Skip to main content

OSPO OnRamp

OSPO OnRamp

The OSPO OnRamp meeting series provides a low-threshold entry point for organisations that want to exchange and learn about the basics on how to set up an Open Source Program Office and get started into open source.

The 90 minute meeting is planned in a monthly cadence and will mainly consist of two parts.

In the first part an invited presenter will share experiences, lessons learned and other cool stuff. We plan to record this part of the meeting and to upload the recording later at the OSPO OnRamp website for later reference. This way we hope to gather and retain valuable information for the community.

In the second part of the meeting we would like to provide a trustful and protected environment where all participants can openly share and discuss their challenges, problems or other actual topics around establishing Open Source in their respective organisations. This part of the meeting will be held according to the Chatham House Rules. Therefore there will be no recording of this part of the meeting.

Next meetings

Meeting will be scheduled for every third Friday of the month from 10:30-12:00.

We provide an ICS calendar file to easily import the meeting dates in any agenda.

  • Date: Friday, January 20th, 10:30-12:00 CET
    Speakers: Mikael Barbero - Eclipse Head of Security (Eclipse Foundation Europe).
    Agenda: Open Source Software Supply Chain Security — Why does it matters?
    There is an awakening in the industry about the fact that Open Source is everywhere and that its supply chain is now the easiest way to create increasingly public, disruptive, and costly attacks. We have yet to see the cost and fallouts of the SolarWinds cyberattack or the Log4j vulnerability.

    Software supply chain, and more specifically the supply chain of open source software can be attacked at every links. The attacks we are talking about are, but not limited to: unpatched software vulnerabilites, 0-days, typo-squatting, dependency confusion, impersonation, hypocrite commits, compromision of code repositories, build servers, or package mirrors.

    During this talk, we will review the various threats targeting the Open Source Software Supply Chain that could lead to the attacks listed above. We will also give an overview of the industry current best practices and the risk mitigation frameworks that emerge. All along the talk, we will provide the audience with some key tips and tricks how to secure the supply chain of their Open Source Software and what the Eclipse Foundation is doing to help the Eclipse Projects with those issues..

  • Date: Friday, February 17th, 10:30-12:00 CET
    Speakers: Gabriel Ku Wei Bin (FSFE Legal Coordinator).
    Agenda: FSFE’s Legal Network and its Legal and Licensing Workshop (LLW)
    Gabriel Ku Wei Bin is a Senior Legal Project Manager at the FSFE. Originally from Singapore, Gabriel is a former human rights and constitutional law researcher, as well as a former commercial lawyer. At the FSFE, Gabriel manages the FSFE’s legal projects, including its involvement in a number of European Commission funded projects and FSFE’s Legal Network of lawyers around the world involved in Free Software.

    The Free Software Foundation Europe (FSFE) manages a Legal Network of experts in different fields involved in Free Software legal issues. Withover 400 members from different legal systems, academic backgrounds, and affiliations around the world, its aim is to promote discussion and foster better knowledge of the legal constructs that back Free Software. This talk will discuss how the Legal Network has promoted and sped up recent developments in the legal field relating to Free Software, as well as touch on affiliated events that the FSFE organizes for the Network, including its annual conference.

🌐 Link to meeting - click to join (🚨 Please note that this is a new web link starting 2023)

Previous meetings

You can find all available recordings and available content from the previous meetings here.

Mailing list

All news, infos and updates will be shared on the OSPO OnRamp mailing list.

Please subscribe at https://framalistes.org/sympa/info/ospo.onramp.

Meeting topics

We would love to see topic proposals for the meeting via the maillinglist. The following list can be seen as starting point, which we will extend based on the community input:

  • How to select the “right” open source project for adoption and contributions.
  • How to identity sustainable, secure open source projects with respect also to processes and documentation.
  • How to attract/raise interest of the C-Level management for a dedicated Open Source strategy.
  • How to ease the formal “entry barriers” for developers to join open source activities.
  • How to engage with the Open Source community as a company.

We don’t plan to establish a formal voting process but confirming interest into proposed projects via the mailing list will help us to identify the most relevant topics for the community.

Initially we will reach out to the OSPO Zone network to identify speakers, who are willing to share insights from their perspective, but mid- to long-term we hope that the community itself will identify the right speakers for upcoming meetings.

Additional Resources

Resources coming from different Open Source and/or OSPO communities and Open Source professionals to help people advance in their open source journey.

Guides and books:

Back to the top