Loading…
25-27, August 2025
Amsterdam, Netherlands
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time, CEST (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right. 

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
Type: OpenGovCon clear filter
arrow_back View All Dates
Tuesday, August 26
 

11:00 CEST

Sometimes Sequels Are Good: CISA’s Update To the 2021 NTIA SBOM Minimum Elements - Victoria Ontiveros, CISA
Tuesday August 26, 2025 11:00 - 11:40 CEST
G105
Software Bills of Materials (SBOM) have started strong, but there’s still more to say about our software. The 2021 Minimum Elements have served as a common specification for implementation around the world but, as many have noted, they are a bit dated. The Cybersecurity and Infrastructure Security Agency (CISA) has drafted an updated “Minimum Elements for a Software Bill of Materials (SBOM).”

This presentation will provide an overview of the draft 2025 CISA SBOM Minimum Elements and explain the factors that influenced the decisions behind the proposed updates. After reviewing the context of the 2021 NTIA Minimum Elements, the presentation will summarize the changes CISA has observed in the SBOM landscape since 2021 and provide an overview of the draft CISA Minimum Elements, noting how the proposed updates fit in with other regulations and guidance around the world. Finally, the presentation will explain key decisions made in the development of the updated Minimum Elements, closing with a PSA on how the community can share their thoughts and suggestions with CISA. The presentation will conclude with time for questions and discussion.
Speakers
avatar for Victoria Ontiveros

Victoria Ontiveros

Program Manager, Software Bill of Materials (SBOM) & Open Source Software (OSS) Security, CISA
Victoria Ontiveros is the program manager for Software Bill of Materials (SBOM) and Open Source Software (OSS) at the Cybersecurity and Infrastructure Security Agency (CISA). When she's not collaborating with interagency, industry, and international partners on SBOM and OSS initiatives... Read More →
Tuesday August 26, 2025 11:00 - 11:40 CEST
G105
  OpenGovCon

11:55 CEST

Adventures of Building a Platform as a Service for the Government - Hans Kristian Flaatten, Norwegian Government & Audun Fauchald Strand, Nav
Tuesday August 26, 2025 11:55 - 12:35 CEST
G105
Who said that Government Tech has to be boring? In Norway the largest administration has been using Kubernetes for over 7 years! StatefulSets had just been introduced (alpha) and RBAC was still in beta. During this time we moved from quarterly releases to thousands of continuous releases each week across our fleet of cloud native applications!

Could we replicate the success we had at NAV for other agencies? Could we provide them with a fully managed platform as a service to let them focus on building new and innovative services for their users and not reinventing the wheel by building yet another platform?

In this session Audun and Hans Kristian will share their experience building and operating one of the largest platforms of its kind in Norway providing a fully fledged application development platform for more than a 100 product teams. And how they set an ambitious goal of being able to provide their platform as a service to other agencies.
Speakers
avatar for Hans Kristian Flaatten

Hans Kristian Flaatten

Platform Engineer, Norwegian Government
CNCF Abassasor, Google Developer Expert (GDE) for Cloud, Grafana Champion and Platform Engineer at the Norwegian Labor and Welfare Administration (NAV) working on NAIS - a platform built to increase development speed by providing the best experience to build, run and operate appl... Read More →
avatar for Audun Fauchald Strand

Audun Fauchald Strand

Priincipal Engineer, Nav
Principal Engineer at NAV. Worked for FINN.no before that. Loves to increase developer speed and make developers happy.
Tuesday August 26, 2025 11:55 - 12:35 CEST
G105
  OpenGovCon

14:10 CEST

Rebooting the Republic: OS Operating Systems for Governments - Alexander Smolianitski, Zentrum Digitale Souveränität
Tuesday August 26, 2025 14:10 - 14:50 CEST
G105
What does it take to switch an entire public sector workspace to open source, including backend services and operating system? Backend services are deeply integrated with the IT architecture of the German public sector, making them challenging to replace. A recent feasibility study undertaken by the German Centre for Digital Sovereignty (ZenDiS) has investigated the legal, economic, and technical viability of replacing proprietary operating systems and backend services with open source alternatives in government agencies. Additionally, the study has explored the possibility of adopting an "ultramobile-first" strategy, where smartphones and tablets with OS operating systems, such as Android, are used as primary devices, and specialised applications are accessed through web browsers. The talk will discuss the findings of the study and the potential implications for the introduction of OS operating systems in the German public sector.
Speakers
avatar for Alexander Smolianitski

Alexander Smolianitski

Head of Open Source Products, Zentrum Digitale Souveränität
Alexander Smolianitski heads the product development department at ZenDiS, bringing a combination of technical expertise and administrative know-how to the table. His professional career spans from a renowned PR agency to a startup of his own, and ultimately to the position of Chief... Read More →
Tuesday August 26, 2025 14:10 - 14:50 CEST
G105
  OpenGovCon

15:05 CEST

Navigating Compliance: What Developers Can Learn From Driving - Kadi McKean & Charlie Jones, ReversingLabs
Tuesday August 26, 2025 15:05 - 15:45 CEST
G105
When driving on a highway, you have to follow the rules of the road—some apply to everyone, while others only apply to commercial drivers. Open source maintainers and software publishers face a similar divide regarding regulatory compliance.

While software manufacturers must meet extensive legal and security obligations, open source maintainers often assume these regulations do not apply directly to them—but do they? In this talk, we’ll separate fact from fiction by breaking down what rules like the EU Cyber Resilience Act require from maintainers versus software vendors.

We’ll explore the limited enforceable obligations for open source projects, including secure development policies and vulnerability reporting, and discuss when (if ever) these rules impact maintainers. By understanding these distinctions, open source contributors can make informed decisions about risk, responsibility, and collaboration with commercial software teams—without unnecessary compliance burdens.
Speakers
avatar for Kadi McKean

Kadi McKean

Community Manager, ReversingLabs
Kadi is passionate about the DevOps / DevSecOps community since her days of working with COBOL development and Mainframe solutions. At ReversingLabs she collaborates with developers and security researchers to help entities prioritize their open source risk, reduce technical debt... Read More →
avatar for Charlie Jones

Charlie Jones

Director of Product Management, ReversingLabs
Charlie is a Software Assurance Evangelist with 7 years of experience in providing strategy and transformation services for cyber security, third party risk, and IT audit programmes of both Fortune and FTSE 100 companies across all 3 lines of defence. Charlie specializes in helping... Read More →
Tuesday August 26, 2025 15:05 - 15:45 CEST
G105
  OpenGovCon

16:20 CEST

Open Source Is a Sewer - Powen Shiah, Sovereign Tech Agency
Tuesday August 26, 2025 16:20 - 17:00 CEST
G105
Who maintains the software components everyone uses? Without open source libraries, protocols & tools, the world would grind to a halt. When it comes to sewers, roads & bridges, the government pays. For bits & bytes? There's a German phrase: digitale Daseinsvorsorge.

Who builds and maintains the sewers under our feet? The government! The same goes for the trains we ride and the roads we walk on. When we ask these questions about the basic components that underpin our world's digital infrastructure, the answer is very different. It's Daniel for curl, Piotr, Christian & Volkan for Log4j, a small team for Fortran, Sarah for Nominatim, Richard at Yocto and countless other maintainers.

At a time when software is eating the world, these foundations are terrifyingly precarious. We hope we're paying the right people to do the critical work of maintaining/securing these systems. Is it possible for governments & nations to help secure this public digital commons without running roughshod over the sprawling ecosystem of FOSS communities that created it?

As governments provide education, clean water and transport in the public interest, they can invest in digital services and open source.
Speakers
avatar for Powen Shiah

Powen Shiah

Communications Lead, Sovereign Tech Agency
Powen handles communications at the Sovereign Tech Fund, highlighting the importance of open source digital infrastructure and the government's role in supporting it in the public interest. He’s worked in product marketing, communications, and internationalization in technology... Read More →
Tuesday August 26, 2025 16:20 - 17:00 CEST
G105
  OpenGovCon
 
  • Filter By Date
    Aug 24 - 28, 2025
  • Filter By Venue
    Amsterdam, Netherlands
    All
    Auditorium
    D201
    D202
    D203
    D204
    D406 (Elicium Level 4)
    Diamond Lounge
    Elicium 1
    Elicium 2
    Emerald Room
    First Floor Restaurant
    G001-002
    G102-103
    G104
    G105
    G106
    G107
    G109
    Hotel nHow Amsterdam RAI
    Meeting Room Vanilla - Hotel nHow Amsterdam RAI
    RAI Amsterdam
    TBA
  • Filter By Type
    Cloud & Containers
    Co-Located Events
    Digital Trust
    Embedded Linux Conference
    Equity + Inclusion + Accessibility
    Keynote Sessions
    Linux
    Open Source 101
    Open Source Leadership
    OpenGovCon
    Operations Management
    OSPOCon
    Project Mini-Summits
    Safety-critical Software
    Special Events / Exhibits / Breaks
    Standards & Specifications
    Technical Documentation
    Wildcard
    Zephyr Developer Summit
  • Audience Experience Level
    Advanced
    Any
    Beginner
    Intermediate
  • Timezone
Need help? View Support Guides
Event questions? Contact Event Planner
©2025 Sched About Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Sunday, August 24
Monday, August 25
Tuesday, August 26
Wednesday, August 27
Thursday, August 28
Auditorium
D201
D202
D203
D204
D406 (Elicium Level 4)
Diamond Lounge
Elicium 1
Elicium 2
Emerald Room
First Floor Restaurant
G001-002
G102-103
G104
G105
G106
G107
G109
Hotel nHow Amsterdam RAI
Meeting Room Vanilla - Hotel nHow Amsterdam RAI
RAI Amsterdam
TBA
  • Cloud & Containers
  • Co-Located Events
  • Digital Trust
  • Embedded Linux Conference
  • Equity + Inclusion + Accessibility
  • Keynote Sessions
  • Linux
  • Open Source 101
  • Open Source Leadership
  • OpenGovCon
  • Operations Management
  • OSPOCon
  • Project Mini-Summits
  • Safety-critical Software
  • Special Events / Exhibits / Breaks
  • Standards & Specifications
  • Technical Documentation
  • Wildcard
  • Zephyr Developer Summit
  • Audience Experience Level
  • Advanced
  • Any
  • Beginner
  • Intermediate