Navigating FOSS Compliance: Governance, Security, and Global Impact
Managers:
Prashant Singh Baghel - is an experienced professional specializing in Application security, Information security and Software Asset Management (SAM). Has a proven track record of helping organizations develop and implement comprehensive compliance and governance frameworks in alignment with industry standards.
- Gave expert talk on ASPM during OSI 2024
- Managed booth during OSI 2024
Anuj Pathekar - Experienced Application Security Consultant with a focus on FOSS compliance and AI, motivated to run the devroom to bridge gaps in open source licensing and application security.
Managed booth during OSI 2024
LakshmiTeja – is an experienced Application Security Consultant with FOSS compliance and governance, worked with clients to setup their OSS databases to automate the Compliance processes in alignment with Industry standards.
- Presented talk on AI generated Code and its compliance during FOSSUNITED June 2024
- Presented talk on SBOMs during FOSSUNITED India 2024 event
- Managed booth during OSI 2024
Number of volunteers requested for the devroom – 2
Welcome and Introduction:
Welcome to our devroom dedicated to exploring the critical aspects of FOSS compliance, governance, and the evolving regulatory landscape impacting open-source software globally. In this session, we aim to bridge the gap between FOSS development and compliance, emphasizing the importance of robust governance frameworks like OSPOs, Software Bill of Materials (SBOMs), Application Security Posture Management (ASPM), and addressing the integration of AI-generated code into proprietary systems while ensuring FOSS compliance.
proof of feasibility:
The overarching theme of this devroom is to foster collaboration among OSPOs, developers, compliance experts, and policy makers. We’ll explore:
- Collaborative strategies to enhance OSS sustainability and security across diverse global contexts.
- Demonstrations of state-of-the-art Software Composition Analysis (SCA) tools, OSS security solutions, and Application Security Posture Management (ASPM) platforms.
- Panel discussions on the dual importance of FOSS compliance—from licensing requirements to security protocols—and the impact of regulations such as CRA, EU Cyber Resilience Act, and US Executive Orders on international code distribution.
- The pivotal role of SBOMs in bolstering transparency and regulatory adherence within OSS projects.
- Ethical considerations, pros, and cons of integrating AI-generated code into proprietary systems within FOSS environments, and best practices in AI deployment that align with FOSS compliance standards.
Objective:
Our goal is to create a platform where contributors, policy makers, compliance teams, and stakeholders across the FOSS community can exchange insights, share experiences, and gain awareness of global regulatory shifts affecting FOSS. Together, we’ll foster a deeper understanding of compliance challenges and opportunities, paving the way for a more cohesive and informed approach to navigating the dynamic world of open-source governance.
Scope of CFP:
We invite submissions for presentations and panel discussions at our devroom dedicated to exploring the intersection of FOSS compliance, governance, and the integration of AI within open-source ecosystems. This session aims to delve into practical strategies, emerging trends, and regulatory impacts affecting FOSS communities globally.
Key Topics:
- FOSS Compliance and Governance
- AI Integration in FOSS
- Security and Application Posture Management (ASPM)
- Regulatory Landscape and Compliance Challenges
We’re open to all kinds of sessions—whether it’s a talk, hands-on workshop, live tool demo, or even a panel discussion. If your idea connects with FOSS compliance, security, governance, or how AI is changing the game, we’d love to hear from you!