If you were waiting to sign up to attend Upstream, our one-day, virtual event bringing together open source maintainers and those who use their creations, until the speakers were announced, today’s the day. The Upstream agenda is live. 🎉 If you haven't already marked June 5, 2024 on your calendars, you should do it now! RSVP here. ✅
This year our theme is unusual ideas to solve the usual problems. By “the usual problems,” we mean the health and security of open source, which last we checked was still not a solved problem. By “unusual ideas,” we mean who are the people out there exploring the most interesting and unusual ways to make the open source software we all rely on more healthy, secure, and resilient?
Come prepared to hear some exciting new ideas, because we have them lined up for you. Here’s a taste:
- Luis Villa, Tidelift co-founder and general counsel, will use his opening talk to set up this year’s theme. He’ll make the case that our current way of "fixing" open source health and security is simply not working, and he’ll introduce some of the new ideas we’ll be hearing more about through the course of the day.
- Frank Nagle, assistant professor at Harvard Business School, will sit down with Luis, in our first fireside chat of the day, to discuss a recent paper Frank co-authored where he estimated the value of the world’s open source infrastructure at $8.8 trillion dollars.
- Aeva Black and Jack Cable, from CISA (the U.S. Cybersecurity Infrastructure and Security Agency; and the only government agency that cares so much about security they put it in their name twice!), will sit down with Tidelift CEO and co-founder Donald Fischer to discuss the industry-wide effort they are leading to make security by design a core business requirement in products versus an aftermarket technical feature.
- Vincent Danen, VP of Product Security at Red Hat, will join Donald to make the case that our current system of patch management is in desperate need of a revolution (and he’ll share what a better approach focused on risk mitigation might look like).
- Aisha Gautreau, OSPO lead at a large Canadian telecommunications company, will sit down with Tidelift VP of product, Lauren Hanford, to share the journey of building an open source program office and what advantages it has created for them so far.
- Tosha Ellison and Gabriele Columbro of FINOS (the Fintech Open Source Foundation) will join John Mark Walker, director of the OSPO at Fannie Mae, and Donald Fischer to chat about what financial services organizations are doing to improve open source security and invest in the open source they depend on, while sharing advice and strategies that all organizations in all industries can use to inform their own work.
- Fiona Krakenbürger from the Sovereign Tech Fund and Mirko Boehm from the Linux Foundation Europe will sit down with Luis Villa to discuss the impending CRA legislation in the EU (the biggest government proverbial "stick" to date) and the Sovereign Tech Fund’s "carrot" approach to funding open security.
- James Berthoty, CEO of Latio Tech and security engineer at PagerDuty, will go over how to get CVEs out of GitHub Issues and why it’s frustrating for compliance teams and maintainters both.
- Tatu Saloranta of jackson-databind, Wesley Beary, who maintains popular Ruby projects fog and excon, Irina Nazarova of Evil Martians, and Valeri Karpov, from Mongoose, make up our maintainer panel this year and will discuss the state of life as an open source maintainer in 2024.
- Andrey Sitnik, front-end principal at Evil Martians, will give insights on how to make your open source project popular from his 15 years of making open source tools, some a success with others a failure.
- Rachel Stephens, senior industry analyst at RedMonk, Shaun Martin, IT and security management consulting principal at BlackIce, Josh Bressers, VP of security at Anchore, Jordan Harband, principal open source architect at HeroDevs, and Terrence Fletcher, product security engineer at Boeing, will join Tidelift VP of product, Lauren Hanford, to discuss how the xz utils backdoor hack has changed the landscape of open source software supply chain security.
This agenda is 🔥 You don't want to miss out. Register for this free, one-day virtual event here.