Wow it has been a busy time for security vulnerabilities. FOSS4G software is getting caught up in the general push to regulate IT and impose “security” on the technology that powers society.

This talk explores the tensions, expectations, terrors and triumphs on this hot button topic. We will look at a sensible response to Europe's Cyber Resilience Act and how GeoSever and GeoNetwork policies have been updated to address these concerns for developers, participating organizations and members of the public.

This talk unpacks what this can look like for foss4g projects using real world examples.

• Built around the experience of the GeoServer project, and the resulting security policy and practices that can serve as a template for our foss4g community.
• Public institutions can attend this talk to learn how their security policies interact with and affect foss4g technologies.
• Vendors and service providers can learn how open source supply chains affect their products.
• FOSS4G projects can attend to learn how to approach security reports with compassion, and a bit of boundary setting, to take care of your codebase and community.

Security is difficult with consequences being felt at all levels. Help meet this challenge by supporting yourself and each other.