12-04, 17:45–18:15 (America/Belem), Room III
Wow it has been a busy year for security vulnerabilities. While FOSS4G software is unlikely to result in global “blue screen of death” outages - we are getting caught up in the general push to regulate IT and impose “security” on the technology that powers society.
This talk unpacks what this can look like for foss4g projects using real world examples.
- Built around the experience of the GeoServer project, and the resulting security policy and practices that can serve as a template for our foss4g community.
- Public institutions can attend this talk to learn how their security policies interact with and affect foss4g technologies.
- Vendors and service providers can learn how open source supply chains affect their products.
- FOSS4G projects can attend to learn how to approach security reports with compassion, and a bit of boundary setting, to take care of your codebase and community.
This talk explores the tensions, expectations, terrors and triumphs on this hot button topic.
Iván has been a web developer and FLOSS advocate since the early 2000s; then he bought a GPS receiver and got involved in OpenStreetMap and OSGeo. He’s worked with nautical charts, indoor positioning, USB microcontrollers, LibreOffice, multispectral rasters, all of it with unhealthy amounts of Javascript.
Jody Garnett is an open source developer and advocate working with GeoCat Canada. He has over 20 years experience consulting, training, building solutions, and guiding technology development. Jody is on the steering committee for the GeoServer, GeoTools, and JTS Topology Suite projects, and volunteers as chair of the OSGeo Incubation Committee.