00+01:00 14:35 00:30 Due to the changed global political situation, digital sovereignty is a priority goal for every organization. The city of Munich has developed a simple method for measuring digital sovereignty and has derived measures based on this. In our talk, we will present the measurement method, planned measures, and how FOSS can help achieve this goal. fossback26-83376-how-the-city-of-munich-measures-digital-sovereignty Governance & Community Jutta Kreyss en With 43,000 employees, the City of Munich administration is the largest employer in the city and has its own comprehensive IT provider. With our own data center, we have the opportunity to achieve a high degree of digital sovereignty. In order to systematically increase our digital sovereignty, we have developed a measurement method that evaluates various criteria. In our talk, we will show how the measurement method is used and what measures have been derived from it. We will place a special focus on measures that promote the use of FOSS. false Slides https://program.foss-backstage.de/fossback26/talk/DBGRPB/ Auditorium Talk 2026-03-16T15:30:00+01:00 15:30 00:30 Inner Source success hinges on easy contributions. However, complex frameworks can be a barrier. We simplified our process by removing bureaucratic hurdles, automating compliance, and simplifying project involvement. Discover how to create a frictionless Inner Source experience and unlock your company's collaborative potential! fossback26-82876-a-frictionless-inner-source-journey Growing Open Source Dr. Wolfgang Gehring en For Inner Source to thrive and gain contributors, we need to make the experience as frictionless as possible. Often, we have built large frameworks around Inner Source with the intention of maximizing safety and governance, but these frameworks can inadvertently create unintended obstacles for potential contributors. Let us share with you how we can address this challenge. We assessed the full process for contributing to Inner Source within our company, including all requirements, necessary actions, and governance regulations. We analyzed and measured where people spend time in the process, and then came up with suggestions for cutting the red tape and also for automating unloved compliance topics. Finally, for a smooth Inner Source journey, also from an individual project perspective, we need to make it as easy as possible to contribute. We’ll share some examples and suggestions here which can serve as a model for achieving this. false Slides https://program.foss-backstage.de/fossback26/talk/HUYQVA/ Auditorium Talk 2026-03-16T16:05:00+01:00 16:05 00:30 The InnerSource commons promotes the adoption of open source practices to accelerate development within a company's culture. It's also said that it prepares the ground for those companies to begin contributing and releasing open source software... but can we prove it? fossback26-83205-is-innersource-commons-good-for-open-source Governance & Community Benjamin NickollsAndrew Nesbitt en Using data from hundreds of millions of open source repositories provided by ecosyste.ms we seek to answer the question: is The InnerSource Commons good for open source? We look at data from 800 member companies to answer what might seem like a simple question, in the process unpacking what it means to support, contribute, and maintain open source software. What a 'healthy' open source project looks like, and where and how we can identify and support important projects that need our help. false Slides https://program.foss-backstage.de/fossback26/talk/LMFJLF/ Auditorium Talk 2026-03-16T16:40:00+01:00 16:40 00:30 Michelin, a 136-year-old industrial giant, is building its open source culture. This talk is a feedback from our OSPO, detailing our strategy, governance, and change management programs. We'll share our progress and achievements, our key lessons, and the significant challenges still ahead on our journey. fossback26-83394-from-tires-to-code-building-michelin-s-ospo Governance & Community Florent ZaraJulien Millau en Launching an OSPO in a global, non-tech-native corporation presents unique cultural, legal, and organizational hurdles. This session provides a practical feedback on how Michelin built and now operates its OSPO. We will walk through the entire journey, covering: * The historical context and business strategy that drove the need for a formal OSPO. * The practical steps of establishing a strong governance model and the OSPO's structure * A deep dive into our multi-faceted program for cultural change. This is now the core of our strategy and includes: * Company-wide training modules (which we are now in the process of open sourcing). * A gamified badging system to incentivise learning and contribution. * The creation and management of an OSS Champions community to scale our efforts. * Our approach to external communication * The tools we use. * And finally, the road ahead us: the significant challenges that remain on our journey. false Slides https://program.foss-backstage.de/fossback26/talk/99J3CV/ Auditorium Lightning Talk 2026-03-16T17:20:00+01:00 17:20 00:05 The W3C integrates accessibility, security, and ethics into web standards. Inspired by UN human rights recommendations, this talk explores the W3C’s review process, its vital importance, and how these principles can be applied to other domains. fossback26-94775-shifting-left-on-human-rights Daniel Appelquist en In Open Standards and specifically in W3C, we have a culture and a process of wide review to ensure that specifications that move through our process are evaluated for things like accessibility, internationalisation, privacy and security. We also have introduced ethical considerations. Meanwhile the UN Office of the Hight Commissioner of Human Rights has released a report last year about how Open Standards development organisations can and should be incorporating human rights into their process. This talk is a speed run through what we're doing in this space in W3C, why it matters - and hopefully how it could be applied to other domains. false Slides https://program.foss-backstage.de/fossback26/talk/CL33TG/ Auditorium Lightning Talk 2026-03-16T17:25:00+01:00 17:25 00:05 Wikidata is a CC 0 licensed, semantic knowledge base of linked data. This talk argues for its use in apps, highlighting its diverse data types and strengths. It concludes with a showcase of existing applications to demonstrate Wikidata’s practical potential. fossback26-94776-using-content-from-wikidata-in-your-apps Jan Ainali en Wikidata is an openly licensed (CC 0) knowledge base containing a wide array of subjects. Thanks to the semantic model, subjects can be linked to each other and it can be queried in various ways. This talk is an argument of why you should use content from Wikidata in your apps. The talk will show what kind of data is available, and what it is particularly good at. It'll end with a mosaic / medley / showcase of a few apps already using Wikidata. false Slides https://program.foss-backstage.de/fossback26/talk/HF89EC/ Auditorium Lightning Talk 2026-03-16T17:30:00+01:00 17:30 00:05 Public institutions increasingly rely on open-source software but lack direct ties to its maintainers. This talk proposes institutionalizing exchange channels to share roadmaps and report bugs. By bridging this gap, both developers and the public sector can better align their goals and strengthen critical digital infrastructure. fossback26-94778-connecting-open-source-projects-with-public-institutions Oliver Drotbohm en Public institutions across Germany and Europe are increasingly building administrative software on open source libraries. Yet the open source projects underpinning this infrastructure often lack visibility into who is using their software, what challenges those users encounter, and which features would be most valuable to the public sector. I propose to institutionalize the exchange between open source projects and public institutions for mutual benefit — establishing direct interaction channels to discuss challenges, communicate roadmaps, report bugs, and broadly strengthen the relationship between maintainers and their public-sector users. false https://program.foss-backstage.de/fossback26/talk/CESJWE/ Auditorium Lightning Talk 2026-03-16T17:35:00+01:00 17:35 00:05 Shared educational efforts need more than static files; they require a scalable, community-driven approach. This talk introduces Eclipse OSILK, a "Training-as-Code" project using AsciiDoc for modular, maintainable training. It enables organizations to tailor content easily while keeping it as evergreen as the software itself. fossback26-94780-training-as-code-scaling-open-source-literacy Florent Zara en Mutualising educational efforts between organisations requires more than just a few PDF/PPT/… slide decks or markdown files shared on a Git repo. It requires a scalable, maintainable, and community-driven approach to education. In this talk, we introduce Eclipse OSILK (Open Source & InnerSource Learning Kit), a brand-new project designed to provide high- quality, modular training materials. We will explore the project's unique "Training-as-Code" philosophy, which leverage AsciiDoc and version control to ensure that training materials remain as evergreen and collaborative as the software they describe. Organisation will be able to easily tailored it to their needs. With this lightning talk, we want to bring on more companies on board! false https://program.foss-backstage.de/fossback26/talk/XRCR9V/ Auditorium Lightning Talk 2026-03-16T17:40:00+01:00 17:40 00:05 Gemini hat gesagt The 2021–2024 xz backdoor attack exploited social engineering to target critical SSH infrastructure. This talk warns that, fueled by LLMs, similar attacks will rise, and the traditional profile of "undermaintained" projects being the only targets no longer applies. Security models must adapt to these sophisticated new threats. fossback26-94782-the-next-xz-attack Daphne Preston-Kendal en Between 2021 and 2024 a successful social engineering attack inserted a backdoor into the xz compression library which, due to xz’s use in the SSH protocol for connecting to remote servers securely, could have allowed the attacker access to practically any server running an open source OS in the world. This talk will suggest that, in the age of LLMs, this is not the last attack of this kind we will see, and that the classical vulnerability profile of an undermaintained project, which was seen in the case of xz, may not necessarily apply. false Slides https://program.foss-backstage.de/fossback26/talk/XHEVEB/ Auditorium Lightning Talk 2026-03-16T17:45:00+01:00 17:45 00:05 We'll host a five minute mini debate on stage on the exciting question of whether or not you should do your homework with the help of AI. The debate will be supported by FOSS maintainers, former and current students. We'll stay strictly within the humorous topic, parallels to FOSS development are entirely incidental and not by intention at all ;) fossback26-94783-should-i-do-my-homework-with-ai-with-parallels-to-foss Isabel Drost-Fromm en false https://program.foss-backstage.de/fossback26/talk/Q37SN7/ Auditorium Off Stage 2026-03-16T18:10:00+01:00 18:10 01:30 Join us for a drink and a chat at our Get Together directly after the conference! fossback26-88191-get-together en What better way to end the first day of FOSS Backstage than with a Get Together? Take the opportunity to meet old and new friends or maybe the person to collaborate with on your next project in a relaxed atmosphere. If your Organization want to support us in offering food and drinks at the get together please contact partner@foss-backstage.de or learn more [here](https://26.foss-backstage.de/become-a-partner/). false https://program.foss-backstage.de/fossback26/talk/TD9BPR/ Auditorium Workshop 2026-03-16T19:40:00+01:00 19:40 01:00 Do you dare to visit a space-station under Berlin? Do you want to visit Germanys oldest Hackerspace? Do you want to enjoy decent food and a mate with fellow FOSS Backstage attendes? The join us! We will send an expedition team from FOSS Backstage to explore c-base and meet the local population. fossback26-83438-tour-c-base-a-space-station-under-berlin Diversity & Inclusion Gregor "Little Detritus" Bransky en 10.000 years into the future humanity will venture into the wide realm of space. In order to terraform planets other planets c-base was constructed as an orbital multivoltine space-station. Due to a Flip-Flop of the Asimov-Constant the cybernetic quicksilver reactor failed. Instead of materializing in the orbit of Gliese 12b c-base was thrown back in the space time continuum by 4.5 billion years and crashed on the surface of earth and slowly sank into the Brandenburg sand. That or something like that is what it´s crew members claim to be the origin story of c-base. Founded in 1995 it is Germanys and probably the world oldest hackerspace run by the NGO c-base e.V. Following it´s creed "be future compatible!" c-base understands itself as a space that allows nerds, geeks, hackers, dreamers and data travelers to gather, converse and discuss how to think and act to make a better future possible. Whatever that may be. In this spirit it not only hosted Lounge of the Chaos Communication Congress when it was held in Berlin. Both the "Förderverein für freie Netzwerke e.V." (2003) german first Freifunk chapter as well as the german Pirate Party (2006) were founded at c-base and the very first BerlinBuzzwords (2009) took place there. To end the first evening of the FOSS Backstage, we offer a tour of c-base. Followed the opportunity to enjoy ending the evening at one of it´s recreational modules with a cold beverage at Sprees waterside with a view of c-base center axis know as the Berliner Fernsehturm to the uninitiated. c-base can be found at Rungestraße 20 close to Jannowitzbrücke. For food orders: https://cryptpad.fr/sheet/#/2/sheet/edit/9+Q5p+q9-UV0r5J8I60HkZLc/ false https://program.foss-backstage.de/fossback26/talk/TLYQRN/ bUm Box Talk 2026-03-16T11:00:00+01:00 11:00 00:30 Improved security in open source is more than a theoretical goal but a plausible reality as shown by nonprofit Open Source Technology Improvement Fund, Inc. Following a best practice of independent code review with a process specifically tailored to open source projects and communities, OSTIF is turning funds into positive security outcomes. fossback26-83227-success-stories-in-open-source-security-audits-with-ostif Security Amir Montazery en The speaker will talk about the importance of security audits and a process tailored to open source communities, and highlight numerous success stories in improving the security posture of open source projects. Examples include the audit of git, kubernetes, ruby on rails, and php-src. The topic is relevant to the audience because the evidence presented in the talk suggests that a real implementable solution to solve the security and technical debt of software projects is tenable. The main takeaways are as follows: (a)Security audits are an effective tool for helping improve the security posture of projects (b)Projects of all sizes, maturity levels, and complexities have benefited from additional security audit work and (c) OSTIF, as an independent nonprofit, is facilitating and executing security audits for critical open source projects at a high level of effectiveness. While many solutions to the security problems of open source are theoretical and require considerable effort, OSTIF has honed in on a process to help open source projects en masse with a well established best practice: independent expert security review. false Slides https://program.foss-backstage.de/fossback26/talk/EUKCJZ/ bUm Box Talk 2026-03-16T11:35:00+01:00 11:35 00:30 Security can fail even when code is correct. Drawing on work with SecureDrop, Qubes OS, and Mailvelope, this talk defines “usability vulnerabilities,” design flaws that cause unsafe behavior, and shows how open-source teams can detect and address them before release. fossback26-83281-identifying-and-addressing-usability-vulnerabilities Security Elio QoshiAnxhela Maloku (Angie) en Even well-engineered security tools can expose users to risk if design choices make safe actions unclear or burdensome. This talk examines how usability directly shapes security, based on Ura Design’s audits and field studies for SecureDrop, Qubes OS, and Mailvelope. We define a usability vulnerability as a design flaw that predictably leads users to unsafe behavior, despite correct technical implementation. Examples include misleading encryption states, ambiguous trust cues, and compartmentalization patterns that break user mental models. The session introduces a repeatable method for identifying and documenting such vulnerabilities within existing security review cycles. Attendees, including maintainers, designers, and security reviewers, will learn how to integrate usability findings into threat models, triage design issues with the same rigor as code CVEs, and prevent security regressions before they reach production. false https://program.foss-backstage.de/fossback26/talk/Z7XHQ7/ bUm Box Talk 2026-03-16T12:10:00+01:00 12:10 00:30 Open source licenses like GPL or MIT matter, but ecosystem is what truly defines how open and sustainable a project is. Open source isn't always as open as it seems! There are many tactics beyond licensing to lock you in - and copyleft isn't always better than permissive, or vice-versa. fossback26-81737-beyond-the-license-measuring-real-openness-in-open-source Legal & Compliance Jos Poortvliet en Open source licenses like GPL or MIT matter, but aren't the whole story. An open project is often rather defined by its ecosystem: transparency, contribution access, buildability, and governance. In this talk, we’ll explore how projects often lean on their license as a proxy for openness, even while locking in features, obscuring build processes, or limiting community agency. I'd like to introduce the “Is It Really FOSS?” initiative, and have a look at how legal license choices intersect with reality. Let's look at lock-in tactics beyond licensing and how to build and steward genuinely open projects that can still be sustainable. Why it’s relevant: • Legal professionals and OSPOs will gain insight into how licensing interacts with project structure and governance. • Entrepreneurs and contributors will learn how to evaluate and encourage true openness—not just in words, but in processes. • It helps you look beyond pure licensing to ecosystem trust and sustainability. false https://program.foss-backstage.de/fossback26/talk/JYA8J9/ bUm Box Talk 2026-03-16T14:00:00+01:00 14:00 00:30 We talk about license changes and risk management for open source companies all the time, but what about how open source companies can use their open source project as a competitive advantage to win in their market? That's what this talk is about. fossback26-83400-how-open-source-companies-win Economics Emily Omier en When an open source companies abandons their open source license, it's rarely because they are horrible people and more often because they've failed to use open source to their advantage. In this talk, I'll draw on concrete examples from five years of The Business of Open Source, plus my experience as a consultant, to talk about ways that an open source project can give a company an advantage in terms of product development, marketing, sales enablement, internal alignment and more. The goal of this talk is to ultimately prevent more companies from abandoning open source by giving them a concrete roadmap for how to not just mitigate risk but really leverage their open source project to accelerate their business growth over the long term. false Slides https://program.foss-backstage.de/fossback26/talk/7D3LYX/ bUm Box Talk 2026-03-16T14:35:00+01:00 14:35 00:30 Anyone who still puts AI-generated code into circulation today has conditional intent to infringe the law – how to limit or at least defer the risk. fossback26-82176-ai-generated-code-legal-risks-and-how-to-reduce-them Legal & Compliance Dr. Andreas KotullaChan-jo Jun en AI tools such as GitHub Copilot are not creative geniuses – they copy! And they do so more frequently and more demonstrably than many people believe. Anyone who incorporates AI-generated code into their software today is often already acting with conditional intent – and making themselves vulnerable to claims for damages, injunctions, and even criminal consequences. We present current developments, figures on the frequency of plagiarism, and other prominent cases, shed light on the legal situation, and explain why companies urgently need to protect themselves. We provide clear answers to burning questions: 1. Why does AI code become a liability risk? 2. How can software manufacturers and purchasers still protect themselves? 3. What technical and legal measures can prevent a ticking time bomb in your own product? Anyone who uses AI code carelessly in the future will be left to deal with the damage. We show you how to save yourself—before it's too late. Speakers: Chan-jo Jun and Dr. Andreas Kotulla false Slides https://program.foss-backstage.de/fossback26/talk/H9QXS9/ bUm Box Talk 2026-03-16T15:30:00+01:00 15:30 00:30 The ORT Server is a platform building on the renown OSS Review Toolkit to automate software compliance checks in a scalable and enterprise-ready way. This talk gives an overview of how to use the ORT Server to deal with obligations of the Cyber Resilience Act (CRA) specifically. fossback26-83336-ort-server-an-open-source-platform-to-automate-cra-checks Legal & Compliance Sebastian SchuberthMartin Nonnenmacher en It is challenging esp. for small to medium enterprises (SMEs) to understand and deal with the obligations from the Cyber Resilience Act (CRA). While commercial solutions exist, these usually come at a high cost and the risk of a vendor lock-in. This talk provides an overview of how the open source ORT Server platform can help here. The talk will start with a bit of history of the OSS Review Toolkit and ORT Server projects, how they relate to each other, who the target audiences are, and highlight some technical differences between the two solutions. While the ORT Server also has a REST API, the talk will then focus on using its dedicated UI for making the complex compliance topic and legal workflows more accessible to less technical users. At a concrete example project, the talk will guide through how to deal with vulnerabilities and other policy rule violations found in a way that fulfills CRA requirements. Finally, an outlook will be given over the upcoming and planned features for ORT Server, extending it a general platform to automate software compliance checks including and beyond other regulations like NIS2 and DORA. false Slides https://program.foss-backstage.de/fossback26/talk/GEVCRG/ bUm Box Talk 2026-03-16T16:05:00+01:00 16:05 00:30 Around the world, governments are building and exporting their own “open” technology stacks — from India Stack to the emerging Deutschland Stack — blending open-source ideals with national strategy. This talk dives into how states are curating open technologies to reflect political philosophies, advance digital sovereignty, and shape global norm. fossback26-83442-curating-power-foss-in-the-service-of-national-interests Legal & Compliance Cassie Jiun Seo en Open source has long been celebrated as a global commons — a space where collaboration transcends borders. But what happens when states start curating their own open stacks? From India Stack to the emerging “Deutschland Stack,” governments are assembling and exporting open-source components as part of their digital public infrastructure strategies. These stacks aren’t just technical blueprints — they’re instruments of digital sovereignty, industrial policy, and geopolitical influence. This talk explores how open source has become a site of stack diplomacy: where nations intentionally assemble, govern, and export open technologies to shape global standards and alliances. Drawing on examples from India, China, and the EU, we’ll unpack how “stack curation” works — how the choice of APIs, identity frameworks, or governance models can reflect national philosophies, and how this transforms open infrastructure into soft (and sometimes hard) power. We’ll discuss what this means for open source communities: How do we navigate the line between openness and national interest? Can open collaboration coexist with state-led curation? And what responsibilities do open source maintainers have in this new landscape? By the end, participants will have a clearer understanding of how open stacks are reshaping global cooperation — and how the open source community can respond to ensure openness remains a principle, not just a branding tool. false https://program.foss-backstage.de/fossback26/talk/BBM8MF/ bUm Box Talk 2026-03-16T16:40:00+01:00 16:40 00:30 Decidim, once reliant on Barcelona’s funding, faced a 2022 crisis that spurred a Sustainability Plan to diversify income. Three years on, we share strategies, challenges, and lessons in securing funding from public, private, and philanthropic sources for FLOSS project sustainability. fossback26-83183-floss-sustainability-lessons-from-a-funding-crisis Economics Nil Homedes en Since its inception, Decidim has relied primarily on funding from the city of Barcelona, creating a dependency on this public organization. In 2022, following a funding crisis that nearly jeopardized the project, we developed a Sustainability Plan aimed at diversifying funding sources and reducing our dependence on a single funder. Three years after implementing the plan, we have made significant progress toward our goal. This session will reflect on our approach and key learnings. We will explain how we designed this plan, the challenges for sustainability that a FLOSS project faces, the learnings we have made during the process and the main actions we have taken We will delve into the different strategies we have designed to attract new funders, especially from the private and philanthropic sector, as well as the challenges we face when it comes to receiving funding from public agencies. Finally, we will evaluate the successes and failures of this plan. This is an ideal talk if you are interested in knowing the challenges that FLOSS projects face when seeking funding, want to learn which are the best strategies to diversify your sources of income and ensure a sustainable growth of your project. false https://program.foss-backstage.de/fossback26/talk/NHYLVP/ Wintergarten Workshop 2026-03-16T11:35:00+01:00 11:35 01:00 The CRA’s Open-Source Software Steward (OSSS) status offers legal recognition and hidden traps for non-profits and volunteer communities. This talk unpacks benefits, duties, liability, and tax effects, helping NPOs use the status safely and avoid accidental burdens. fossback26-83148-open-source-stewards-under-the-cra-npo-pitfalls Legal & Compliance Maximilian Kroker en The EU Cyber Resilience Act (CRA) introduces the Open-Source Software Steward (OSSS) role — a novel legal construct acknowledging entities that systematically support open-source development. While it promises lighter duties than full “manufacturers,” the OSSS label can create unexpected exposure for foundations, associations (e.V.s) and volunteer organizations. This session focuses exclusively on non-commercial actors — not on businesses seeking OSSS qualification — and explores the pitfalls of leveraging the status: • Benefits of OSSS recognition for NPOs: legitimacy, funding leverage, and security-governance credibility. • Problems & Obligations: Article 24 CRA obligations (security policy, vulnerability handling, authority cooperation). • Achieving / Avoiding OSSS classification. • Liability effects: how far the penalty exception in Art. 64 para. 10 CRA could extend to civil liability. • Tax status implications: narrative conflicts between “intended for commercial activities” and non-profit status (Gemeinnützigkeit); mitigation through legal operations and desirable tax legislation. • Other legal angles: antitrust boundaries and GDPR responsibilities. • “OSSS as a Service”: outsourcing as an option for every NPO? And what to keep in mind when signing and executing such an agreement? • Case Studies: ◦ A German Fediverse gGmbH with no non-profit status and it’s U.S. 501(c)(3) counterpart ◦ A Belgian Private Foundation ◦ A German Association with non-profit status <b>This session is an interactive session and therefore not recorded.</b> false Slides https://program.foss-backstage.de/fossback26/talk/BUEQLX/ Wintergarten Workshop 2026-03-16T14:00:00+01:00 14:00 01:00 Open source projects already power citizen science — from mapping air quality to tracking food data. This RIECS-Concept workshop invites developers and community leads to share stories and map what support, tools, and governance are needed to build sustainable, open, and trusted citizen science infrastructures. fossback26-83751-co-creating-riecs-with-open-source-builders Governance & Community Kai-Ti WuFranziska Stressmann en Open source builders are at the heart of many citizen science initiatives — creating platforms, tools, and data systems that enable communities to participate in real research. Yet, these efforts often face similar challenges: maintaining software, ensuring data quality, and sustaining collaboration. This 60-minute RIECS¹-Concept workshop brings together developers, maintainers, and project organizers to share experiences and identify what kinds of technical services, governance models, and community support are most needed. The insights gathered will inform the concept design of a European research infrastructure for citizen science — connecting open source innovation with participatory research and long-term sustainability. Learn more about the RIECS-Concept: <a href="https://concept.riecs.eu/" target="_blank">Project Website</a> | <a href="https://mastodon.social/@riecs_concept/" target="_blank">Mastodon</a> ¹ Research Infrastructure for Excellence in Citizen Science <b>This session is an interactive session and therefore not recorded.</b> false https://program.foss-backstage.de/fossback26/talk/SANATD/ Wintergarten Workshop 2026-03-16T15:30:00+01:00 15:30 01:00 This workshop explores funding and resource models for sustaining FOSS projects. We look at grants, donations, sales, licenses, corporate and student contributions, and more — evaluating the models pros, cons, and fit for different project stages. The goal is to refine a shared, open resource and identify unmet needs. fossback26-83162-stable-software-needs-stable-funding-mapping-workshop Economics Judith Fassbender en Sustaining FOSS projects continues to pose a challenge. As a funder, we are investigating in our research how combining different funding and resource models might offer viable solutions, and where gaps remain. In this workshop, we want to refine a map we are working on that captures different income and resource streams for FOSS projects. We want to engage with the question of which (combinations) of those funding models can sustain which projects or project stages. Next to grants, donations, sales, and capital investments, we map, amongst others, models such as tiered licenses, corporate open source contributions, and contributions by students as part of their coursework. The search for a stable funding model is complicated by better or worse fits of different kinds of communities and software. We are further well aware that none of these models is likely to be a standalone solution to sustain a project and that each of them has its own difficulties. Instead, we want to investigate how combinations of those can balance each other and support different projects and different project stages. In the workshop we want to walk through three tasks in three 10-15min rounds with you: 1. Add models that are missing from the map 2. Specify pros and cons of the models 3. Specify which projects are eligible for which models The session will be closed by taking stock of what is missing: Which demands are not met by the array of listed approaches to sustain projects in the FOSS ecosystem. We welcome everybody interested and invite specifically people who are active in (F)OSS-projects and their support, to participate in reflecting on these questions with us and to contribute to the map. We fund innovative FOSS from society and for society, with funds from the Federal Ministry of Research, Technology and Space. This workshop is part of the research done in our organisation. We intend to make the map openly accessible after the workshop. <b>This session is an interactive session and therefore not recorded.</b> false https://program.foss-backstage.de/fossback26/talk/TRCEGN/ Wintergarten Workshop 2026-03-16T16:40:00+01:00 16:40 00:30 With this discussion following the Chatham House Rule format, we wish to invite FOSS Backstage attendees to come together to explore how communities could issue risk-based attestations sufficient to reduce downstream compliance burdens in ways that support (rather than burden) open source communities. fossback26-93783-secure-by-design-discussion-on-voluntary-security-attestations Security Æva BlackGregor "Little Detritus" Bransky en The Cyber Resilience Act creates a transformative opportunity to strengthen both cybersecurity and the sustainability of open source through Article 25's voluntary security attestation framework. We will examine practical implementation questions: - How do we balance proportional requirements with project maturity? - What governance models work for stewardship, as defined by the CRA? - How can attestations create sustainable funding flows to upstream communities without capture by commercial interests? Your perspective will help determine whether this framework becomes a tool for sustainability or part of a regulatory barrier to open collaboration. <b>This session is an interactive session taking place under <a href="https://en.wikipedia.org/wiki/Chatham_House_Rule" target="_blank">Chatham House Rules</a> and therefore not recorded.</b> false https://program.foss-backstage.de/fossback26/talk/MML79C/ Auditorium Talk 2026-03-17T10:00:00+01:00 10:00 00:30 500,000 SBOMs – that’s the scale of Deutsche Bahn’s software supply chain. How do we make sense of this as a small OSPO in a large non-IT organization? Our strategy: turn this data into actionable tasks. We’ll share practical learnings on prioritizing risks, applying sensible automated compliance, and considering ecosystem sustainability. fossback26-83218-getting-real-with-the-supply-chain-from-sbom-data-to-action Governance & Community Max MehlCornelius Schumacher en The more insight we gain into our software supply chains, the more we face the challenge of acting on it. OSPOs must turn vast data into focused, meaningful decisions. This talk shares a risk-based framework we apply at Deutsche Bahn, designed to be broadly adoptable. It helps prioritize what truly matters: balancing compliance, governance, and sustainability. We’ll discuss how we: * manage regulatory obligations like CRA and NIS2 without overburdening teams * set internal rules and automation that keep compliance practical * identify real risks instead of chasing theoretical ones * facilitate open source culture across the organization to understand and participate in communities * include ecosystem health in our decisions As a small virtual OSPO in a large non-IT company, we focus on pragmatic, incremental steps rather than perfect coverage. The session offers hands-on insights for anyone trying to make sense of large-scale SBOM data and turn transparency into responsible action. false Slides https://program.foss-backstage.de/fossback26/talk/DWU3AS/ Auditorium Talk 2026-03-17T10:35:00+01:00 10:35 00:30 What happens when a federal state truly supports open source? Granted by the state of Saxony, our funding project FOCIS helps ALASCA - Association for operational, open cloud-infrastructures e.V. grow into a more stable, independent home for FOSS projects. We’ll show how public support strengthens open source and what others can learn from Saxony. fossback26-83418-saxony-in-action-supporting-a-lasting-foss-foundation Growing Open Source Dr. Daniel Gerber en What happens when a federal state doesn’t just talk about supporting open source - but actually does it? In this talk, we’ll share insights on how the state of Saxony is becoming a pioneer for open source in Germany: with a clear open source strategy and real financial support such as the publicly funded project FOCIS, which enables our non-profit association ALASCA to grow into a more stable, independent home for open source projects. We’ll take you through our journey from a young association supported mostly by volunteers, to a professionally staffed organization that now supports six projects. With public funding, we were able to hire own employees, stabilize and expand existing governance structures, and lay the groundwork for a resilient open source foundation. You’ll learn: How public funding can help in bootstrapping an open source foundation which benefits and support have been established using public funding What other communities or regions can take from this example This talk is for anyone building or supporting open source communities - from maintainers and foundation organizers to policy makers and public sector advocates - who care about long-term sustainability, governance, and funding models. false Slides https://program.foss-backstage.de/fossback26/talk/M9F7T8/ Auditorium Talk 2026-03-17T11:20:00+01:00 11:20 00:30 Compliance with legislation is not sufficient to build a good user experience, especially when maintaining an operating system used by millions. In this talk, we will share how we are building an accessibility practice that addresses the obvious and the non-obvious, and our learnings from this journey. fossback26-83342-real-accessibility-an-imperfect-honest-journey Diversity & Inclusion Leia RuffiniJuan Ruitiña en Accessibility is as complex as human nature. Making a user experience that is genuinely accessible requires going beyond the letter of the law to address less obvious issues. For instance, it’s trivial to check if two colours have enough contrast; ensuring the language used in an app is easy to understand for everyone, not so much. How can we create incredible accessible products? External agencies may help with audits, but accessibility should be an ongoing effort, not just a one-off project to address existing issues. New features should be accessible from the get-go, ideally validated with real-world users: easier said than done. In this talk, we will share how creating a community of interest and tapping into our team’s diversity helped us come up with a more robust experience. We will also discuss the role of collaboration across disciplines including design, engineering, content and documentation, and how to facilitate community contributions to these efforts. Coming up with a better accessibility practice is not always a straight path, but is definitely a one worth taking. false Slides https://program.foss-backstage.de/fossback26/talk/HBW3UD/ Auditorium Talk 2026-03-17T11:55:00+01:00 11:55 00:30 How the Hare programming language community grew from one BDFL and a ragtag group of early hackers to a productive, sociable, and egalitarian community of happy hackers with a lightweight and effective model of participatory governance. fossback26-82748-building-and-scaling-hare-s-community-governance Governance & Community Drew DeVault en The Hare programming language started in December 2019 with a small, secret prototype and gradually built out a community of curious adventure-seekers who stumbled into its open, but well-hidden, borders. Once unveiled to the public, this community's governance, policy-making, and day-to-day conduct of its affairs grew and evolved with careful deliberation into its present-day form, with 11 co-maintainers of various disciplines and over 100 contributors. This talk will take the audience through each stage of this journey and highlight each of the changes made to its governance over time, explaining how each decision was weighed against our values and practices and helped us grow into a thriving community. false Slide deck https://program.foss-backstage.de/fossback26/talk/AAMAFC/ Auditorium Panel 2026-03-17T12:30:00+01:00 12:30 00:40 Corporate users, volunteer maintainers, and everything in between, how can they work together? In this panel, we bring together different voices to explore: What does each side intend, expect, and need? And how can we bridge tensions in today’s open source supply chain? fossback26-83420-balancing-the-supply-chain-act Governance & Community Sarah HoffmannCornelius SchumacherSven JeroschewskiMelanie WollnikTim Schmetzer en The typical software supply chain has many participants: open source communities, maintainers, companies, and others. There is a rising number of regulations, policies, and processes around that, for example, the Cyber Resilience Act or other security requirements. Expectations of companies sometimes do not match what the community can or wants to offer, and vice versa. The misalignment creates stress on both sides. How can this stress be resolved, so that all participants can benefit from one another and reap the advantages of open source, which has become ubiquitous wherever software is? In the panel, we bring together representatives of different perspectives to discuss these questions. It will cover open source maintainers, companies using open source for internal services and for basing products on, and people working on processes. List of participants: * Moderator: Melanie Wollnik (OpenRail Association and DB Systel) * Sven Erik Jeroschewski (Bosch Digital) * Cornelius Schumacher (DB Systel) * Tim Schmetzer (Osborne Clarke) * Sarah Hoffmann (Open Street Map) Together we’ll ask: * What drives users vs maintainers in the open source supply chain? * Where do expectations clash? * How can process, governance and community shape better alignment? * How can organizations and projects adapt to serve each other, not just co-exist? false https://program.foss-backstage.de/fossback26/talk/DS8DL8/ Auditorium Talk 2026-03-17T14:10:00+01:00 14:10 00:30 Your code is FOSS, but the project uses all the famous and fancy proprietary platforms. Does it matter? Yes. Relying on non-free tools contradicts open source values and hurts your project. This talk pulls the curtain from the damages it makes, busts myths and gives you a director's cut commentary on how to be the hero your story needs. fossback26-82750-foss-behind-the-scenes-the-center-stage-is-not-enough Governance & Community Jan Ainali en The goal of this talk is to spark reflection and conversation about the tools we use to build open source projects, not just the code we write. It is meant to encourage both new and experienced maintainers to think critically about how proprietary tools may, unintentionally, be limiting their communities and values. We'll explore how can we strengthen our open source ecosystem by reducing our dependency on tech giants and supporting community-owned infrastructure. The audience will leave with a better understanding of the trade-offs involved, where to take action, and the motivation to make small changes that lead to more open, inclusive, and resilient projects. Whether you're starting a new project or maintaining a mature one, this talk will challenge you to think critically about the tools you use and advocate for open, community-controlled alternatives that align with the spirit of FOSS. false Slides https://program.foss-backstage.de/fossback26/talk/YVDBR7/ Auditorium Panel 2026-03-17T14:45:00+01:00 14:45 00:40 How can designers navigate in engineering-focused environments? This panel explores approaches for integrating UX into developer workflows and showcasing how design contributions are valuable assets for greater impact in engineering circles. fossback26-83125-navigating-engineering-focused-environments Design Eriol FoxMiguel DivoGlòria LangreoDavid Edler en Open source often thrives on engineering-driven processes, where feedback loops, tools, and contributions are tailored to developers. But where does design fit in? This panel brings designers and engineers together to discuss how UX practices can be embedded in engineering workflows, from using GitHub as a design collaboration tool to framing design contributions in ways developers can get value from. Our panelists will share success stories and lessons from bridging design and engineering in open source. Their experiences as designers and engineers will bring different perspectives to uncover strategies and patterns for making design more visible and impactful in developer-focused environments. They will highlight what worked, what didn’t, and how their approaches evolved across projects and communities. Attendees will take away ideas for embedding design into engineering-focused environments, and inspiration from projects where cross-disciplinary collaboration has led to better user experiences and stronger collaboration. Interested in embedding design thinking into the engineering world? Join us! false https://program.foss-backstage.de/fossback26/talk/VE7UEJ/ Auditorium Talk 2026-03-17T15:50:00+01:00 15:50 00:30 Over the last 20 years the OpenStreetMap (OSM) project has collected an enormous amount of data about our planet and written a lot of Open Source software. OSM-based maps and apps are everywhere. How do you organize two million contributors in a mostly volunteer project to work on a common goal? And what exactly is that common goal? fossback26-83327-the-openstreetmap-community Governance & Community Jochen Topf en OpenStreetMap creates, collects and delivers Open Data about our world. But it is more: It is a worldwide community and a human cultural endeavour. The OSM community, that is millions of volunteers, but also companies large and small, and organisations from the UN down to the local hiking club. How do we organize all of this with an extremely slim (and maybe too slim?) governance structure that is still mostly based on volunteer work? Where does this work and where are the problems? What makes it similar to other digital commons projects and what makes it different? What can we learn from other communities like ours? false Slides https://program.foss-backstage.de/fossback26/talk/TLLJBF/ Auditorium Talk 2026-03-17T16:25:00+01:00 16:25 00:30 Writing a detailed plan to fork, as a disaster recovery plan for tomorrow, is a great way to identify places where you sould be investing more deeply in an open source project, today. fossback26-83059-plan-to-fork-so-you-don-t-have-to-fork Growing Open Source Rich Bowen en If your product or service relies on an open source project, ensuring the sustainability of that project is just good business sense. Forking that source project should be a last resort, to be considered only after all other options have been exhausted. But writing a detailed plan to fork has two benefits. First, it ensures that should the worst happen, you’ve already considered how you’ll deal with it. But perhaps more importantly, thinking proactively about forking will help you take actions that will ensure that it never gets to that. false https://program.foss-backstage.de/fossback26/talk/SSZGTE/ Auditorium Talk 2026-03-17T17:00:00+01:00 17:00 00:30 Over the past decade, the Open Source Hardware Association has certified thousands of pieces of hardware from almost 70 countries as open. We've learned some things and want to share! fossback26-82713-lessons-from-10-years-of-certifying-open-source-hardware Governance & Community Michael Weinberg en In 2015, the Open Source Hardware Association (OSHWA) kicked off the process of creating an open source hardware certification.[1] In the decade since, OSHWA has certified thousands of pieces of hardware from over 60 countries on 6 continents [2] as compliant with the community definition of open source hardware.[3] This presentation will discuss why the certification program was created in the first place, how it is being used today, and what lessons other communities might be able to learn from its success. [1] https://certification.oshwa.org/ [2] https://certification.oshwa.org/list.html [3] https://www.oshwa.org/definition/ false Slides https://program.foss-backstage.de/fossback26/talk/RES9SW/ bUm Box Talk 2026-03-17T10:00:00+01:00 10:00 00:30 Open source security is often overlooked until a crisis hits. This talk compares the impact of volunteers versus dedicated full-time security engineers in the Python and Ruby ecosystems. It highlights how consistent investment strengthens community resilience, reduces risk, and proves that security isn’t a cost but an essential strategy. fossback26-82534-the-power-of-dedicated-security-engineers-vs-volunteers Security Miaolai Zhou en Perfect security works like a transparent umbrella — it shields you from the storm, often without you realizing there’s one. That invisibility, however, is why open source security is too often seen as a cost rather than a strategic investment. Most organizations only start paying attention to security after a crisis — think Log4j — when it’s already too late. In the open source world, many projects depend on volunteers to respond to security incidents. Their contributions are invaluable, but what happens when projects have dedicated, full-time security engineers instead? In this session, we’ll explore that question through the stories of Mike, Seth, and Samuel, who once volunteered their time supporting security in the Python and Ruby ecosystems. With funding from AWS and Alpha-Omega, they later became full-time security engineers employed by the Python Software Foundation and Ruby Central. By comparing their impact as volunteers versus full-time professionals, we’ll quantify the value of dedicated security investment and measure its return on investment. Open source is everywhere — securing it benefits everyone. Through this talk, we’ll challenge you to rethink security not as an afterthought or a cost center, but as a core strategy worth proactive investment. false https://program.foss-backstage.de/fossback26/talk/RJPA3K/ bUm Box Talk 2026-03-17T10:35:00+01:00 10:35 00:30 The largest users of the Open Collective Platform set up a coup and ousted the initial investors. We are now a 501(c)(6) membership nonprofit. We would love to share how our governance has evolved, our current challenges in achieving financial sustainability, and how we have contributed to the open-source ecosystem. https://blog.opencollective.com fossback26-83346-how-open-collective-moved-from-a-for-profit-to-a-non-profit Governance & Community Shannon Wray en The Open Collective Platform has been a big advocate for open-source since it's inception in 2015. Not only have we helped the open source ecosystem but it has supported our growth in return. The largest Fiscal Host on our platform is Open Source Collective. The true open-source back office star. Ensuring the legal and accounting compliance of over 3000 open-source projects. Our platform enables these projects to transparently showcase their financials. Highlighting the critical gaps in funding and encouraging collaborative ownership. https://discover.opencollective.com/opensource Open Source Collective has been a key instigator in freeing the platform from it's venture capital history and pursing true community ownership. We would love to celebrate this and dive into how this was negotiated. It's one thing to take the step and become community owned, it's an entirely different reality to shape the shared governance and put our words into action. While we are still grappling to find our footing and achieve financial sustainability. We would love to share the governance processes we have implemented and the key challenges we have faced. What was sacrificed and lost in the process and what challenges do we still need to navigate. false Slides https://program.foss-backstage.de/fossback26/talk/GPKF7H/ bUm Box Talk 2026-03-17T11:20:00+01:00 11:20 00:30 Open software thrives through open tools and collaboration. Hardware remains trapped behind prohibitively expensive tool licenses and limited foundry access. Why? This talk explores the structural barriers preventing hardware from following software's path, and why solving them requires entirely new institutional forms, not just better policies. fossback26-83360-why-has-hardware-infrastructure-diverged-from-open-software Economics Tara Tarakiyee en Open source software transformed computing through collaborative infrastructure. Why hasn't open hardware followed? Despite decades of advocacy and similar technical collaboration potential, we still face expensive tool licenses, foundry barriers, and fragmented volunteer projects. This isn't an accident, it's the result of the biggest industrial policy failure of the last century. **Three Critical Divergences** Capital intensity: Software tools scale to reasonable costs, once built, they can distributed generally at low-cost. Hardware requires unavoidable physical capital: €100K-€1M annual EDA licenses, €500K-€2M foundry access minimums, substantial prototyping costs. This creates fundamentally different economic dynamics that can't be overcome through better licensing or community organizing. Institutional vacuum: Open software largely succeeded because new organizational forms emerged to employ maintainers, coordinate development, and provide infrastructure at scale. Open hardware has no equivalent institutional layer. Universities produce research, not production tools. Companies optimize for proprietary capture. Traditional foundations lack capacity to employ hundreds of engineers or deploy patient capital. Governments fund research grants, not operational infrastructure. The missing piece is the organizational capacity to build and maintain technology commons. Revenue generation: Software can monetize through services, support, and usage, value extracted without controlling physical production. Hardware value concentrates in intellectual property, manufacturing and supply chains, making service-based sustainability far harder. This determines which organizations can viably build hardware commons long-term. **Why the FOSS Community Should Care:** Hardware is becoming the constraint on software freedom. European tech companies pay billions annually in proprietary tool licensing. Supply chain concentration creates strategic vulnerabilities, and geopolitical tensions could cut access to critical design tools or fabrication. Digital sovereignty requires open hardware foundations, not just open software. Without addressing this, FOSS gains remain dependent on proprietary infrastructure. What You'll Learn: Why replication fails: Software's organizational models don't transfer to hardware due to structural economic barriers. You can't create "Apache Foundation but for chip design" because the capital requirements, employment scale, and revenue dynamics are categorically different. The missing institution: What would an "Open Hardware Infrastructure Works", a public institution maintaining open hardware infrastrucutre, might look like? What would an institution like that be able to do to level the playing field and open up hardware development? How would an institution like that be financed? What can we learn from precedents: adapting models from highway authorities, utility companies, and transnational consortia for big infrastructure projects? This isn't about better funding models or governance reforms. It's recognizing that hardware commons require institutional forms that don't yet exist. Just as societies created new organizational types for railroads, electrification, and telecommunications, we need purpose-built institutions for 21st-century technology infrastructure. The question isn't whether open hardware is desirable, that is clear, it's whether we can design and build organizations capable of developing it at competitive scale. This talk is relevant for anyone working on digital sovereignty, FOSS sustainability, supply chain resilience, institutional design, or infrastructure commons, and anyone frustrated that hardware seems perpetually behind software in open development despite equivalent technical collaboration potential. false Slides https://program.foss-backstage.de/fossback26/talk/RZMDHZ/ bUm Box Talk 2026-03-17T11:55:00+01:00 11:55 00:30 The Cyber Resilience Act (CRA) will require FOSS projects to step up their security and, following the logic of the FOSS ecosystem, produce attestation for their software. This talk introduces fair-share cost tokens - a feature which supports financial flows along open source software supply chains. (No blockchain) fossback26-83440-fair-share-cost-tokens Economics Gregor "Little Detritus" Bransky en The goal of this talk is to provide an overview of the economic component of the CRA attestation project [1]. Fair-share cost tokens are cryptographically signed tokens which allow manufacturers to prove that they are making their "fair" contribution to the health of their FOSS Ecosystem. Whenever a commercial software producer - a manufacturer in terms of the CRA - includes FOSS code maintained by a legal entity - an Open Source Software Steward in terms of the CRA - the token is used for attestation. Thus, the two parties can create a communication channel in case of a security incident. The same mechanisms should allow to bring resources deeper into the supply chain, as it can also be used by software stewards to allocate resources towards stewards whoms codebase they are using. Frameworks like SCITT [2] and Omnibor [3] could allow for their technical implementation. However, some policy work is required to make the situation of potential FOSS projects in the EU compatible with 501 (c) 3´s in the US. [1] https://github.com/orcwg/cra-attestations [2] https://datatracker.ietf.org/wg/scitt/about/ [3] https://omnibor.io/project/ false https://program.foss-backstage.de/fossback26/talk/SUZPJ7/ bUm Box Talk 2026-03-17T12:30:00+01:00 12:30 00:30 A brand isn’t just a logo, it’s the story people tell each other about what you stand for. In open source, that story builds trust, sparks curiosity, and inspires contribution. This talk explores how storytelling and brand design can create welcoming open source projects. fossback26-83431-keeping-the-flame-alive-storytelling-for-open-source Design Nicole Weber en Open source runs on community, and communities run on stories. A good story gives people a reason to join, stay, and care. In this session, we’ll explore how storytelling can strengthen open-source communities and help build trust and excitement. We’ll look at practical examples of how to tell a story with visual design and what role motion, iconography, tone and voice, or color play. I’ll also share practical tools to help teams maintain their story over time that help align contributors around a common message. By the end, you’ll leave with an actionable framework that connects people and builds trust, and keeps the open-source flame burning bright. false https://program.foss-backstage.de/fossback26/talk/DRSUPK/ bUm Box Talk 2026-03-17T14:10:00+01:00 14:10 00:30 Free and open standards, and the open processes behind them, can lay the foundation for innovation, interoperability, and compliance across EU digital, environmental, and industrial policies. Drawing on the Linux Foundation’s State of Open Standards report, this talk explores their potential to strengthen regulation, trust, and competitiveness. fossback26-83214-why-open-standards-power-compliance Growing Open Source Madalin Neag en In an increasingly digitalized Europe, legislation such as the Digital Markets Act, AI Act, and Cyber Resilience Act, depend on technology-neutral, interoperable frameworks to achieve their goals. Free and open standards, together with transparent and inclusive standardization processes, are emerging as essential tools for effective and accountable regulation. Drawing on the Linux Foundation’s report, The State of Open Standards, Standardization and Patents in Organizations, this session explores how open standards are becoming a pillar of digital policy implementation. The research shows that nearly 80% of organizations view standardization as vital for compliance and strongly favor openly developed standards over proprietary or closed models. We will examine three interconnected policy dimensions: Why open standards matter for Europe and how they reduce dependency, enhance interoperability, improve quality, and advance strategic autonomy while supporting legislative aims such as transparency, data portability, and resilience. What attributes drive trust and adoption: how openly published, consensus-based, and extensible standards strengthen compliance, innovation, and public confidence. How policy can embed openness and the practical approaches for European institutions, standardization bodies, and industry to align around “free and open” standards as enabling infrastructure. This includes integrating open standards into procurement frameworks, certification schemes, and public-private partnerships. The discussion will also consider the evolving role of standard-essential patents (SEPs) and the balance between openness, innovation, and fair intellectual property practice. Attendees will leave with actionable insights on how to integrate open-standards thinking into policy design, regulatory compliance, and procurement strategy, turning evolving EU mandates into an opportunity for digital resilience and sustainable competitiveness. false Slides https://program.foss-backstage.de/fossback26/talk/CYZPLB/ bUm Box Talk 2026-03-17T14:45:00+01:00 14:45 00:30 This talk explores the BBC’s experience maintaining a fork of dash.js for media playback. It covers the motivations, trade-offs, and strategies to reduce maintenance overhead - such as upstream contributions and community engagement. fossback26-83416-a-fork-load-of-maintenance-forking-a-key-dependency Governance & Community Tom SadlerJoel Keers en The benefits of building software on top of open source solutions are well understood, such as avoiding reinventing the wheel, leveraging global expertise, and enabling interoperability. Another benefit is the ability to customise open source software for your use case, but in practice this will often be done by making a fork of the project, which can result in a significant maintenance overhead. This talk is a case study of the BBC's fork of dash.js, a JavaScript library for media playback that is a key dependency for BBC web and connected TV apps. We will explore the reasons why a fork is being maintained, what the costs and benefits have been, and what is being done to reduce the maintenance overhead going forwards, including contributing to the mainline and engaging with the community. Attendees will come away with a better understanding of why and why not to fork, and how to reduce the burden of maintaining a fork. false https://program.foss-backstage.de/fossback26/talk/UGV9LX/ bUm Box Talk 2026-03-17T15:50:00+01:00 15:50 00:30 We have conducted an in-depth study into the political, legal and economic feasibility of an EU Sovereign Tech Fund (EU-STF), a fund for the maintenance of open source infrastructure, building on the successful example of the German Sovereign Tech Agency. Learn about our findings and how you can help us make the EU-STF a reality. fossback26-83202-we-need-a-european-sovereign-tech-fund Economics Felix RedaNicholas Gates en This talk is a call-to-action to join our campaign to convince the European Union that, in order to secure its digital future, it should invest in open source maintenance via an EU Sovereign Tech Fund (EU-STF). Right now, the EU is negotiating its multi-year budget for the period of 2028-2034. Traditionally, the EU budget has been focused on regional development and agriculture, but more and more policymakers are realizing that investment in our digital infrastructure is just as important as maintaining physical roads and bridges. We have conducted an in-depth study into the political, legal and economic feasibility of an EU fund for open source maintenance, building on the successful example of the German Sovereign Tech Agency. We assembled a coalition of supporters from industry and civil society, and we have presented our proposal to the European Parliament and Member States. Now it’s time to take the campaign to the next level and we need your support to make it happen. The goal of this session is to present the high-level design principles of the EU-STF and demonstrate why mission-driven investment, coordinated by the public sector, is important for the diversification of Europe’s funding landscape. It will demonstrate how such a proposal can directly improve the sustainability and health of the open source community globally, and why this is so important for Europe in achieving its digital future. false https://program.foss-backstage.de/fossback26/talk/CYZZHS/ bUm Box Talk 2026-03-17T16:25:00+01:00 16:25 00:30 Companies that develop Free Software face a problem: competitors disguising proprietary software as “open” and undercutting Free Software products in public tenders. Such practices distort competition and undermine strategic procurement and digital sovereignty. Which openwashing methods are used, and what can be done about it? fossback26-83350-let-s-tackle-openwashing Growing Open Source Johannes Näder en Openwashing has become a growing challenge for users, developers, and public administrations, and for the entire Free Software ecosystem. Using various methods, some companies advertise their products as “free” or “open”, while in reality distributing proprietary software. The supposed creativity of these openwashers is remarkable: whether by using free/open wording, by introducing new licences that falsely appear to be free, or by imposing additional barriers that make it more difficult to use the freedoms offered by Free Software. This misleading behaviour undermines efforts to achieve digital sovereignty through Free Software. It weakens strategic procurement aimed at ensuring that public money funds Free Software, as promoted by the Free Software Foundation Europe’s "Public Money? Public Code!" initiative. It also distorts competition, misleads customers, and erodes trust in the Free Software ecosystem. The FSFE has been analysing openwashing and other questionable market practices over the past years. In this talk, we will look at concrete examples and examine how they harm Free Software manufacturers and maintainers. Finally, we will discuss what administrations, regulators, and the Free Software community can do to curb openwashing. false https://program.foss-backstage.de/fossback26/talk/JLKZQX/ bUm Box Talk 2026-03-17T17:00:00+01:00 17:00 00:30 Most open source software is not maintained by a large community but by a single person in limited time. For them, best practices developed in large projects might not be feasible to apply – but what can be done instead? fossback26-83201-best-practices-and-very-small-projects Governance & Community Jan Dittrich en Most open source software is not maintained by a large community but by a single person in limited time. Hobbyist maintainer projects have previously been discussed from the perspective of security risks and reliance of complex ecosystems on single actors (cue XKCD 2347 "Dependency"), but this talk will focus the tools and work methods at the hand for these developers in regards to community building, usability and documentation. A lot of practices that might be helpful to improve software imply the availiability of resources, most importantly team with diverse, complementary skills. But most maintainers do not have access to these resources. I suggest that we need an awareness and appreciation of small project and a critical review of tools and work methods for their fit for the situation of small projects. I will use examples from usability to show the problems of many commonly recommended methods as well as alternatives that are better suited. false "Open Source is one person" by Josh Bressers Slides https://program.foss-backstage.de/fossback26/talk/DXMQXU/ Wintergarten Talk 2026-03-17T10:00:00+01:00 10:00 00:30 "Why aren’t more people contributing?" Contributors are the lifeblood of open source, yet many projects struggle to grow beyond a small core team. In this workshop, you will learn simple, hands-on techniques to get more people contributing to open source projects. fossback26-81591-docs-demos-and-mentors-growing-open-source Growing Open Source Mustapha Rufai en Why do promising open source projects struggle to attract and keep contributors? After training 2,000+ developers across Africa and Europe and leading community engagement for 10,000+ API users at Paga, I’ve seen the answer firsthand: contributors vanish when documentation is dense, demos are missing, or mentorship is nonexistent. This talk transforms those gaps into growth engines. I’ll break down three pillars to turn your project into a self-sustaining contributor magnet: A. Docs as Onboarding Engines i - Transform static guides into interactive pathways that welcome newcomers and accelerate their first PR. B. Demos as Trust Builders i - Use lightweight, reproducible examples (e.g., GitHub Codespaces) to prove your project’s value in seconds—not hours. C. Mentors as Multipliers i - Design scalable mentorship models that pair newcomers with experienced contributors without burning out maintainers. You’ll walk away with: 1 - A playbook to make docs actionable, demos irresistible, and mentorship sustainable. 2 - Metrics that matter: time-to-first-PR, repeat contribution rates, and retention benchmarks. 3 -Anti-burnout strategies to operationalize growth while protecting maintainer energy. Drawing from global projects (like Kubernetes) and local communities I’ve supported), this session answers the questions every maintainer asks: "Why aren’t more people contributing?" "How do we scale without adding more maintainers?" If you’re tired of answering the same beginner questions or watching contributors slip away—this is your roadmap to resilient growth. false Slides (PDF) https://program.foss-backstage.de/fossback26/talk/N7WTHZ/ Wintergarten Talk 2026-03-17T10:35:00+01:00 10:35 00:30 What happens when a developer-first open source project tries UX research for the first time? This talk tells the story of Prometheus's first UX mentorship and explores the reality of introducing research to a dev-first community. Was it worth it? Will they do it again? And what can other OSS projects learn from their experience? fossback26-83116-lessons-from-prometheus-s-first-design-mentorship Design Victoria Nduka en When I joined the Prometheus project through the [Linux Foundation Mentorship](https://mentorship.lfx.linuxfoundation.org/project/36e3f336-ce78-4074-b833-012015eb59be) program, UX research wasn’t something the community had ever done before. Prometheus is a mature, developer-focused open source project, so introducing UX research meant stepping into new territory—for both me and the community. This talk shares what that experience looked like: the messy but rewarding process of doing UX in the open, learning to align design with a developer culture, and building trust in a space where design wasn’t yet a familiar practice. It also looks at what happened after the research: the impact on the project, the momentum it created for future design work, and how Prometheus continues to nurture design contributions today. Key takeaways: - Candid lessons from integrating design into technical open source communities - What helps design efforts become part of the community, not just a one-time experiment - Practical insights for projects considering design contributions and for designers exploring open source. false Slides https://program.foss-backstage.de/fossback26/talk/XUFL3H/ Wintergarten Talk 2026-03-17T11:20:00+01:00 11:20 00:30 Open-source ecosystems run on more than code, they run on story. Beyond commits, shared narratives sustain trust and belonging. At WriteTech Hub, we turned storytelling into infrastructure, every doc review, milestone, and mentor invite reinforced one truth, you belong here, and what you build matters. fossback26-83387-narrative-infrastructure-storytelling-to-grow-open-source Growing Open Source Zainab Daodu en Every open community runs on more than code, it runs on story. In this talk, I’ll explore how storytelling can be used as narrative infrastructure to build stronger, more inclusive open-source communities. Drawing from my experience leading WriteTech Hub and contributing to open documentation initiatives, I’ll show how narrative can align diverse contributors, spark engagement, and sustain collaboration over time. We’ll unpack practical ways storytelling can humanize onboarding, strengthen contributor identity, and create trust in open ecosystems. Attendees will leave with simple frameworks to use story as a tool for communication, governance, and culture-building. At a time when contributor burnout and disengagement are rising, this talk offers a fresh, human-centered approach, helping communities reconnect with why they build, not just what they build false Slides https://program.foss-backstage.de/fossback26/talk/8GXJZB/ Wintergarten Talk 2026-03-17T11:55:00+01:00 11:55 00:30 Africa is rich in tech talent, many of whom are eager to contribute to open-source projects. However, due to the technical requirements needed to get started with open source and a lack of proper mentoring and guidance from these communities, many talents are discouraged. This talk explores ways to mitigate this problem. fossback26-83225-bridging-the-gap-encouraging-african-talent-to-open-source Growing Open Source Seyi Kuforiji en Africa has a talented pool of tech enthusiasts. In recent years, there has been a meteoric rise in the number of young people in Africa actively learning tech skills and aspiring to be part of the future. Despite Africa’s growing developer population, African contributors remain underrepresented in open source. In this talk, I’ll share my journey into open source as an Outreachy intern working on the Git project and highlight the problems that many African developers face, from limited access to resources to a lack of awareness and socio-economic hurdles. I’ll explore practical ways we as a community can bridge these gaps through mentorship, outreach, and inclusive programs. false Slides https://program.foss-backstage.de/fossback26/talk/HMCHND/ Wintergarten Panel 2026-03-17T12:30:00+01:00 12:30 00:40 There are so many open source projects and not enough contributors to sustain them all over the long term. With many open source projects desperate for contributors, how do we educate the next generation of open source contributors to grow the contributor base for all of us? fossback26-83037-educating-the-next-generation-of-open-source-contributors Growing Open Source Ruth IkegahDawn FosterPeculiar C. UmehStephen Walli en Open source is the foundation of modern software, yet many projects struggle with sustainability, not just in attracting contributors, but in ensuring they stay, grow, and thrive. The landscape of open source contribution has evolved dramatically, demanding a fresh approach to educating potential contributors as part of broader community building and contributor engagement strategies. Every educational program depends on participant support for projects and mentors towards the programs’ outcomes, and we need industry participation to make these programs successful. The only way for these programs to scale to the growing and various needs of program organizers is for more people to understand how these programs work and how to engage with these programs to support their own diverse needs to grow the broad open source contributor pool. By getting a wide variety of industry support from companies and the maintainers who are employed by these companies, we can create educational programs where students learn the skills that they need to participate in open source projects and become our next generation of contributors. In this panel, we’ll talk about education programs for our youth and university students. We’ll discuss the landscape of open source contributors in the different regions along with the motivations for participation in open source and how those differ across regions. Because we want contributors who will continue contributing, we’ll also talk about some challenges that prevent sustainable contributions over the long term. Our panelists have experience teaching open source to university students, creating and sustaining open source education and contribution programs, and building new open source communities in Africa. In this panel, we’ll talk about what we’ve learned, what’s worked, and provide tips for you to grow the next generation of contributors from within your local communities. This talk presents attendees with a breadth of perspectives on educational programs, how they work, and how we can all work together to make them successful. false https://program.foss-backstage.de/fossback26/talk/K9HLLE/ Wintergarten Workshop 2026-03-17T14:10:00+01:00 14:10 01:00 In this hands-on workshop, we’ll create a No-Code Contribution Map to show how skills like writing, design, outreach, and accessibility promote adoption and inclusion. Leave with strategies to grow diverse, welcoming, and sustainable communities. fossback26-81164-everyone-belongs-to-open-source Diversity & Inclusion Cynthia Udoh en For open source to reach new audiences and grow sustainably, it must welcome and recognize more than code. Skills like event organizing, technical writing, design, and accessibility advocacy are vital to promoting adoption and building inclusive communities. Yet many projects still lack structures that value these contributions. This 60-minute workshop reframes diversity and inclusion in open source by demonstrating how non-code contributions are powerful tools for outreach and growth. Participants will reflect on their own skills, map them to real project needs, and collaboratively create a No-Code Contribution Map, a framework that connects diverse abilities to concrete ways of promoting and sustaining open source. We will also explore practices that support inclusivity: onboarding pathways for non-technical contributors and recognition systems that ensure everyone feels they belong. Learning Outcomes: Understand how non-code contributions promote adoption and inclusion. Build a practical No-Code Contribution Map for open source projects. Gain strategies for designing contributor journeys that welcome everyone. Learn inclusive practices that strengthen open source outreach and growth. false Slides https://program.foss-backstage.de/fossback26/talk/A9UTRX/ Wintergarten Talk 2026-03-17T15:50:00+01:00 15:50 00:30 "It's free as in speech, not free as in beer." But is 'free speech' the kind of freedom FOSS projects should aim for? Should we instead focus on positive freedoms—not just the right, but the ability to achieve our aims? This talk argues for the latter, and charts a course for how to do so, drawing from the psychology framework of intersubjectivity. fossback26-82845-free-as-in-friendship Governance & Community Shauna Gordon-McKeon en "It's free as in speech, not free as in beer." How many times have you heard people define free software this way? But free speech, as important as it is, is only one kind of liberty. When we think of freedom only in terms of freedom from restraint—the restraint of government censors, or the restraints of proprietary licenses—we miss out on whole other categories of freedom. "Positive liberties" are those we enjoy through the support of others. They are "freedom to", not "freedom from". Positive liberties tend to be harder to define and harder to realize than negative freedoms. For example, if a piece of FOSS is difficult to modify, the user may have "freedom from" prosecution for modifying the software, but no real "freedom to" modify it. And not because the maintainers don't want to give them that freedom! But "freedom to" is often complicated, messy and contextual. This talk charts a way forward through the complications and the mess: friendship. The words "freedom" and "friend" come from the same root, the Proto-Indo-European "prī-", meaning "to love". It is love and friendship that allows us to navigate the complex ways that we depend on each other, without turning dependency into coercion—in other words, without turning our efforts to achieve positive liberties into violations of negative liberty. This talk focuses on a particular conceptualization of friendship from relational psychology, called "intersubjectivity". We will discuss what intersubjectivity is, how it helps protect us from coercion and enables us to flourish, and how we can practice intersubjectivity within FOSS projects and within all our communities. false https://program.foss-backstage.de/fossback26/talk/BQPCUJ/