FOSS Security Campus, a new event focusing on IT security in the FOSS and open source sector will take place in Berlin, September 26-29th, 2023 for the first time. Topics include Open Source Supply Chains, Security Processes, Vulnerability Disclosure, Bug Bounties, Security by Design, Risk Mitigation and much more.

FOSS Security Campus comprises of two days of full-day and multi-day training courses, followed by a two day conference.

FOSS Security Campus is looking for talks on:

OSS Security Processes – best practices for handling security vulnerabilities for OSS projects, share your experience and expertise with fellow OSS teams.
My OSS Supply Chain – By their very license OSS comes without warranty. Still in the past „all bugs are shallow given enough eyes“ has proven true.
Tell OSS users how to learn more about the projects their businesses rely on. What to look for when searching for security process documentation? What are warning signs for risky dependencies in terms of security process, but also in terms of long term sustainability?
Explain to OSS users what best practices for identifying used components look like.
Tell downstream users more about common security communication patterns in Open Source: Where to send security reports, which response times to expect, where to look for vulnerability fix disclosures.
Tell us all the good, the bad and the ugly about bug bounties, zero days and all issues you ran into with such programs.
Tell more about the patterns you think every developer should now about security by design. What are the biggest flaws you found in the past? What are places that are prone to errors?
Open Source and Security audits? A contradiction or a perfect match?

The list is not complete and we are always happy about new and unique submissions.