Speakers and attendees will be welcomed to the OFA Symposium 2025 during this time, during which coffee and light refreshments will be provided and participants can get settled in to the event.

Opening remarks for the day will be provided by OpenForum Europe (OFE) and the team at FGV Rio. Participants will be welcomed to the event and the events of the next day will be previewed in some depth.

Geopolitical competition over technologies and their underlying infrastructures has intensified in recent years, yet its impact on international collaboration in open technology ecosystems remains under-examined. As governments increasingly frame technological capabilities as matters of digital sovereignty, do geopolitical tensions strengthen or fragment participation in such ecosystems as governments and/or enterprises seek alternatives to proprietary systems controlled by geopolitical rivals? This paper examines this question through an exploratory case study on RISC-V, a royalty-free Instruction Set Architecture (ISA) that emerged as an academic project at UC Berkeley focused on building an alternative to proprietary processor designs. Now hosted by the RISC-V Foundation under the Linux Foundation, RISC-V has become a strategically significant open standard for governments and industry alike, as demand grows for specialized processors in AI, IoT, and high-performance computing.

Using a multilevel framework, this paper investigates whether and how key geopolitical events and tensions have affected RISC-V’s governance structures (meso level) and contributors’ incentives and behaviors (micro level). It employs a mixed-methods approach, combining (1) desk research of governance changes; (2) a quantitative analysis of the relationship between contribution patterns and both governance and geopolitical developments; and (3) semi-structured interviews with RISC-V Foundation staff and contributors from the US, China, and the EU. This analysis makes both empirical and practical contributions to discussions about the strategic significance of open standards in an era of intensifying geopolitical competition in technologies and their underlying infrastructures.

Today, a timely and critical debate is emerging on governments’ role in governing free and open-source software (FOSS) cybersecurity. Often, they have centred FOSS as a tool for ‘digital sovereignty,’ driving competition, innovation and interoperability. Budgets, policies and regulations are shifting, whether mainstreaming FOSS or institutional experimentation. China has embedded FOSS within its Five-Year Plan. The EU’s Cyber Resilience Act introduces the novel category of ‘FOSS stewards.’ Highlighting the successes of Germany’s Sovereign Tech Agency, advocates seek an EU-wide fund for FOSS maintenance.

Encouraging an evidence-based approach for policy development and digital diplomacy, this ongoing research undertakes a ‘big picture’ comparative analysis of FOSS cybersecurity policy and regulation from the EU, China, and the USA. The paper charts motivating principles and rhetoric behind their embrace (or lack thereof) of FOSS cybersecurity, encompassing their respective approaches as rights and consumer protection-driven, state-controlled, and market-based. It also compares key structures, features, and tools of those major powers’ cybersecurity policies and regulations involving FOSS, to evaluate compatibility.

This ongoing research explores the emerging approaches to the tripartite governance of open technology initiatives, which are the result of more structural and strategic forms of state involvement, driven by the growing infrastructural centrality of FOSS, the maturity and widespread adoption of this model of technological innovation, coupled with the broader crisis of neoliberalism and the resurgence of state activism in response to intensifying geopolitical and economic competition. This strategic involvement of governments signals a new stage of development for open technology initiatives and a transition toward novel governance configurations. The paper provides a significant sample of the ongoing projects and initiatives in which these forms of tripartite governance of ODI are taking their first steps and a structured, case-based taxonomy of the characteristics, tensions, and innovations that are emerging in these hybrid governance arrangements.

Digital Public Infrastructure (DPI) will become essential to the delivery of public goods and economic prosperity. How DPI is governed will determine whether that prosperity is shared; DPI should be governed as a commons. In this view, commons-based governance principles for DPIs are crucial to ensure collaboration between government or public entities and to improve relations between public actors and the communities that DPIs serve. Governing DPIs as commons enables community co-ownership, collective control, and co-creation. Effective commons governance also upholds the human rights of participants (including digital rights and online decisions), requiring that digital public infrastructure is open to enable population-wide entrepreneurship, not only democratising access to public services but catalysing active economic and social participation. This paper draws from empirical evidence of digital commons initiatives that provision infrastructure from our respective geographies (France, India, South Africa, Guatemala). It provides an actionable framework to guide commons-based governance of DPIs, while also illustrating the social as well as economic benefits of commons-governed DPIs.

Moving beyond technological determinism or mere functional use cases, it argues that these ‘national’ stacks(i.e,. India Stack, Deutschland Stack, etc) are increasingly curated as expressions of techno-nationalist strategy. These curated stacks are not neutral: even when they are built from ostensibly open technologies, their composition, deployment, and framing are tightly linked to national influence, compatibility agendas, and diplomatic alignment(Digital Sovereignty being one of the most contentious topics). This phenomenon represents a new layer of soft—and arguably hard—power, where open-source projects become a tool of export.

This paper asks: How are open source digital infrastructural components curated to advance national, geopolitical, and security agendas, and what implications exist for digital sovereignty and global cooperation? How (if at all) do open source communities perceive such tension? The paper explores the geopolitical dimensions of digital public infrastructure (DPI) through the lens of “stack curation” — the intentional assembly and export of open-source digital components by nation states which reflect and project their governing philosophies. Drawing on emerging examples from India, China, and the EU, it examines how “stack diplomacy” operates through the selection, orchestration, and global promotion of digital systems, and interrogates its consequences for global digital governance, including risks of dependency, fragmentation, and co-optation of open source ideals and way of working.

Just as India has helped shape the global conversation around DPI for financial inclusion, and Europe is advancing debates on technological sovereignty through initiatives like EuroStack, Brazil is well placed to lead the emerging agenda on DPI for climate, particularly through its space-earth observation capacities. From platforms like the Cadastro Ambiental Rural (CAR), INPE’s DETER deforestation alerts, and MapBiomas’s collaborative open-data initiative, Brazil’s digital public goods showcase how sovereign, transparent infrastructures can support environmental action at scale.

This ongoing research examines the growing geopolitical potential of open source and digital public infrastructure (DPI) in advancing climate resilience and environmental governance. The paper highlights significant potential for international partnerships, especially between Brazil and the European Union. Synergies with the EU’s Copernicus programme (Europe’s flagship earth observation initiative) offer a concrete pathway to align open digital cooperation with climate monitoring, biodiversity protection, and green transition goals. In parallel, Brazil’s leadership could underpin broader alliances with democratic partners such as India, South Africa, and others committed to a multipolar, open, and climate-oriented digital future. In the lead-up to COP30, this moment offers an opening to reimagine climate leadership through shared digital infrastructures.

This Q&A panel will allow attendees the chance to engage in conversation with the paper presenters and to dive into some of the key questions behind the research they have presented as part of the Open Source and Geopolitics track.

This talk will present a proposal from the Open Knowledge Foundation (OKFN) for a comprehensive update to the Open Definition, originally developed in 2005 to define openness in relation to data and content. In light of profound changes in the technological landscape — including the rise of artificial intelligence, consolidation of cloud power, proliferation of digital public infrastructure efforts, launch of regional and national stack efforts, and the increasing politicisation of technology, OKFN is seeking to relaunch the Open Definition Council and initiate a global, inclusive process to develop Version 3 of the definition. While AI is a major focus, the updated definition will apply more broadly to a range of sociotechnical systems. The goal would be to ensure that openness continues to serve the public interest across domains where power, access, and control are increasingly contested. The effort will involve research, global dialogue, and consensus-building to ensure the new definition is technically sound, socially grounded, and resistant to misuse, thereby combating the pervasive phenomenon of openwashing. The effort aims at restoring clarity and purpose of openness as an effective framework for guiding technology policy and practice across countries and disciplines.

Open technologies are crucial for transparency, resilience, and accountability, particularly in the face of rapid technological advancements and institutional vulnerabilities. This significance intensifies in politically and economically uncertain contexts. Focusing regionally on Latin America, this study emphasizes Brazil’s judiciary as a regional leader in integrating artificial intelligence (AI). In Brazil, key AI initiatives, including CNJ Resolution No. 332/2020, mandate transparency, fairness, explainability, and the preservation of human oversight. National platforms such as Sinapses and Codex/DataJud exemplify collaborative and standardized approaches. However, proprietary solutions like the Supreme Federal Court’s VICTOR underscore ongoing challenges concerning opacity, limited auditability, and due process.

This paper provides a comparative analysis of other Latin American countries, revealing varying transparency levels and governance frameworks. Argentina’s Prometea and AymurAI platforms are open-source, emphasizing rights-based frameworks. In contrast, Colombia’s mixed approach with tools like Copilot and ChatGPT reflects varying transparency standards, while Mexico’s JulIA initiative indicates limited accountability. Identified challenges across these contexts include algorithmic biases, inadequate oversight mechanisms, and regulatory gaps in data protection, particularly within Brazil’s General Data Protection Law (LGPD) and Mexico’s LFPDPPP. The paper proposes solutions to enhance AI governance: mandating open source development for publicly funded AI projects, implementing independent algorithmic audits, ensuring explainability through comprehensive documentation, and offering AI ethics education specifically tailored for judicial personnel.

The release of DeepSeek V3 and its open-source inference model R1 marks a consequential inflection point in the global political economy of artificial intelligence. Achieving near-frontier performance at an order of magnitude lower cost and compute intensity than its U.S. and European counterparts, DeepSeek disrupts prevailing assumptions about the institutional prerequisites and technical economies of advanced model development, provoking challenges and criticisms such as model distillation. DeepSeek is not merely a technical episode — it is a prompt. Its trajectory invites a fundamental reconsideration of how openness, sovereignty, and interoperability operate under conditions of structural inequality, and how cost-efficient, legally navigable AI systems may establish new normative baselines for global technological ordering post DeepSeek.

This paper situates the “DeepSeek moment” within a broader reconfiguration of AI sovereignty, emerging from jurisdictions across the Global Majority — states in Asia, Africa, Latin America, and the Middle East—whose infrastructural agency and normative priorities remain peripheral within dominant transatlantic AI governance regimes. Employing a structural-institutionalist methodology, the paper analyzes how regulatory arbitrage, compute localization, and algorithmic adaptation converge in AI’s developmental arc. The model’s reliance on PTX-layer optimization, rather than full architectural overhaul, exemplifies an engineering strategy shaped less by maximalist innovation than by material constraint and jurisdictional heterogeneity. In doing so, it reframes openness not as a liberal universal but as a governance modality responsive to asymmetrical power.

Over the past few decades, open artifacts have flourished across distinct yet interrelated domains: OSS, open data, open standards, and now open AI models. Each developed within its own set of cultures and communities, producing divergent governance approaches. Technical and business factors are increasingly melding these areas into partly-fused communities of practice. These artifacts now coexist within layered digital infrastructures, where each element reinforces and depends on the others: OSS powers data pipelines; open datasets train AI models; open models store/produce data and shape software development. Innovations and vulnerabilities propagate across these layers; interventions in one domain ripple through others.

This paper examines how regulatory framings and legal requirements are consolidating these recursive infrastructures and drawing these domains under a shared governance optic. Regulatory pressure comes from both public and private actors. State-led interventions—often driven by national security and geopolitical priorities—are expanding the reach of cybersecurity, liability, and transparency obligations across software, data, and AI systems. Examples include the EU’s CRA and AI Act, and the U.S. NCS. Institutional and private-sector initiatives are reshaping legal architectures: the World Bank’s licensing framework for OSS formalizes software release as part of broader data governance; the OSI’s OSAI definition seeks to stabilize what “openness” means when applied to models. The paper argues these developments are not merely cumulative, but indicative of a deeper reconfiguration in how open artifacts are articulated.

As generative artificial intelligence (AI) models become increasingly prevalent and released under various forms of open and permissive licenses, there is a critical need to understand how they are built and who contributes to this process. Currently, there is limited research that maps open collaboration practices across different stages of the development or reuse of models and their constituent artifacts (e.g. training datasets, software, model weights, evaluation benchmarks). This research aims to map and characterize open collaboration (specifically, the “collaboration on-ramps”) at different stages in the development and reuse lifecycle of open generative AI models, with a focus on open large language models (LLMs). Through qualitative interviews with 12 open LLM developers (i.e. Allen Institute for AI, EleutherAI, Cohere Labs, Hugging Face, Meta, Alibaba, the BigScience Workshop, AI Singapore, SpeakLeash, SCB 10X, Fraunhofer IAIS, and the National Library of Norway), this study presents a comprehensive cartography of collaboration practices throughout the lifecycle of open LLMs across diverse organizational contexts, from grassroots initiatives to large technology companies, and world regions. The study provides researchers, developers, business leaders, policymakers, and the wider community with empirical insights into collaboration practices, including motivations, opportunities and challenges, in the emerging open source AI community as well as practical recommendations for participation in or promotion of open source AI collaboration.

In recent years, large language models (LLMs) have relied almost entirely on massive amounts of unlicensed, web-scraped text, raising questions about intellectual property, consent, and fairness. Estimates suggest that compensating content creators even minimally would cost billions. Faced with mounting lawsuits and competition, most AI companies have not only stopped sharing their training datasets, but some have also claimed that training competitive models without copyrighted material is “impossible.” This argument has helped justify growing opacity, even as the open web steadily closes in response to extractive AI practices. We are seeing the consequences: opaque systems we can’t audit, models we can’t reproduce, biases we can’t trace, and communities that feel exploited.

A global community of open LLM developers set out to demonstrate that performant models can be trained on responsibly sourced, openly licensed data. In 2024, Mozilla and EleutherAI convened over 30 builders of open AI datasets to document what’s working, identify shared obstacles, and exchange strategies. The result was a paper called ‘Towards Best Practices for Open Datasets for LLM Training’, which offers a practical guide to responsibly sourcing, curating, and releasing large-scale open datasets. This paper builds on that one, outlining strategies for addressing key technical and policy issues: unreliable metadata and “data laundering,” locked-in data, digitization costs, jurisdictional uncertainty, and the need for cross-domain collaboration. It also proposes a tiered model of openness, reflecting the reality that transparency in AI is inseparable from the data it’s built on.

This Q&A panel will allow attendees the chance to engage in conversation with the paper presenters and to dive into some of the key questions behind the research they have presented as part of the Open Source and AI track.

Speakers and attendees will be welcomed to the OFA Symposium 2025 during this time, during which coffee and light refreshments will be provided and participants can get settled in to the event.

Keynote remarks will be provided by a luminary in the field of open source and/or open technologies. The speaker will be announced in the coming weeks.

Open source software, along with open data, open hardware, and open standards, is foundational to today’s global digital economy. Latest estimates show that over 90% of software in active commercial stacks have open source dependencies. In a world of geopolitical friction, we see increased focus on regulation and a sovereign stack, which is only possible with the inclusion of open source software. As shared digital infrastructure, open source software technologies function as digital public goods. Despite the importance of open source software, its economic contribution has consistently been underrepresented in traditional policy frameworks, national accounts, and innovation metrics.

This ongoing research assesses the options in measuring the economic value of open source software and its contribution to our global economies. Drawing on macroeconomic modelling, international adoption metrics, and studies from the OECD, Stanford, and Harvard, it outlines how open technologies generate cost efficiencies, enhance productivity, and catalyse innovation across public and private sectors. To date, only Harvard and OpenUK have identified the value of open source software. The paper gives attention to the challenge of valuing open source software. It also considers the need to create a model that values AI that is distributed openly, such as open weights, open models, and open training data. It argues that defining and measuring these assets is a prerequisite for responsible regulation, funding, and standards development.

How can we measure the total benefit that open technological solutions afford a society? As part of a larger study into countries’ adoption of Digital Public Goods (DPGs) in their digital public infrastructure, this ongoing research puts forth a framework that seeks to capture the total value of DPGs relative to proprietary solutions. The paper draws on existing approaches to conceptualize the economic impact of ‘open’. The framework combines Total Cost of Ownership, which captures the direct and indirect monetary costs of a technology, with an analysis of Broader Ecosystem Value, the harder-to-quantify gains in innovation, strategic autonomy, and social benefit that come from open technological solutions. The goal is to create a comprehensive, rigorous, and sound way to assess how open technologies benefit a society. The paper discusses the components of this framework, along with emerging evidence gathered from empirical work, and then discusses open questions and ways to develop and test the framework further.

In Brazil, large incumbent Internet Service Providers (ISPs) often neglect remote or economically marginalized regions, leaving millions without affordable or reliable internet access. In response, an ecosystem of over 11,000 small, community-focused ISPs has emerged to fill this gap. These providers play a critical role in bridging the digital divide but continue to face significant challenges, particularly around financial sustainability and operational efficiency. One key strategy some of these ISPs employ is the use of Free and Open Source Software (FOSS) to reduce network deployment and maintenance costs. However, widespread adoption remains limited due to barriers such as technical knowledge gaps, lack of user-friendly interfaces, and insufficient ongoing support from software communities. This ongoing research explores the extent to which community-focused ISPs in Brazil are currently leveraging FOSS technologies and identifies the steps needed to encourage broader adoption. By examining both the opportunities and the constraints, the paper highlights how targeted support for open technologies could strengthen the sustainability of small ISPs and expand affordable internet access to underserved regions. The findings contribute to ongoing policy and industry discussions about fostering inclusive, community-driven approaches to connectivity.

The climate crisis poses a severe threat to the natural systems that support modern civilization, disrupting essential cycles that provide freshwater, fertile soils, and stable weather patterns. These disruptions are projected to lead to widespread biodiversity loss and to upset local and global economies. To ensure that the scientific basis of these projections is transparent and credible, researchers globally are increasingly making climate data and models openly available, which supports informed decision-making and helps safeguard sustainable development from being compromised by short-term political or economic agendas. Despite this progress, the broader application of open source software and open data in climate and sustainability-related technologies remains limited. National governments, international organizations, academia, industry, and civil society have all played roles in both contributing to the crisis and proposing solutions, and fragmented, proprietary approaches persist.

Open source offers a powerful alternative. This ongoing research seeks to look at the development of OpenSustain.tech, the most comprehensive dataset of over 2,500 open source projects directly addressing the climate crisis. The paper details the transparent methodology used to curate this collection, including human expert review across multiple fields. It further analyzes the network of transitive dependencies among these projects, extending previous work in mapping the climate-focused open source ecosystem. The paper also discusses the strategic importance of open source in advancing climate solutions, including its potential economic and societal value, as well as its foundational role in digital infrastructure for climate mitigation, adaptation, and sustainable development.

This presentation introduces ThingData, an open protocol and database building a “material commons” of structured data essential for physical goods, their repair, and reuse. ThingData serves as a compelling practical case study, illustrating how open data infrastructure, when treated as a digital public good, can generate substantial economic value within a vital sector while simultaneously advancing global sustainability targets. The talk will discuss the technical approach and the importance of open governance in realizing this economic and social potential. It also argues that open access to this standardized data functions as a crucial digital public good, directly enabling the circular economy and the Right to Repair movement, and significantly contributing to Sustainable Development Goals (SDGs) like responsible consumption, innovation, and economic growth. The talk will further detail the tangible economic impacts of this open data infrastructure. These include stimulating the creation of new repair and reuse businesses by providing necessary information, reducing waste disposal costs through better material recovery, fostering innovation in product design for longevity and new service models, and establishing more transparent and efficient secondary markets for used goods and components.

Open science hardware (OSH) offers a powerful yet underutilized strategy for building local innovation capacity, strengthening supply chains, and enabling cost-effective, context-relevant research tools. In an era of rising geopolitical uncertainty and economic precarity, OSH provides more than just accessible instrumentation — it forms the foundation of resilient, community-driven technological ecosystems.

This paper draws on new evidence from the Open Science Shop project, a global network of local open science hardware vendors and manufacturers. Through a combination of network analysis and case studies associated with the Open Science Shop, the paper explores how open hardware projects create economic value — not only through tool deployment, but through skills development, local supplier engagement, and innovative design practices that adapt to regional constraints and needs. The paper aims to show pathways for OSH projects to become nodes for distributed production and innovation, while identifying the most relevant challenges in practice. It makes the case that OSH should be seen not only as a technical or scientific asset but as a strategic tool for economic resilience, especially in under-resourced or peripheral regions. It also proposes practical pathways for enabling local innovation ecosystems based on OSH, drawing from the Open Science Shop’s framework for global-local collaboration.

As universities increasingly embrace open source software for knowledge dissemination and societal impact, technology transfer offices (TTOs) face a critical challenge: how to effectively measure and communicate the economic and social value of university-originated open source projects. Unlike traditional intellectual property metrics, open source initiatives require new frameworks that capture their unique pathways to impact, from community adoption to commercial spinouts. By establishing common measurement standards, TTOs can collectively demonstrate the substantial economic impact of university open source initiatives, justify investment in open source support infrastructure, and position themselves as essential enablers in the evolving landscape of academic innovation and knowledge transfer.

This ongoing research considers how to develop a standardized metrics framework specifically designed for academic tech transfer contexts, addressing the urgent need for consistent measurement approaches across institutions. Drawing from multi-institutional case studies and industry partnerships, the paper presents current progress in developing a comprehensive set of quantitative and qualitative indicators that capture the impact of university open source projects. The paper will demonstrate how standardized metrics will enable TTOs to make data-driven decisions about resource allocation, identify high-potential projects for targeted support, and effectively communicate open source value to university leadership and external stakeholders. It will also discuss pathways for adoption of the standards across the academic tech transfer community.

This Q&A panel will allow attendees the chance to engage in conversation with the paper presenters and to dive into some of the key questions behind the research they have presented as part of the Economic Impact of Open track.

The problem is well-known. Critical open source projects are often underfunded and maintained by a few volunteers. This creates fragility in our digital infrastructure, leading to security risks like Heartbleed and the XZ backdoor. Short-term grants and corporate budgets aren’t enough to solve the deep, systemic issue. This talk provides a case study of turning the idea of a permanent endowment for open source software into a real, functioning organization and funded endowment.

The solution is the Open Source Endowment (OSE), which uses the endowment model, common in universities, to create a permanent, stable source of funding. Donations build a principal fund, and we only spend the investment income on grants. This approach is designed for the long run. In the past year, the OSE has moved from concept to reality. It has been incorporated as a US nonprofit, set up our financial infrastructure, and started building a community of founding donors. The response has shown that there is a significant appetite for this kind of support.

This talk will share a practical look at our first year, covering the approach, the steps the founders took to get started, the challenges faced and learnings, and future considerations for providing sustainable OSS funding. The goal of the talk is to be transparent about what it takes to build a new funding institution for open source, showing that a systemic approach is both possible and effective.

Chronic under-investment in open source technologies creates systemic risks – exposing Europe to (amongst other things) cybersecurity threats, supply chain vulnerabilities, and strategic dependencies on non-European technology providers. To maintain, secure, and improve existing open source technologies to meet the EU’s public and industrial goals, it requires policymakers to understand the logics underpinning failures in investing in the maintenance of open source technologies as open digital infrastructure, prioritisng the use of public policy towards the unlocking of financial and nonfinancial resources that support the open source ecosystem.

This paper reveals deep pockets of political will and momentum for the establishment of an EU Sovereign Tech Fund (EU-STF). It draws on conversations with two dozen policymakers, technologists, and advocates, as well as extensive economic and legal analysis. The EU-STF is envisioned as a scaled-up, pan-European, and mission-driven initiative with a proposed budget of at least EUR €350 million over seven years to invest in maintenance, security, and improvement of key open source components, as well as help identify and map dependencies and invest in ecosystem strengthening activities. The EU-STF must embody some key principles: pooled financing, low bureaucracy, political independence, flexible funding, community focus, strategic alignment, and transparency. Two active budgetary scenarios are worth considering for the EU-STF: (1) a standalone and centralised fund, and (2) a hybrid/shared management structure leveraging established EU institutional frameworks like the EDIC that allow for co-financing).

Cases like XZ Utils highlight the pressing need for better security in open source software. Open source communities and concerned policymakers agree that more needs to be done to secure code from these supply chain attacks; however, there is still no significant agreement on how best to approach these challenges. The current debate about open source software security mirrors discussions around trade security that surfaced soon after 9/11. Industry argued then that regulations requiring importers to fully certify the security of their supply chains – as well as mandating “100% screening” of cargo containers – would result in the collapse of global trade. While policymakers and the security community understood these concerns, they also felt that the industry’s approach up to that point was insufficient for countering threats to global security. Ultimately, the stakeholders were able to create a series of initiatives that balanced the needs of trade and security and provided effective incentives for “voluntary” compliance from industry. This ongoing research seeks to document for the first time the historical example of supply chain security for tangible goods with the current challenges facing open source software supply chain security. The paper focuses on the impact of governmental and industry trade security and the current outlook for OSS security, identifying overlaps and evaluating lessons learned from the historical case study.

Open source projects often measure success with stars, forks, and downloads. But these metrics don’t reflect the health of the community behind the code. This talk introduces the CHAOSS DEI Project Badging initiative as a way to rethink sustainability through the lens of inclusion, transparency, and contributor well-being. A simple badge earned through documenting efforts in access, leadership, communication, and newcomer experience can highlight a project’s commitment to a healthy and welcoming environment. The talk explores how DEI.md files guide self-reflection, help attract and retain contributors, and signal project resilience. By walking through the practical steps for applying for a CHAOSS badge, it will how these small, community-focused signals can create big impacts in long-term sustainability and security.

Collaboration on public sector Open Source Software (OSS) projects is steadily increasing along with demands for sovereign and interoperable technology stacks. Still, practice has yet to catch up compared to industry and the broader OSS ecosystem, whose ways of working need to be tailored to manage the many challenges falling on the public sector. To help accelerate the public sector’s use and development of OSS, this paper investigates six successful cases of public sector OSS projects from different countries and levels of government. The paper provides insights on how development is commonly concentrated and performed with the use of national and local service providers, discussing different funding models, either involving one or a few central actors, or a wider set through different setups of crowd-funding. It then elaborates on sustainability challenges related to the various ways of working and potential approaches to addressing these proactively.

Open source software (OSS) underpins modern digital infrastructure globally, yet its contributor base is strikingly homogeneous. OSS is dominated by White men from Europe and North America, with only 10% women and an underrepresentation of Black, Hispanic, Indigenous, and multiracial contributors. Furthermore, while younger contributors continue to join OSS, OSS contributors are skewing older, as fewer and fewer younger developers choose to join and remain in OSS, and the percentage of maintainers under the age of 26 has dropped from 25% in 2021 to 10% in 2024 (Tidelift, 2024). Younger developers aren’t advancing to maintainership roles, compounding concerns for the longevity of OSS, and thus for digital infrastructure writ large. Diversity is critical for effective OSS, yet non-diverse projects risk exclusionary outcomes, sustainability issues, and neglect of community health. The aging maintainer pool, coupled with a lack of diverse representation, threatens OSS sustainability. Understanding younger contributors is crucial—tracking their entry, engagement, and barriers to leadership could enhance diversity. In tackling these issues, this ongoing research seeks to develop a richer understanding of potential OSS newcomers, their concerns and experiences, and how their participation evolves over time, building on a survey study of undergraduate introductory programming students across the US. The paper discusses the implications of this research for OSS sustainability and diversity, for the distribution of OSS benefits amongst different groups, and for encouraging broader participation in online communities.

This Q&A panel will allow attendees the chance to engage in conversation with the paper presenters and to dive into some of the key questions behind the research they have presented as part of the Sustainability and Security track.

Closing remarks for the day will be provided by OpenForum Europe (OFE) and the team at FGV Rio. Participants will host a discussion with some special speakers and guests to help conclude the event.