The open source community has been abuzz for the past two years about European governance in open source software. From casual meetups to professional conferences, the implication of government funding and regulation of the free-use software sector has resulted in heavily debated discourse around the legal, financial, societal, and functional changes possible with the introduction of billions of euros and sanctions to the field.
Open Forum Europe (OFE), along with the European Institute and Fraunhofer ISI, recently wrote and published a document called “Funding Europe’s Open Digital Infrastructure”. This body of work functions as a feasibility study for the creation and implementation of a European Sovereign Tech Fund (EU-STF). OSTIF Executive Director Derek Zimmer contributed as a beta reader and editor, joining many other figures in the space in offering their perspectives on how to best coalesce and direct politicians and entrepreneurs into an open space which has historically been suspicious of those entities.
Quoting the work directly from page 35: “The Open Source Technology Improvement Fund (OSTIF) offers a compelling model for how targeted funding can directly strengthen the security and maintenance of critical open source technologies from a security perspective.” Our body of work, which numbers thousands of hours of security research, several hundreds of fixed findings with security impact, and 135 critical or high severity findings, illustrates the efficacy of an experienced third party’s involvement in the process of sourcing and managing security audits. The German Sovereign Tech Agency recognized this early in their formation, and brought us on as a part of their Bug Resilience Program as a trusted and preferred audit program. Through this partnership, OSTIF has drawn closer to European sovereign funding and political impact and as a result, been contacted for comments and recommendations for the formation of a EU-STF.
We at OSTIF believe wholeheartedly that the creation and correct direction of a flow of funding for open source infrastructure through the EU-STF would be a great start in fortifying open infrastructure for current and future generations. Security is a proactive application- the best time to start securing and protecting open source was yesterday. By funding a EU-STF, Europe will plant a stake in the timeline of open source that can change digital reliance in perpetuity.
Everyone around the world depends on open source software. If you’re interested in financially supporting this critical work, email us.
OSTIF is celebrating our 10 year anniversary! Join us for a meetup about our work, lessons learned, and where we see the future of open source security going by following our meetup calendar https://lu.ma/ostif-meetups