Building Europe’s Public Digital Infrastructure
Securing the software supply chain for the public sector
January 31, 2026
5:30 PM – 5:55 PM Add to calendar
5:30 PM – 5:55 PM Add to calendar
AW1.120
<p>Attacks on the software supply chain are becoming increasingly common. Attackers are trying to access critical systems via the software supply chain. Such attacks can have serious consequences, particularly in the public sector.
In our talk, we will demonstrate how DevGuard, as an open-source vulnerability management project, helps ZenDiS by finding and closing vulnerabilities before the release of the software and deliver a toolchain for the hardening of base images.
DevGuard itself is an OWASP Incubator Project which is available via the openCode-DevGuard instance or as 100% open-source software on GitHub for community use.</p>
Additional information
| Live Stream | https://live.fosdem.org/watch/aw1120 |
|---|---|
| Type | devroom |
| Language | English |
More sessions
| 1/31/26 |
<p>Digital Public Infrastructure is needed for resilient societies in Europe, but not just there: All over the world, government and civil society offer digital services to their constituencies. And increasingly, they have become aware of the risks that come with using infrastructure owned by a few large companies under a jurisdiction that traditionally was not necessarily ranking their interests very high and these days have become rather unpredictable. The judges and employees of the ...
|
| 1/31/26 |
<p><b>Digital public products need sustainable vehicles</b></p> <p>https://www.publiccode.net/public-product-organizations</p> <p>For almost 10 years, the Foundation for Public Code has been working with public administrations and their partners to better develop public digital infrastructure together. Through many collaborations between cities., states, and other public institutions, we have come to realize that all projects that hope to become sustainable implementations in the context of the ...
|
| 1/31/26 |
<p>This roundtable will bring together FOSS product owners and governments to engage in a strategic discussion around two interrelated areas: 1) How to assess the technical maturity using the draft Universal Software Maturity Indicators (v0.1) https://github.com/DPGAlliance/CoP-Maturity-Indicators 20 How to assess institutional readiness of government to adopt, scale, and maintain FOSS projects in the context of Digital Public Infrastructure (DPI) </p> <p>The discussion will explore how these ...
|
| 1/31/26 |
<p>1 year ago, EU OS put out an architecture for a common Desktop Linux for the public sector. Since then, EU OS had many closed-room conversations with public servants from several member states and with various open source communities. EU OS also published a how-to for a DIY Proof-of-Concept (PoC). This talk explains briefly the vision and PoC of EU OS, gives a summary of the feedback received so far and formulates the public sector expectations on the underlying Linux distribution.</p>
|
| 1/31/26 |
<p>Across Europe, institutions are seeking credible, sovereign, open alternatives to proprietary cloud platforms. France’s public digital agency, DINUM, took a bold step in that direction by developing La Suite, a fully open-source service stack. What is unique is not only the openness of the code, but the ambition: that a public administration can edit and publish digital commons for the public good.</p> <p>But building a commons is only the first step. Ensuring long-term adoption, usability, ...
|
| 1/31/26 |
<p>In late 2023, DINUM (the French Interministerial Digital Directorate) set out to answer a simple question: How do you turn promising national open-source products into shared European products? Two years later, after 2 consortium projects, cross-border hackathons, and several experiments with EU funding mechanisms, we have accumulated a set of practical insights forged through coordination with other EU partners</p> <p>This talk offers an experience-based walkthrough of what worked, what ...
|
| 1/31/26 |
<p>While digital sovereignty is increasingly prompted on European and National levels, the urgency and risks implied have yet to reach the regional and local levels of government. Building robust public digital infrastructure and services on open source foundations have potential both in addressing risks while also providing a substantial economic up-side considering how public digital services are mirrored across regional and local borders. This talk shares insights from a cross-country, ...
|
