Registration is required for this free event /
kostenlose Veranstaltung, aber Registrierung ist erforderlich
OpenChain and The FOSS-LÄND Community Invite You To An Information Exchange
Want to get better at Open Source?
Open Source offers significant advantages for businesses, but effectively managing it with your developers, vendors, or within your software supply chain can be challenging. Whether you are new to the topic or a seasoned expert in open source management, we invite you to join us from April 7 to 9 in Stuttgart for a share and learn event. During this event, you will have the opportunity to:
- Hear from industry peers as they share their open source processes and best practices.
- Experience demonstrations from tool creators showcasing automated compliance solutions.
- Participate in technical sessions focused on overcoming common challenges in the field.
- Discover available support options from both the community and government resources.
OpenChain und The FOSS-LÄND Community laden zum Open Source Austausch ein
Wollen Sie die Open Source Reife Ihrer Organisation verbessern?
Open Source bietet allerhand Vorteile, aber ein effektives Open Source Management im Spannungsfeld zwischen Entwicklern, Zulieferern oder generell in der Software Lieferkette kann eine Herausforderung sein. Ob Sie nun neu in dem Thema sind oder schon langjährige Erfahrung haben, wir laden Sie vom 7. bis 9.April nach Stuttgart ein, um uns gegenseitig dazu auszutauschen und dazuzulernen. In unserem Event werden sich folgende Gelegenheiten bieten:
- Einblick in Open Source Prozesse anderer Organisationen und deren Erfahrungsberichte
- Überblick über frei verfügbare Open Source Automatisierungs-Tools zum korrekten Umgang mit Open Source inkl. Demonstrationen durch deren Entwickler
- Ausblick auf mögliche Lösungsräume zu geläufigen Open Source Management Herausforderungen durch Teilnahme an technischen Austausch-Runden
- Durchblick zu den vielfältigen Unterstützungs-Angeboten, die sich durch die Open Source Community im Allgemeinen und durch „The FOSS-LÄND“ für Baden-Württemberg im Besonderen ergeben.
Schedule and Locations / Ablauf und Veranstaltungsorte
Day 1 – 7th April 2025
13:00-19:00: Afternoon Meeting @ Venue 1
FORUM Haus der Architektinnen und Architekten (HdA)
(See “Venue and Travel” below for details)
19:00-21:00: Informal Socializing Event
Location: Venue 3
Restaurant AMADEUS
Charlottenplatz 17
70173 Stuttgart
Day 2 – 8th April 2025
08:00-16:45: Full-Day Meeting @ Venue 1
FORUM Haus der Architektinnen und Architekten (HdA)
(See “Venue and Travel” below for details)
Day 3 – 9th April 2025
08:00-16:45: Full-Day Meeting @ Venue 2
Bosch Digital | Lb079 (Halle 8)
(See “Venue and Travel” below for details)
Program / Programm
If you are having display issues with the program below, you can also find it on GitHub here.
Day 1
| Day | Start time | Room 1 Topic | Room 1 Speakers | Day | Start time | Room 2 Topic | Room 2 Speakers | |
|---|---|---|---|---|---|---|---|---|
| 07 April 2025 | 12:30 | Doors open and registration | ||||||
| 07 April 2025 | 13:00 | Welcome and introductions | Thomas Steenbergen (TODO OSPO Ambassador) Dennis Nebel (FOSS-LÄND) | |||||
| 07 April 2025 | 13:15 | Establishing trusted and consistent open source management across the supply chain with the OpenChain ISO standards | Shane Coughlan (General Manager, OpenChain) | |||||
| 07 April 2025 | 13:45 | The FOSS-LÄND and TODO Group – helping you with Open Source – What is FOSS-LÄND and how can it support your business with Open Source – How to manage Open Source as a tool and opportunity for your business – The different ways how German companies are colloborating to get better at Open Source | Thomas Steenbergen (TODO OSPO Ambassador) Dennis Nebel (FOSS-LÄND) | |||||
| 07 April 2025 | 14:30 | Meet the experts @ Collaboration Marketplace – Table 1: AGL / OpenChain / OpenSSF / TODO – Table 2: Tools (AboutCode+ScanCode/Apoaposis/Fosslogy/ORT/OSSelot) – Table 3: Eclipse / Good Governance Initiative – Table 4: FOSS-LÄND / OSBA / OSADL / InformatikForum-Stuttgart – Table 5: Software Heritage / OSSelot / Flutter Community DACH / OWASP / LF Energy / Yocto | Communities see below: Communities Collaborating | |||||
| 07 April 2025 | 15:00 | Break | ||||||
| 07 April 2025 | 15:15 | SBOM management at Mercedes-Benz | Aoileann Nic Chraith (Mercedes-Benz) | 07 April 2025 | 15:15 | How upcoming EU cyberlegisation will impact open source usage and contributions – an interactive panel discussion | Sven Strittmatter (OWASP) Dirk Targoni (Bosch) Further participants to be announced soon Moderated by Gael Blondelle (Eclipse Foundation) | |
| 07 April 2025 | 15:45 | The Business of Open Source: How PIONIX is Innovating EV Charging | Marco Möller (PIONIX GmbH) | 07 April 2025 | 15:45 | Taming the SBOM Chaos: Using AI Agents for Audit SBOMs for OSS Compliance | Oscar Valenzuela (Amazon) | |
| 07 April 2025 | 16:15 | Break | ||||||
| 07 April 2025 | 16:30 | How other German companies are leveraging Open Source as a tool to achieve their goals – an interactive panel discussion | participants to be announced soon | 07 April 2025 | 16:30 | OWASP® – much more than just OWASP Top 10 | Sven Strittmatter (OWASP) | |
| 07 April 2025 | 17:15 | Socialize or meet our experts @ Collaboration Marketplace – Table 1: AGL / OpenChain / OpenSSF / TODO – Table 2: Tools (AboutCode+ScanCode/Apoaposis/Fosslogy/ORT/OSSelot) – Table 3: Eclipse / Good Governance Initiative – Table 4: FOSS-LÄND / OSBA / OSADL / InformatikForum-Stuttgart – Table 5: Software Heritage / OSSelot / Flutter Community DACH / OWASP / LF Energy / Yocto | Communities see below: Communities Collaborating | 07 April 2025 | 17:15 | Open Source as a strategic company task | Sebastian Wolf (SAP) | |
| 07 April 2025 | 18:00 | Wrap up Day 1 |
18:30 Joint walk to the restaurant
19:00 Socializing Event
Day 2
| Day | Start time | Room 1 Topic | Room 1 Speakers | Day | Start time | Room 2 Topic | Room 2 Speakers | |
|---|---|---|---|---|---|---|---|---|
| 08 April 2025 | 07:30 | Doors open and registration | ||||||
| 08 April 2025 | 08:00 | Welcome and Introduction to Process Track | Marcel Kurzmann (Bosch) | 08 April 2025 | 08:00 | Welcome and Introduction to Tooling Track | Oliver Fendt (Siemens) | |
| 08 April 2025 | 08:15 | Workshop: Getting started with OpenChain and TODO to build your organization’s open source processes | Shane Coughlan (General Manager, OpenChain) Thomas Steenbergen (TODO OSPO Ambassador) | 08 April 2025 | 08:15 | Workshop – Part 1: Introduction to Fossology workshop Workshop – Part 2: Introduction to OSSelot workshop | Oliver Fendt (Siemens) Caren Kresse (OSADL) | |
| 08 April 2025 | 09:30 | Break | ||||||
| 08 April 2025 | 10:00 | REUSE – Crystal-clear licensing declaration for all use-cases | Max Mehl (Deutsche Bahn / DB Systel) | 08 April 2025 | 10:00 | Workshop: Managing Open Source in your organization with OSS Review Toolkit (ORT) and Apoapsis | Thomas Steenbergen (TODO OSPO Ambassador) Hanna Modica (Bosch) Moderated by Kerstin Sonnenholzer (Bosch) | |
| 08 April 2025 | 10:30 | Workshop: open source management processes – collaborating on user stories As a < WHO >, I want < WHAT > so that < WHY > – How do you identify open source critical to your business? – How to sustain the open source you rely on? – How grow your business using Open Source? | Moderated by Lothar Becker (OSBA) | 08 April 2025 | 10:30 | Ask an Expert – Ask your open source tooling question to our panel of experts, such as – How do you see AI impacting open source compliance processes? – What are your predictions for this year for supply chain security or license compliance? | Tobias Glemser (OWASP) Philippe Ombredanne(AboutCode+ScanCode) Helio Chissini de Castro (Cariad) Moderated by Thomas Steenbergen | |
| 08 April 2025 | 11:15 | Break | ||||||
| 08 April 2025 | 11:30 | Software Heritage – What a graph can tell your supply-chain about your software | Thomas Aynaud (Software Heritage) | 08 April 2025 | 11:30 | Workshop: Working on common understanding and architecture for open source compliance/security management using open source: – What else do you need beyond the tools? – What are the available interfaces to connect the tools to you existing development infrastructure? – How can we discourage people from reinventing the wheel? | Moderated by Oliver Fendt (Siemens) | |
| 08 April 2025 | 12:15 | Lunch break and collaboration marketplace | ||||||
| 08 April 2025 | 13:15 | Workshop: open source management processes – collaborating on combining open source compliance tools As a < WHO >, I want connect < TOOL A > to < TOOL B > because < WHY > – How do you find good practices (blueprints) that address your needs? – How to fit existing good practices in your development setup? | Moderated by Marcel Kurzmann (Bosch) | 08 April 2025 | 13:15 | AboutCode and ScanCode – Practical Compliance in One Stack – Licensing, Vulnerabilities, Code Matching, Scanning and More | Philippe Ombredanne (AboutCode+ScanCode) | |
| 08 April 2025 | 14:15 | Break | ||||||
| 08 April 2025 | 14:30 | Why Flutter is Gaining Popularity in Software Development and the Automotive Industry | Dhansha Bai Lakhwani (Flutter DACH Community) | 08 April 2025 | 14:30 | Workshop: Update Tooling list of Open Source Tools – How to deal with good Open Source tools but weak documentation? – How to earn merits with non-code-contributions? – Why do you have more transparency about the health state of Open Source Tools? – How to get or provide commercial support for Open Source Compliance Tools? | Moderated by Nikola Babadzhanov (Bosch) | |
| 08 April 2025 | 15:00 | Building open source management and SBOM process for embedded software – learn from Yocto Project | Josef Holzmayr (Yocto Project) | 08 April 2025 | 15:00 | |||
| 08 April 2025 | 15:30 | Break | ||||||
| 08 April 2025 | 15:45 | Ask an Expert – Ask your open source process question to panel of our experts | Christian Wege (Mercedes) Caren Kresse (OSADL) Benjamin Petri (Bosch) Nicole Pappler (AlektoMetis) Moderated by Thomas Steenbergen | 08 April 2025 | 15:45 | From Complexity to Clarity: Understanding your Software Product Health | Jan-Niclas Strüwer (Fraunhofer IEM) | |
| 08 April 2025 | 16:15 | Wrap Up of Day 2 | Marcel Kurzmann |
Day 3
Community-led Unconference / Hackathon
| Day | Start time | Room 1 Topic | Room 1 Speakers | Day | Start time | Room 2 Topic | Room 2 Speakers | |
|---|---|---|---|---|---|---|---|---|
| 09 April 2025 | 08:30 | Doors open and registration | 09 April 2025 | 08:30 | Doors open and registration | |||
| 09 April 2025 | 09:00 | ORT Community Day Welcome words and participants poll | Nikola Babadzhanov Thomas Steenbergen | 09 April 2025 | 09:00 | |||
| 09 April 2025 | 09:30 | Fireside chat with ORT TSC Informal interview / Q&A session with the ORT technical steering committee | Marcel Bochtler Martin Nonnenmacher Thomas Steenbergen Moderated by Nikola Babadzhanov | 09 April 2025 | 09:30 | Unconference / hackathon on open source management process and tooling | ||
| 09 April 2025 | 10:00 | Eclipse Apoapsis – progress report on ORT Server | Martin Nonnenmacher | 09 April 2025 | 10:00 | |||
| 09 April 2025 | 10:30 | Break | 09 April 2025 | 10:30 | ||||
| 09 April 2025 | 10:45 | How we are doing compliance at CARIAD with ORT | Helio Chissini de Castro (Cariad) | 09 April 2025 | 10:45 | |||
| 09 April 2025 | 11:30 | Project OCCTET.eu – the why, what and how | Andreas Kotulla Martin von Willebrand | 09 April 2025 | 11:30 | |||
| 09 April 2025 | 12:15 | Lunch Break | 09 April 2025 | 12:15 | ||||
| 09 April 2025 | 13:15 | First Steps With ORT: An EEF Experience | Kiko Fernández (Ericsson, Online talk) | 09 April 2025 | 13:15 | |||
| 09 April 2025 | 14:00 | Roundtable on ORT roadmap -where and how can we work together on shared desired features Example topics: – Support SBOMs as input to ORT – Refactor SPDX reporter to use SPDX official library | Moderated by Nikola Babadzhanov & Thomas Steenbergen | 09 April 2025 | 14:00 | |||
| 09 April 2025 | 14:45 | Community lightning talks | 09 April 2025 | 14:45 | ||||
| 09 April 2025 | 15:15 | Break | 09 April 2025 | 15:15 | ||||
| 09 April 2025 | 15:30 | Workshop / roundable breakouts based on participants voted topics | 09 April 2025 | 15:30 | ||||
| 09 April 2025 | 16:45 | Workshop recap & closing words | Nikola Babadzhanov Thomas Steenbergen | 09 April 2025 | 16:45 |
Please provide and discuss the topics for the Unconference / Hackathon on the Tooling Group mailing list: https://groups.io/g/oss-based-compliance-tooling
Venue and Travel
Venue 1 – Forum Haus der Architekten
FORUM Haus der Architektinnen und Architekten (HdA)
Danneckerstraße 54
70182 Stuttgart, Germany
https://www.akbw.de/kontakt/anfahrt
Distance to the airport: 12 kilometers / Public Transport 35-45 Minutes
Venue 2 – Bosch Digital | Lb079 (Halle 8)
Bosch Digital | Lb079 (Halle 8)
Groenerstraße 5/1, 71636
Ludwigsburg, Germany
Please use the standard entrance.
Distance to the airport: 40 kilometers / Public Transport 1 Hour 10 Minutes
Venue 3 – Restaurant AMADEUS Altes Waisenhaus
Restaurant AMADEUS
Charlottenplatz 17
70173 Stuttgart
https://www.amadeus-stuttgart.de/anfahrt/
Example Lodging Options in Stuttgart
We do not have contracted rooms at these properties and cannot guarantee rates or availability.
Hotel Motel One Stuttgart-Mitte
Close to the Stuttgart Main Station
Distance to venue 1: 2 kilometers / 26 Minutes Walk / Public Transport 16 Minutes 5 Stopps
Distance to venue 2: 16 kilometers / Public Transport 35 Minutes via S-Bahn
Lautenschlagerstraße 14, 70173 Stuttgart
+49 711 300209-0
Hotel Unger Stuttgart
Close to the Stuttgart Main Station
Distance to venue 1: 2,1 kilometers / 28 Minutes Walk / Public Transport 16 Minutes 5 Stopps
Distance to venue 2: 16 kilometers / Public Transport 35 Minutes via S-Bahn
Kronenstr. 17, 70173 Stuttgart
+49 711 20990
Connections to Essen for the FSFE Legal Workshop
For participants attending the FSFE Legal Workshop in Essen from the 9th of April, we will end Day 2 of our event at 16:45 on the 8th of April. This will allow for easy train connections to Essen. Here is a link to the train connections from Venue 1 to Essen via Stuttgart Main Station.
Q&A
- Who is the target audience of this event?
- Software developers, security professionals and OSPO representatives
- What the event location?
- Day 1& 2 – Haus der Architekten in Stuttgart, Day 3 – Urban Harbor Ludwigsburg
- What is the content about?
- We will have presentations from community representatives and workshops all around Software Management in the Software Supply Chain. The event meant to be interactive and the concrete program will be developed and updated incrementally on this page until the event. The topic backlog is https://github.com/Open-Source-Compliance/Sharing-creates-value/blob/openchain_and_friends_2025_topic_backlog/Events/OpenChainAndFriends/Topic_backlog.md. Contributions are welcome.
- Can I already express my interest to join the event?
- Yes, the registration page is here: Register here / Hier registrieren
- Do I need to purchase a ticket?
- No, this is a free event but you are required to register for a ticket
- Is this a Linux Foundation event?
- This is a community event co-hosted by the Linux Foundation’s OpenChain Project, and it will adhere to the Linux Foundation’s policies and code of conduct
- Is the event language english? / Ist die Veranstaltungssprache englisch?
- Yes, as we will have international participants, we plan to have english as event language, but for specific sessions we can also discuss to provide it in german (e.g. for people new to the topic) / Ja, wir haben internationale Teilnehmer, daher planen wir mit Englisch als Veranstaltungssprache. Aber wir können uns auch vorstellen bei entsprechendem Bedarf spezifische Themen (z.B. Themen für regionale Teilnehmer, die im Thema neu sind) auch in Deutsch / Schwäbisch 😉 zu machen.
- Target group is also SME / KMU – is this acc. to KMU 2003/361 with < 250 employees?
- Concerning the event we would welcome also bigger companies but want to explicitly support the small and medium businesses with the content. Only the concrete The FOSS-LÄND offerings (e.g. vouchers/Beratungsgutschein etc.) are explicitly for SME / KMU in the region, see details in german only: https://www.transformationswissen-bw.de/beratung/beratungsgutschein
- CRA and NIS2 would be expected as topics & Will the new Software Product Liability Act be a topic?
- We are currently collecting proposals from all sides (see question about content above with link to the topic backlog). The general questions about What and Why will be addressed in the opening presentation. You can also join the mailing list to pre-discuss the contents for the workshops/round-tables: https://groups.io/g/oss-based-compliance-tooling
- Is this event limited to the automotive supply chain only?
- Via OpenChain we are open to more interested parties along other supply chains but want to explicitly support the small and medium businesses in the automotive supply chain (The FOSS-LÄND target group) in the region with the content. If there is bigger interest we can think about a follow-up in an extended setup., please feedback on the mailing-list https://groups.io/g/oss-based-compliance-tooling
- Is the Process Stream focussed on Software Development Processes?
- While the process stream was originally meant for OSPO and Open Source Management Processes in the supply chain, the Software Development Process perspective may become relevant for the mapping of blueprints around tooling and the automated handling of non-functional requirements.
- Will there also be a “Community Stream” e.g. how to collaborate in communities, how to get your OSS project big?
- There will be two sections in the target groups: A) new to the topic/management and B) advanced/experts => for the second section such a “Community Stream” could be covered e.g. by TODO Group and Good Governance Initiative contributions. Contributions are welcome, see “content question” above with the link to the topic-backlog.
