Open source software is the foundation of modern technology, yet many corporations treat it as a free resource rather than a critical supply chain component. New legislation, like EU’s Cyber Resilience Act, is going to change that. This session will explore the risks that arise from this passive approach and propose a new model: one where corporations transition from being mere consumers to active stewards of the open source ecosystem. We have heard from numerous companies that they need new standards in this area.

This talk is a summary of those ongoing conversations and an invitation for others to join in this crucial effort. We will outline a framework for building new internal processes and advocating for an industry-wide standard on open source sustainability. Attendees will learn how to go beyond basic vulnerability detection and proactively assess the long-term health of the projects they depend on, informing a new kind of risk management.