Speakers and attendees will be welcomed to the OFA Symposium 2025 during this time, during which coffee and light refreshments will be provided and participants can get settled in to the event.

Opening remarks for the day will be provided by OpenForum Europe (OFE) and the team at FGV Rio. Participants will be welcomed to the event and the events of the next day will be previewed in some depth.

This keynote presentation from Dr. Luca Belli, Professor of Digital Governance and Regulation at FGV, will explore the crucial role of open source in advancing digital sovereignty, with a focus on how leading emerging economies, such as Brazil, China, and India, have utilised open source to strengthen their technological autonomy. Through critical analysis of case studies and research conducted by the CyberBRICS project at CTS-FGV, it will idnetify key factors that contribute to success and pitfalls to avoid. Additionally, the presentation will highlight the overlap between digital sovereignty, cybersecurity, and open source, stressing the need to harness synergies across these domains to shape sustainable and resilient digital transformation.

This article examines how geopolitical tensions have shaped the emergence and stabilization of RISC-V, an open and royalty-free Instruction Set Architecture (ISA) that has rapidly expanded in the global semiconductor industry. Rather than treating geopolitics as an external constraint acting upon standardization, the study analyzes how geopolitical rivalry has actively contributed to RISC-V’s development. The analysis combines Science and Technology Studies approaches with Ostrom’s framework for commons-based governance to trace both the strategies of alignment of heterogeneous actors and the institutional arrangements devised to maintain cooperation. Drawing on document analysis, historical membership data, and interviews with key contributors, the study shows how RISC-V became articulated to divergent political projects: frontier innovation in the United States; technological autonomy in China; and digital sovereignty agendas in Europe. These agendas, while often contradictory, converged around RISC-V’s value as an open foundation for processor design. At the same time, this convergence generated risks of fragmentation along political, economic, and technical lines. The RISC-V Foundation responded by relocating to Switzerland to ensure geopolitical neutrality, progressively formalising rules of participation, restructuring membership and voting rights, and establishing transparent procedures for technical collaboration. These governance reforms produced better representation, reflected in the diversification of membership and board composition across the United States, China, and Europe between 2015 and 2025. The case of RISC-V demonstrates how open technological ecosystems can operate as stabilizing infrastructures under geopolitical tension, while also remaining vulnerable to capture and strategic instrumentalization.

Today, a timely and critical debate is emerging on governments’ role in governing free and open-source software (FOSS) cybersecurity. Often, they have centred FOSS as a tool for ‘digital sovereignty,’ driving competition, innovation and interoperability. Budgets, policies and regulations are shifting, whether mainstreaming FOSS or institutional experimentation. China has embedded FOSS within its Five-Year Plan. The EU’s Cyber Resilience Act introduces the novel category of ‘FOSS stewards.’ Highlighting the successes of Germany’s Sovereign Tech Agency, advocates seek an EU-wide fund for FOSS maintenance.

Encouraging an evidence-based approach for policy development and digital diplomacy, this ongoing research undertakes a ‘big picture’ comparative analysis of FOSS cybersecurity policy and regulation from the EU, China, and the USA. The paper charts motivating principles and rhetoric behind their embrace (or lack thereof) of FOSS cybersecurity, encompassing their respective approaches as rights and consumer protection-driven, state-controlled, and market-based. It also compares key structures, features, and tools of those major powers’ cybersecurity policies and regulations involving FOSS, to evaluate compatibility.

This ongoing research explores the emerging approaches to the tripartite governance of open technology initiatives, which are the result of more structural and strategic forms of state involvement, driven by the growing infrastructural centrality of FOSS, the maturity and widespread adoption of this model of technological innovation, coupled with the broader crisis of neoliberalism and the resurgence of state activism in response to intensifying geopolitical and economic competition. This strategic involvement of governments signals a new stage of development for open technology initiatives and a transition toward novel governance configurations. The paper provides a significant sample of the ongoing projects and initiatives in which these forms of tripartite governance of ODI are taking their first steps and a structured, case-based taxonomy of the characteristics, tensions, and innovations that are emerging in these hybrid governance arrangements.

Digital Public Infrastructures (DPIs) are becoming essential to the delivery of public goods and economic prosperity. How DPIs are governed will determine whether that prosperity is shared or captured by a few. At present, the integration of open technologies into DPIs, such as open source software, open data and open AI models, is gaining traction. Non-discriminatory access is crucial in ensuring wide downstream economic benefits from DPIs. But in addition to openness of resources, we argue for commons-based governance. A narrow focus on open licensing or open APIs does not, by itself, ensure democratic DPIs.

We first articulate three meta benefits of commons-based governance of DPIs – decentralisation of expertise and decision-making and the role of the state, sustainability of both resources and communities, and global cooperation. In order to support our claims, we provide case-studies of commons-based DPIs from France, India, South Africa and Brazil.

Additionally, we articulate 10 normative principles for commons-based governance of DPIs, with a focus on minimising value extraction and improving sustainability, which can guide policymakers, funders and builders of DPIs. We argue that these 10 governance principles ensure collaboration between government or public entities and improving relations between public actors and the communities that DPIs serve. Effective commons governance also upholds the human rights of participants (including digital rights and online decision), requiring that digital public infrastructure is open to enable population-wide entrepreneurship, not only democratising access to public services, but catalysing active economic and social participation.

This paper examines the rise of open national digital infrastructures (DI) or “sovereign technology stacks” as instruments of geopolitical and security strategy. Across regions, states increasingly assemble layered “stacks” that integrate technology, governance, finance, and policy to project influence and advance national agendas.

Here, we introduce the concept of stack curation, defined as the intentional selection, configuration, and export of open-source components to serve geopolitical and security objectives. Even when built from ostensibly open technologies, curated stacks embed national priorities and reproduce power through infrastructural interdependencies.

Drawing on two comparative cases, China’s Gitee platform and the U.S. Government’s PEPFAR program and its DHIS2-based health information systems, the paper proposes a typology of curatorial mechanisms (selection, canonization, gatekeeping, dependence, domestication) and examines their implications for global digital governance and the evolving politics of “openness” as an instrument of sovereignty.

Just as India has helped shape the global conversation around DPI for financial inclusion, and Europe is advancing debates on technological sovereignty through initiatives like EuroStack, Brazil is well placed to lead the emerging agenda on DPI for climate, particularly through its space-earth observation capacities. From platforms like the Cadastro Ambiental Rural (CAR), INPE’s DETER deforestation alerts, and MapBiomas’s collaborative open-data initiative, Brazil’s digital public goods showcase how sovereign, transparent infrastructures can support environmental action at scale.

This ongoing research examines the growing geopolitical potential of open source and digital public infrastructure (DPI) in advancing climate resilience and environmental governance. The paper highlights significant potential for international partnerships, especially between Brazil and the European Union. Synergies with the EU’s Copernicus programme (Europe’s flagship earth observation initiative) offer a concrete pathway to align open digital cooperation with climate monitoring, biodiversity protection, and green transition goals. In parallel, Brazil’s leadership could underpin broader alliances with democratic partners such as India, South Africa, and others committed to a multipolar, open, and climate-oriented digital future. In the lead-up to COP30, this moment offers an opening to reimagine climate leadership through shared digital infrastructures.

This Q&A panel will allow attendees the chance to engage in conversation with the paper presenters and to dive into some of the key questions behind the research they have presented as part of the Open Source and Geopolitics track.

This talk will present a proposal from the Open Knowledge Foundation (OKFN) for a comprehensive update to the Open Definition, originally developed in 2005 to define openness in relation to data and content. In light of profound changes in the technological landscape — including the rise of artificial intelligence, consolidation of cloud power, proliferation of digital public infrastructure efforts, launch of regional and national stack efforts, and the increasing politicisation of technology, OKFN is seeking to relaunch the Open Definition Council and initiate a global, inclusive process to develop Version 3 of the definition. While AI is a major focus, the updated definition will apply more broadly to a range of sociotechnical systems. The goal would be to ensure that openness continues to serve the public interest across domains where power, access, and control are increasingly contested. The effort will involve research, global dialogue, and consensus-building to ensure the new definition is technically sound, socially grounded, and resistant to misuse, thereby combating the pervasive phenomenon of openwashing. The effort aims at restoring clarity and purpose of openness as an effective framework for guiding technology policy and practice across countries and disciplines.

Open technologies are crucial for transparency, resilience, and accountability, particularly in the face of rapid technological advancements and institutional vulnerabilities. This significance intensifies in politically and economically uncertain contexts. Focusing regionally on Latin America, this study emphasizes Brazil’s judiciary as a regional leader in integrating artificial intelligence (AI). In Brazil, key AI initiatives, including CNJ Resolution No. 332/2020, mandate transparency, fairness, explainability, and the preservation of human oversight. National platforms such as Sinapses and Codex/DataJud exemplify collaborative and standardized approaches. However, proprietary solutions like the Supreme Federal Court’s VICTOR underscore ongoing challenges concerning opacity, limited auditability, and due process.

This paper provides a comparative analysis of other Latin American countries, revealing varying transparency levels and governance frameworks. Argentina’s Prometea and AymurAI platforms are open-source, emphasizing rights-based frameworks. In contrast, Colombia’s mixed approach with tools like Copilot and ChatGPT reflects varying transparency standards, while Mexico’s JulIA initiative indicates limited accountability. Identified challenges across these contexts include algorithmic biases, inadequate oversight mechanisms, and regulatory gaps in data protection, particularly within Brazil’s General Data Protection Law (LGPD) and Mexico’s LFPDPPP. The paper proposes solutions to enhance AI governance: mandating open source development for publicly funded AI projects, implementing independent algorithmic audits, ensuring explainability through comprehensive documentation, and offering AI ethics education specifically tailored for judicial personnel.

The release of DeepSeek V3 and its open-source inference model R1 marks a consequential inflection point in the global political economy of artificial intelligence. Achieving near-frontier performance at an order of magnitude lower cost and compute intensity than its U.S. and European counterparts, DeepSeek disrupts prevailing assumptions about the institutional prerequisites and technical economies of advanced model development, provoking challenges and criticisms such as model distillation. DeepSeek is not merely a technical episode — it is a prompt. Its trajectory invites a fundamental reconsideration of how openness, sovereignty, and interoperability operate under conditions of structural inequality, and how cost-efficient, legally navigable AI systems may establish new normative baselines for global technological ordering post DeepSeek.

This paper situates the “DeepSeek moment” within a broader reconfiguration of AI sovereignty, emerging from jurisdictions across the Global Majority — states in Asia, Africa, Latin America, and the Middle East—whose infrastructural agency and normative priorities remain peripheral within dominant transatlantic AI governance regimes. Employing a structural-institutionalist methodology, the paper analyzes how regulatory arbitrage, compute localization, and algorithmic adaptation converge in AI’s developmental arc. The model’s reliance on PTX-layer optimization, rather than full architectural overhaul, exemplifies an engineering strategy shaped less by maximalist innovation than by material constraint and jurisdictional heterogeneity. In doing so, it reframes openness not as a liberal universal but as a governance modality responsive to asymmetrical power.

Over the past few decades, open artifacts have flourished across distinct yet interrelated domains: open-source software, open data, open standards, and, more recently, open models. Each domain has developed within its own cultures and communities, producing divergent governance approaches. Technical and business factors are now melding these areas into partly-fused communities of practice. Open artifacts increasingly coexist within layered digital infrastructures in which each element reinforces and depends on the others: open-source software powers data pipelines; open datasets feed large language models; open models store and generate data while shaping software development practices. Innovations and vulnerabilities propagate across these layers; interventions in one domain ripple through the rest. The paper maps these technical and business drivers to foreground how regulatory framings and legal requirements are consolidating this convergence, drawing previously separate domains under a shared governance optic. We argue that these developments are not merely cumulative but indicative of a deeper reconfiguration in how open artifacts are articulated.

As generative artificial intelligence (AI) models become increasingly prevalent and released under various forms of open and permissive licenses, there is a critical need to understand how they are built and who contributes to this process. Currently, there is limited research that maps open collaboration practices across different stages of the development or reuse of models and their constituent artifacts (e.g. training datasets, software, model weights, evaluation benchmarks). This research aims to map and characterize open collaboration (specifically, the “collaboration on-ramps”) at different stages in the development and reuse lifecycle of open generative AI models, with a focus on open large language models (LLMs). Through qualitative interviews with 12 open LLM developers (i.e. Allen Institute for AI, EleutherAI, Cohere Labs, Hugging Face, Meta, Alibaba, the BigScience Workshop, AI Singapore, SpeakLeash, SCB 10X, Fraunhofer IAIS, and the National Library of Norway), this study presents a comprehensive cartography of collaboration practices throughout the lifecycle of open LLMs across diverse organizational contexts, from grassroots initiatives to large technology companies, and world regions. The study provides researchers, developers, business leaders, policymakers, and the wider community with empirical insights into collaboration practices, including motivations, opportunities and challenges, in the emerging open source AI community as well as practical recommendations for participation in or promotion of open source AI collaboration.

Many AI companies are training their large language models on data without the permission of the copyright owners. The permissibility of doing so varies by jurisdiction: in countries like the EU and Japan, this is allowed under certain restrictions, while in the United States, the legal landscape is more ambiguous. Regardless of the legal status, concerns from creative producers have led to several high-profile copyright lawsuits, and the threat of litigation is commonly cited as a reason for the recent trend towards minimizing the information shared about training datasets by both corporate and public interest actors. This trend in limiting data information causes harm by hindering transparency, accountability, and innovation in the broader ecosystem by denying researchers, auditors, and impacted individuals access to the information needed to understand AI models.

While this could be mitigated by training language models on open access and public domain data, at the time of writing, there are no such models (trained at a meaningful scale) due to the substantial technical and sociological challenges in assembling the necessary corpus. These challenges include incomplete and unreliable metadata, the cost and complexity of digitizing physical records, and the diverse set of legal and technical skills required to ensure relevance and responsibility in a quickly changing landscape. Building towards a future where AI systems can be trained on openly licensed data that is responsibly curated and governed requires collaboration across legal, technical, and policy domains, along with investments in metadata standards, digitization, and a culture of openness.

This Q&A panel will allow attendees the chance to engage in conversation with the paper presenters and to dive into some of the key questions behind the research they have presented as part of the Open Source and AI track.

Speakers and attendees will be welcomed to the OFA Symposium 2025 during this time, during which coffee and light refreshments will be provided and participants can get settled in to the event.

Openness has long been a core value of the digital age — a promise that technology and transparency could bring us closer to equity and participation. Yet, as artificial intelligence, digital public infrastructures, and massive data systems reshape our world, that promise is no longer merely unfulfilled but also challenged. In this keynote presentation, Fernanda Campagnucci — a practitioner and researcher of digital governance, Executive Director of InternetLab, former Executive Director of Open Knowledge Brazil, and former Open Data Lead for the City of São Paulo — reflects on her journey through the frontlines of open government. From collaborative open data projects in São Paulo to recent research on AI and digital public infrastructures, she explores how the very meaning of openness is being disputed — and why openness must remain central to democratic governance of data and technology in the age of AI.

Open source software, along with open data, open hardware, and open standards, is foundational to today’s global digital economy. Latest estimates show that over 90% of software in active commercial stacks have open source dependencies. In a world of geopolitical friction, we see increased focus on regulation and a sovereign stack, which is only possible with the inclusion of open source software. As shared digital infrastructure, open source software technologies function as digital public goods. Despite the importance of open source software, its economic contribution has consistently been underrepresented in traditional policy frameworks, national accounts, and innovation metrics.

This ongoing research assesses the options in measuring the economic value of open source software and its contribution to our global economies. Drawing on macroeconomic modelling, international adoption metrics, and studies from the OECD, Stanford, and Harvard, it outlines how open technologies generate cost efficiencies, enhance productivity, and catalyse innovation across public and private sectors. To date, only Harvard and OpenUK have identified the value of open source software. The paper gives attention to the challenge of valuing open source software. It also considers the need to create a model that values AI that is distributed openly, such as open weights, open models, and open training data. It argues that defining and measuring these assets is a prerequisite for responsible regulation, funding, and standards development.

How can we measure the total benefit that open technological solutions afford a society? As part of a larger study into countries’ adoption of Digital Public Goods (DPGs) in their digital public infrastructure, this ongoing research puts forth a framework that seeks to capture the total value of DPGs relative to proprietary solutions. The paper draws on existing approaches to conceptualize the economic impact of ‘open’. The framework combines Total Cost of Ownership, which captures the direct and indirect monetary costs of a technology, with an analysis of Broader Ecosystem Value, the harder-to-quantify gains in innovation, strategic autonomy, and social benefit that come from open technological solutions. The goal is to create a comprehensive, rigorous, and sound way to assess how open technologies benefit a society. The paper discusses the components of this framework, along with emerging evidence gathered from empirical work, and then discusses open questions and ways to develop and test the framework further.

In Brazil, large incumbent Internet Service Providers (ISPs) often neglect remote or economically marginalized regions, leaving millions without affordable or reliable internet access. In response, an ecosystem of over 11,000 small, community-focused ISPs has emerged to fill this gap. These providers play a critical role in bridging the digital divide but continue to face significant challenges, particularly around financial sustainability and operational efficiency. One key strategy some of these ISPs employ is the use of Free and Open Source Software (FOSS) to reduce network deployment and maintenance costs. However, widespread adoption remains limited due to barriers such as technical knowledge gaps, lack of user-friendly interfaces, and insufficient ongoing support from software communities. This ongoing research explores the extent to which community-focused ISPs in Brazil are currently leveraging FOSS technologies and identifies the steps needed to encourage broader adoption. By examining both the opportunities and the constraints, the paper highlights how targeted support for open technologies could strengthen the sustainability of small ISPs and expand affordable internet access to underserved regions. The findings contribute to ongoing policy and industry discussions about fostering inclusive, community-driven approaches to connectivity.

The climate crisis poses a severe threat to the natural systems that support modern civilization, disrupting essential cycles that provide freshwater, fertile soils, and stable weather patterns. These disruptions are projected to lead to widespread biodiversity loss and to upset local and global economies. To ensure that the scientific basis of these projections is transparent and credible, researchers globally are increasingly making climate data and models openly available, which supports informed decision-making and helps safeguard sustainable development from being compromised by short-term political or economic agendas. Despite this progress, the broader application of open source software and open data in climate and sustainability-related technologies remains limited. National governments, international organizations, academia, industry, and civil society have all played roles in both contributing to the crisis and proposing solutions, and fragmented, proprietary approaches persist.

Open source offers a powerful alternative. This ongoing research seeks to look at the development of OpenSustain.tech, the most comprehensive dataset of over 2,500 open source projects directly addressing the climate crisis. The paper details the transparent methodology used to curate this collection, including human expert review across multiple fields. It further analyzes the network of transitive dependencies among these projects, extending previous work in mapping the climate-focused open source ecosystem. The paper also discusses the strategic importance of open source in advancing climate solutions, including its potential economic and societal value, as well as its foundational role in digital infrastructure for climate mitigation, adaptation, and sustainable development.

This talk will detail the groundwork and current development status of ThingData, a speculative prototype of distributed and open-source systems designed to address deep-seated asymmetries in the availability of data needed to support the reuse of goods and materials. ThingData is part of ongoing, commons-oriented research comprising technologies, methods, and approaches geared at promoting an inclusive and fair circular economy. Its origins are associated with a European Union-funded PhD research (2019-2022) which resulted in the thesis Generous cities – weaving commons-oriented systems for the reuse of excess materials in urban contexts. It is currently incubated by the Reuse City studio and the Global Innovation Gathering (GIG). ThingData is explicitly designed to function as a Digital Public Good contributing to SDGs 9 (Industry, Innovation and Infrastructure), 12 (Responsible Consumption and Production), and 17 (Partnerships).

As universities increasingly embrace open source software for knowledge dissemination and societal impact, technology transfer offices (TTOs) face a critical challenge: how to effectively measure and communicate the economic and social value of university-originated open source projects. Unlike traditional intellectual property metrics, open source initiatives require new frameworks that capture their unique pathways to impact, from community adoption to commercial spinouts. By establishing common measurement standards, TTOs can collectively demonstrate the substantial economic impact of university open source initiatives, justify investment in open source support infrastructure, and position themselves as essential enablers in the evolving landscape of academic innovation and knowledge transfer.

This ongoing research considers how to develop a standardized metrics framework specifically designed for academic tech transfer contexts, addressing the urgent need for consistent measurement approaches across institutions. Drawing from multi-institutional case studies and industry partnerships, the paper presents current progress in developing a comprehensive set of quantitative and qualitative indicators that capture the impact of university open source projects. The paper will demonstrate how standardized metrics will enable TTOs to make data-driven decisions about resource allocation, identify high-potential projects for targeted support, and effectively communicate open source value to university leadership and external stakeholders. It will also discuss pathways for adoption of the standards across the academic tech transfer community.

This Q&A panel will allow attendees the chance to engage in conversation with the paper presenters and to dive into some of the key questions behind the research they have presented as part of the Economic Impact of Open track.

The problem is well-known. Critical open source projects are often underfunded and maintained by a few volunteers. This creates fragility in our digital infrastructure, leading to security risks like Heartbleed and the XZ backdoor. Short-term grants and corporate budgets aren’t enough to solve the deep, systemic issue. This talk provides a case study of turning the idea of a permanent endowment for open source software into a real, functioning organization and funded endowment.

The solution is the Open Source Endowment (OSE), which uses the endowment model, common in universities, to create a permanent, stable source of funding. Donations build a principal fund, and we only spend the investment income on grants. This approach is designed for the long run. In the past year, the OSE has moved from concept to reality. It has been incorporated as a US nonprofit, set up our financial infrastructure, and started building a community of founding donors. The response has shown that there is a significant appetite for this kind of support.

This talk will share a practical look at our first year, covering the approach, the steps the founders took to get started, the challenges faced and learnings, and future considerations for providing sustainable OSS funding. The goal of the talk is to be transparent about what it takes to build a new funding institution for open source, showing that a systemic approach is both possible and effective.

Chronic under-investment in open source technologies creates systemic risks – exposing Europe to (amongst other things) cybersecurity threats, supply chain vulnerabilities, and strategic dependencies on non-European technology providers. To maintain, secure, and improve existing open source technologies to meet the EU’s public and industrial goals, it requires policymakers to understand the logics underpinning failures in investing in the maintenance of open source technologies as open digital infrastructure, prioritisng the use of public policy towards the unlocking of financial and nonfinancial resources that support the open source ecosystem.

This paper reveals deep pockets of political will and momentum for the establishment of an EU Sovereign Tech Fund (EU-STF). It draws on conversations with two dozen policymakers, technologists, and advocates, as well as extensive economic and legal analysis. The EU-STF is envisioned as a scaled-up, pan-European, and mission-driven initiative with a proposed budget of at least EUR €350 million over seven years to invest in maintenance, security, and improvement of key open source components, as well as help identify and map dependencies and invest in ecosystem strengthening activities. The EU-STF must embody some key principles: pooled financing, low bureaucracy, political independence, flexible funding, community focus, strategic alignment, and transparency. Two active budgetary scenarios are worth considering for the EU-STF: (1) a standalone and centralised fund, and (2) a hybrid/shared management structure leveraging established EU institutional frameworks like the EDIC that allow for co-financing).

This working paper examines how lessons from post-9/11 global trade security initiatives can inform current open source software supply chain security challenges. The authors argue that despite dealing with different domains—physical goods versus digital code—both face similar fundamental questions about managing risk in complex, multi-actor systems where trust is essential but vulnerable to exploitation. The ongoing research, funded by the Digital Infrastructure Insights Fund, analyzes successful trade security programs like C-TPAT and CSI, focusing on their incentive-based structures, public-private partnerships, and harmonized international standards, to develop actionable recommendations for software security policy. Rather than punitive regulatory approaches, the authors advocate for a framework that emphasizes positive incentives, investment in critical infrastructure, collaborative risk assessment tools, and international standards—moving beyond simple analogies like Software Bill of Materials to create trusted actor programs similar to those that succeeded in trade security

Open source projects are often measured by stars, forks, or downloads. While these metrics highlight popularity, they fail to capture whether a project’s community is sustainable, inclusive, or resilient. This paper introduces the CHAOSS DEI Project Badging initiative as a framework for evaluating open source sustainability through people-centered metrics. Project Badging focuses on four areas: Project Access, Newcomer Experience, Inclusive Leadership, and Communication Transparency. By rethinking sustainability through community health, we argue that open-source success should not only be about growth in numbers, but also about how contributors feel, stay, and thrive.

Context: The adoption of Open Source Software in Public Sector Organizations is on the rise, driven by benefits such as enhanced interoperability and transparency. However, PSOs encounter challenges stemming from limited technical capabilities and regulatory constraints in public procurement.

Objective: This study explores the organizational aspects of development in public sector OSS projects, i.e., projects initiated, developed, and governed by PSOs. We conjecture that the development diverges significantly from the commonly adopted bazaar model, wherein development is carried out collaboratively within a broader community.

Method: A purposefully sampled set of six public sector OSS projects was investigated using mixed-methods and compared with previously reported cases of bazaar OSS projects.

Results: Among the cases, we note that most (80%) of development efforts typically involve a small group of developers (<15) and rely on formalised processes. Developers are commonly procured from national and local service suppliers. Projects are planned top-down by involved PSOs with funding and contributions to development enabled through centralized or decentralized sponsorship. Projects with a centralized sponsorship have one or a few main PSOs funding the major part of the development. Decentralized sponsorship implies multiple PSOs being mutually dependent on each other to pool the necessary resources for the development. All OSS are reported as being of high quality despite limited size and contributions from their communities.

Conclusions: Findings suggest public sector OSS projects deviate from the typical bazaar model, highlighting the need for tailored approaches to address challenges and solutions specific to their context.

Open source software (OSS) underpins modern digital infrastructure globally, yet its contributor base is strikingly homogeneous. OSS is dominated by White men from Europe and North America, with only 10% women and an underrepresentation of Black, Hispanic, Indigenous, and multiracial contributors. Furthermore, while younger contributors continue to join OSS, OSS contributors are skewing older, as fewer and fewer younger developers choose to join and remain in OSS, and the percentage of maintainers under the age of 26 has dropped from 25% in 2021 to 10% in 2024. Younger developers aren’t advancing to maintainership roles, compounding concerns for the longevity of OSS, and thus for digital infrastructure writ large. Diversity is critical for effective OSS, yet non-diverse projects risk exclusionary outcomes, sustainability issues, and neglect of community health. The aging maintainer pool, coupled with a lack of diverse representation, threatens OSS sustainability. Understanding younger contributors is crucial—tracking their entry, engagement, and barriers to leadership could enhance diversity. In tackling these issues, this ongoing research seeks to develop a richer understanding of potential OSS newcomers, their concerns and experiences, and how their participation evolves over time, building on a survey study of undergraduate introductory programming students across the US. The paper discusses the implications of this research for OSS sustainability and diversity, for the distribution of OSS benefits amongst different groups, and for encouraging broader participation in online communities.

This Q&A panel will allow attendees the chance to engage in conversation with the paper presenters and to dive into some of the key questions behind the research they have presented as part of the Sustainability and Security track.

Closing remarks for the day will be provided by OpenForum Europe (OFE) and the team at FGV Rio. Participants will host a discussion with some special speakers and guests to help conclude the event.