2025-10-01 –, CyberSecurity
Open source software is the foundation of modern technology, yet many corporations treat it as a free resource rather than a critical supply chain component. New legislation, like EU’s Cyber Resilience Act, is going to change that. This session will explore the risks that arise from this passive approach and propose a new model: one where corporations transition from being mere consumers to active stewards of the open source ecosystem. We have heard from numerous companies that they need new standards in this area.
This talk is a summary of those ongoing conversations and an invitation for others to join in this crucial effort. We will outline a framework for building new internal processes and advocating for an industry-wide standard on open source sustainability. Attendees will learn how to go beyond basic vulnerability detection and proactively assess the long-term health of the projects they depend on, informing a new kind of risk management.
The session will cover how to identify and measure key indicators of project health and community vibrancy, moving beyond reactive risk management to a proactive approach. We'll provide practical steps for mapping open source dependencies and integrating sustainability metrics into a company's risk management framework. By the end of this session, attendees will have a clear call to action and a roadmap for becoming proactive contributors to the health of the open source ecosystem, thereby mitigating risk and securing their own technological future.
Miguel Ángel is a Data Scientist passionate about the open-source ecosystem and a contributor to the CHAOSS project. He is currently working at Bitergia as a Senior Data Analyst, and previously worked for the LibreSoft research team from Rey Juan Carlos University.