Reflection by Communications, Operations, and Community Manager Helen Woeste
Amir, Derek, and I joined a few thousand open source community members in Amsterdam for the Open Source Summit EU and attached OpenSSF Community Day. While Derek and Amir are no strangers to conferences, this was only my second OS Summit (and my first where there wasn’t a historic weather event simultaneously occurring). In this reflection, I’m going to break down a timeline of our sentiments, goals, and connections to provide some insight into our mindset before, during, and after the conference.
Before:
We’ve had an incredibly productive and busy first half of our year. Amir and Derek attended Denver’s Open Source Summit earlier this summer, and from that conference were able to generate potentially more work on behalf of open source security, which meant we had high hopes going into this conference that we could solidify and manifest more funding from EU based sources. While balancing future and ongoing audit demands, Derek and Amir developed proposal ideas for engagements OSTIF could carry out the rest of 2025 to share with funders and projects. We were excited to see long-time friend of OSTIF Leslie Hawthorn of Red Hat, meet more OpenSSF collaborators like Kairo de Arujo from RSTUF, Eric Sesterhenn from X41 D-Sec, Ben Cotton from Kusari, and the usual LF conference crowd. Eager to share our wins, questions, and auditing lessons with our friends and colleagues, we planned a trip to Amsterdam during our weekly in-person meetings.
In honor of our 10th anniversary we designed new OSTIF shirts, so we made sure to stuff as many as we could in our carry-ons to distribute out. Amir and Helen attended a mutual friend’s wedding the night before our flight, so excitement was high on Sunday evening (as well as our melatonin levels).
During:
Our plane touched down Monday morning right in the middle of Gabriele’s keynote, so we took a few hours before making it over to RAI, where the summit was being held. Immediately after arriving, we saw Leslie and our conference experience was off to a rollicking start.
Energy was high in the conference center- lots of laptops out, side conversations were happening, and folks were eager to hear about any given open source project. We were able to have some scheduled and expected conversations, as well as a number of spontaneous ones. With breakout rooms being across the courtyard from the main conference room, we got plenty of steps in every day, which made the city’s incredible food taste all the better.
Conferencing is a delicate balance between rest, socialization, and sometimes aggressive participation in a giant shifting kaleidoscope. With three of us, we’re able to fill in and support each other as we cover each other’s weaknesses and enforce each other’s strengths. That means prioritizing what each of our goals is, sometimes just within the next hour of time, and sharing with each other so we can try our best to generate them as a team.
After:
OSTIF’s “To-Do” list is now looking very full and exciting. We went from being a firm executing 5-8 audits a year to now 25+ engagements across a variety of sectors in a few short years, and while folks recognize our name (whether you say OH-STIF or AW-STIF) we still have a lot to do to raise our profile with the average community member. While attending conferences is key to meeting individuals in person, we’re also working on ways to connect virtually through venues like our social media, online meetups, and chatrooms.
Not only do we want to raise our profile with maintainers and ingratiate on an individual level with the community, we’re also workshopping ways to engage more directly with funders and foundations to create programs and security outcomes for projects. Our mission focuses solely on open source projects, however we understand that associating and collaborating more deeply with the organizations that believe in our work is also a key part of reinforcing the OSTIF bridge between funding and security outcomes.
Derek is now back at home, while Amir and I are headed to Aachen in Germany for the LF Energy Summit this week. We’re enjoying our time in the European late summer, he in France and I in Germany, working out of cafes and suffering from lack of climatization. As much as I know I’ll be sad when this trip ends, I know all of us at OSTIF are looking forward to what the rest of this year will bring for open source security and that we will point to this trip as a huge part of that.