Open Source Summit Europe 2024

Those who forget history are doomed to repeat it at a much higher price tag. In these days of new restrictive licenses, It may help those who have grown up with open-source get a quick history lesson on what life was like back in the day when you bought everything - hardware, software, manuals, training - from a sole vendor. Interoperability was minimal, code sharing between different hardware brands was next to impossible, and a manufacturer's new line of products could instantly reduce your investment to zero value. Then came Unix (and later Linux), TCP/IP, and the revolution that produced our current outlook on software and systems. Help keep open-source from slipping away by understanding what we once endured and what many have to suffer through again.

Worldwide, we spend close to 2 trillion dollars per year for the loaded cost of software developers. If every company spent just 0.05% of that amount to fund open source maintainers, we’d unlock a billion dollars per year to fund the maintenance of open source. That would pay the full time salaries for thousands of maintainers, their managers, security training, etc. That seems fairly cheap for software that accounts for 70% to 97% of our software stack depending on how you count. And just imagine the positive impact on the security of our software supply chain! What are we waiting for? We’re way overdue making a clear distinction between open source developers and open source maintainers and professionalizing the latter. This talk will explore what doing so would actually look like and give an overview of the current efforts to support open source maintainers.

For the first time in history almost everyone uses open source, albeit often without getting the benefits of free software. Open source has accomplished unparalleled success in the IT industry, but with success comes challenges and risks. Over recent decades we have seen business models change while the industry and the users found the best ways to use open source. With software as a service we now see a fairly new but very successful approach, that goes hand in hand with open source, but is not without issues. This presentation will walk the audience through different approaches of monetizing and developing open source and examine the consequences of SaaS models for the open source ecosystem, both for business models and software development It will also point out how recent developments show the resilience of the Open Source world.

"Next-Gen Testing and Compliance: Ensuring Integrity in a Complex World" delves into evolving testing and compliance frameworks to match the pace of digital innovation. This talk underscores the necessity for advanced methodologies to ensure standards maintain relevance and integrity amidst rapid technological advancements. We'll explore cutting-edge testing frameworks utilizing automation, AI, and machine learning, boosting the accuracy and efficiency of compliance checks. Highlighting adaptive testing environments, we emphasize simulating real-world scenarios for a nuanced approach to the software-hardware interplay in contemporary devices and systems. The session also tackles the challenge of keeping pace with compliance as technology outstrips regulation. We'll provide insights into anticipating future standards and preparing for compliance proactively. Through case studies of successful next-gen testing and compliance strategies, attendees will learn to navigate the complexities of maintaining specification integrity in our digital, interconnected era.

This talk explores the challenges and solutions associated with conducting integration testing in hybrid cloud environments, where applications span both on-premises (z/OS) and cloud infrastructures. Focused on the innovative Galasa open-source project, the discussion delves into how Galasa addresses the complexities of hybrid cloud testing, offering a comprehensive framework for validating the interoperability of diverse components. Attendees will gain insights into practical strategies, best practices, and real-world examples, empowering them to effectively navigate the intricacies of integration testing in the evolving landscape of hybrid cloud computing.

We won! Open source software is everywhere... so now what? Shifting left starts at the beginning – ensuring the security of open source software requires careful evaluation, use, and contribution. This talk will cover some important challenges in securely consuming open source software. Attendees will learn to evaluate projects based on active maintenance, patch cycles, and vulnerability management. We will explore the role of project documentation, code contribution expectations, and community involvement in project maturity and code quality, as well as tools and community guidance. Walk away with the beginnings of a practical framework and checklist that you can mold to your own needs.

Join us in taking a look at how the Sovereign Tech Fund, a state-funded organization in Germany, has been developing ways to strengthen and support the free and open source ecosystem in the public interest. This ecosystem underpins the digital infrastructure, in particular the software components and tools, on which governments, private companies, and individuals rely. But what does it mean to strengthen this ecosystem? In this session, we’ll look at the different ways STF is putting public money to work for this mission. Some issues STF is working on include: a) Limited funding for long-term maintenance and security work b) Fragmented career and employment prospects for project maintainers c) Growing the pool of open source maintainers and contributors We’ll include lessons from the first two years of our existence, some insights from our survey of open source maintainers, as well ideas on how all the different parts in the FOSS landscape can work together for a more resilient and fair system. This is a work in progress, but we’re trying to ensure the software our societies depend on is sustainable in the long-term.

We want to take you along in how modest yet "BOLD" ideas can spark and catalyze transformative organisational changes in the public sector. This session traces the evolution of small, innovative concepts into collaborative open source projects that revolutionize bureaucratic processes and cultural mindsets. We'll highlight the importance of discovering and collaborating with motivated and inspiring individuals who share a vision for change and embodying that change. By sharing our experience, you will gain insights into how these partnerships are crucial for activating and navigating the complexities of government structures, gaining support, creating momentum, and sustaining it. We transformed innovative sparks into powerful engines for systemic change by leveraging agile methodologies, engaging stakeholders, and building a coalition of champions. We aim to empower inspired individuals to continue championing their ideas, demonstrating that even the smallest initiative, when supported by the right people, can lead to significant transformations in governance and the way we serve the public.

The European Union has approved a €1.2 billion investment in the development of the first interoperable and openly accessible European data processing ecosystem, known as IPCEI-CIS. This initiative aims to reduce reliance on external providers and promote open source technologies. Despite skepticism about whether a state-driven initiative can foster open and collaborative software development, the EU's decision is one of the largest sovereignty-focused initiatives ever undertaken by the organization. The IPCEI-CIS project offers an alternative model based on leveraging European open source for mobilizing the many technological and innovation capabilities in the continent and creating together a Next-Generation European Platform for the Datacenter-Cloud-Edge Continuum. This powerful “made in EU” alternative will offer vendor neutrality and a sustainable future based on global collaboration, but fully aligned with the values and priorities of the European Union. In this presentation, we will discuss the challenges and opportunities that this project presents to citizens and developers, and how it will redefine the way we produce open source software in Europe.

SBOMs are a crucial tool for understanding the composition of software, which is particularly important in the context of managing security risks and licensing compliance. Recent regulatory efforts from, among others, the US and the EU, explicitly move towards requiring SBOM for each software delivery. SPDX (System Package Data Exchange) is a freely available ISO standard that provides a set of specifications for communicating SBOM information. It offers a common format for companies and organizations to share important data accurately and efficiently. This presentation will delve into the details of the newly released version of SPDX, providing a comprehensive understanding of their importance in the software industry.

As modern platforms integrate an increasing array of tools, so too grows the complexity of software dependencies within your codebase. While mainstream dependencies like Docker images, Terraform and NPM packages are well-covered by existing solutions, what about the myriad obscure or custom tooling, perhaps even manually installed binaries lurking in your Dockerfiles? In this session, we'll unveil an Open Source solution designed to systematically extract data from diverse toolsets. Learn how to effectively catalog, track, and maintain these dependencies, eliminating blind spots and ensuring robustness in your development workflow.

“Everything is a file” or, more precisely, “Everything is a file descriptor”: this statement alone shows the importance of the storage stack under Linux. To ensure that data can be accessed reliably and efficiently regardless of the selected file system and the actual physical storage location, numerous layers in the Linux kernel interlock seamlessly: Virtual File System (VFS), page cache, block layer with different I/O schedulers, so-called “stackable devices” such as device mappers and drivers are the most important components involved. Using the “Linux Storage Stack Diagram”, Werner explains this architecture clearly with the help of several concrete examples. He explains the different areas of the VFS (block-based, network, stackable, pseudo and special purpose file systems) and also goes into detail about the functionality and application areas of various file systems such as ext4 or btrfs. Werner then shows how the resulting BIOs (block I/Os) are processed by the block layer and I/O schedulers (and optionally via stacked devices) before they finally reach the device drivers and physical storage devices. Join this talk and understand how storage works in Linux :-)

In an era where technology increasingly influences every aspect of society, the potential for open source software to serve public interests and empower nonprofit organizations is immense. Yet, despite its transformative promise, the intersection of open source and the nonprofit sector remains underexplored and underutilized, particularly in projects aimed at public welfare beyond the tech community. I'll delve into the untapped synergy between open source initiatives and nonprofit organizations, exploring pathways for adoption, community support, funding, and sustainable growth. I will demystify the process of integrating open source solutions within nonprofit projects, highlighting practical strategies for organizations to not only adopt technology but also to contribute back to the open source ecosystem. I will also explore case studies of successful nonprofit open source projects, identifying key factors that contributed to their sustainability and impact. Finally, and possibly most importantly I'll explain about securing funding and support for open source projects focused on the public good, as well as partnerships, and community-driven development opportunities.