Log4Shell - The Open Source World on Fire or Why Open Source Security depends on the Funding of Software Maintenance
03-18, 16:00–16:30 (Europe/Berlin), Stage 2

The German government has a proposal on it's desk, written by Adriana Groh, Katharina Meyer, Fiona Krakenbürger, Eileen Wagner and with some contribution by Thomas Fricke.
It contains the setup of a fund, starting with 10 Mio € per year to organize the support of Open Source projects, which are well staffed in coding, however, need support in security and all the accompanying processes. When the proposal was written, it was very soon clear that many Open Source projects were needing support. Security Audits, when done not regularly, produce a lot of findings. Maintenance of older versions still in production, developers supporting 435.000 packages as a part time job are quite common. Malicious packages need to be filtered. Maintainers are sometimes close to a burn out.

Therefore, it was no surprise that something would happen, but it was not clear when and where the point of impact would be. In December 2021 the Log4Shell bug caused major damages nearly everywhere, and the first time the blast radius of a bug reached Mars, causing damages of several 1000 Millions.

How can we prevent events like this in the future? How can we leverage the amount of 10 Mio € to the substantial sum.

What needs to change?

Kubernetes Security Architect

System Automation

Aligning Industrial Companies to Clouds, Agility, Open Source, Automation


Cloud, Database and Software Architect

K8S since September 2015

Kubernetes Security Meetup Berlin

German Articles on K8Sec at Heise


Member of
Octarine Technical Advisory Board (no VMWare), AG Kritis, Gaia X

Several boards supporting Digital Sovereignty for the EU and Germany


Partner Endocode, Member of the Advisory Board, former CTO