Skip to main content

OpenChain and Friends – Stuttgart – 7th to 9th April 2025

By 2025-02-20April 3rd, 2025Featured, News

Registration is required for this free event /
kostenlose Veranstaltung, aber Registrierung ist erforderlich

OpenChain and The FOSS-LÄND Community Invite You To An Information Exchange

Want to get better at Open Source?

Open Source offers significant advantages for businesses, but effectively managing it with your developers, vendors, or within your software supply chain can be challenging. Whether you are new to the topic or a seasoned expert in open source management, we invite you to join us from April 7 to 9 in Stuttgart for a share and learn event. During this event, you will have the opportunity to:

  • Hear from industry peers as they share their open source processes and best practices.
  • Experience demonstrations from tool creators showcasing automated compliance solutions.
  • Participate in technical sessions focused on overcoming common challenges in the field.
  • Discover available support options from both the community and government resources.

OpenChain und The FOSS-LÄND Community laden zum Open Source Austausch ein

Wollen Sie die Open Source Reife Ihrer Organisation verbessern?

Open Source bietet allerhand Vorteile, aber ein effektives Open Source Management im Spannungsfeld zwischen Entwicklern, Zulieferern oder generell in der Software Lieferkette kann eine Herausforderung sein. Ob Sie nun neu in dem Thema sind oder schon langjährige Erfahrung haben, wir laden Sie vom 7. bis 9.April nach Stuttgart ein, um uns gegenseitig dazu auszutauschen und dazuzulernen. In unserem Event werden sich folgende Gelegenheiten bieten:

  • Einblick in Open Source Prozesse anderer Organisationen und deren Erfahrungsberichte
  • Überblick über frei verfügbare Open Source Automatisierungs-Tools zum korrekten Umgang mit Open Source inkl. Demonstrationen durch deren Entwickler
  • Ausblick auf mögliche Lösungsräume zu geläufigen Open Source Management Herausforderungen durch Teilnahme an technischen Austausch-Runden
  • Durchblick zu den vielfältigen Unterstützungs-Angeboten, die sich durch die Open Source Community im Allgemeinen und durch „The FOSS-LÄND“ für Baden-Württemberg im Besonderen ergeben.

Schedule and Locations / Ablauf und Veranstaltungsorte

Day 1 – 7th April 2025

13:00-19:00: Afternoon Meeting @ Venue 1

FORUM Haus der Architektinnen und Architekten (HdA)
(See “Venue and Travel” below for details)

19:00-21:00: Informal Socializing Event

Location: Venue 3
Restaurant AMADEUS
Charlottenplatz 17
70173 Stuttgart

Day 2 – 8th April 2025

08:00-16:45: Full-Day Meeting @ Venue 1

FORUM Haus der Architektinnen und Architekten (HdA)
(See “Venue and Travel” below for details)

Day 3 – 9th April 2025

08:00-16:45: Full-Day Meeting @ Venue 2

Bosch Digital | Lb079 (Halle 8)
(See “Venue and Travel” below for details)

Program / Programm

If you are having display issues with the program below, you can also find it on GitHub here.

Day 1

DayStart timeRoom 1 TopicRoom 1 SpeakersDayStart timeRoom 2 TopicRoom 2 Speakers
07 April 202512:30Doors open and registration 
07 April 202513:00Welcome and introductions
Thomas Steenbergen (TODO OSPO Ambassador)
Dennis Nebel (FOSS-LÄND)
07 April 202513:15Establishing trusted and consistent open source management across the supply chain with the OpenChain ISO standards​
Shane Coughlan (General Manager, OpenChain)
07 April 202513:45The FOSS-LÄND and TODO Group – helping you with Open Source
– ​What is FOSS-LÄND and how can it support your business with Open Source
– How to manage Open Source as a tool and opportunity for your business
– The different ways how German companies are colloborating to get better at Open Source 
Thomas Steenbergen (TODO OSPO Ambassador)
Dennis Nebel (FOSS-LÄND)
07 April 202514:30Meet the experts @ Collaboration Marketplace

– Table 1: AGL / OpenChain / OpenSSF / TODO
– Table 2: Tools (AboutCode+ScanCode/Apoaposis/Fosslogy/ORT/OSSelot) 
– Table 3: Eclipse / Good Governance Initiative
– Table 4: FOSS-LÄND / OSBA / OSADL / InformatikForum-Stuttgart
– Table 5: Software Heritage / OSSelot / Flutter Community DACH / OWASP / LF Energy / Yocto
Communities see below: Communities Collaborating
07 April 202515:00Break
07 April 202515:15SBOM management at Mercedes-Benz
Aoileann Nic Chraith (Mercedes-Benz)07 April 202515:15How upcoming EU cyberlegisation will impact open source usage and contributions – an interactive panel discussion

Sven Strittmatter (OWASP)
Dirk Targoni (Bosch) 
Further participants to be announced soon 
Moderated by Gael Blondelle (Eclipse Foundation)
07 April 202515:45The Business of Open Source: How PIONIX is Innovating EV Charging
Marco Möller (PIONIX GmbH)07 April 202515:45Taming the SBOM Chaos: Using AI Agents for Audit SBOMs for OSS Compliance
Oscar Valenzuela (Amazon)
07 April 202516:15Break
07 April 202516:30How other German companies are leveraging Open Source as a tool to achieve their goals – an interactive panel discussion

participants to be announced soon07 April 202516:30OWASP® – much more than just OWASP Top 10
Sven Strittmatter (OWASP)
07 April 202517:15Socialize or meet our experts @ Collaboration Marketplace

– Table 1: AGL / OpenChain / OpenSSF / TODO
– Table 2: Tools (AboutCode+ScanCode/Apoaposis/Fosslogy/ORT/OSSelot) 
– Table 3: Eclipse / Good Governance Initiative
– Table 4: FOSS-LÄND / OSBA / OSADL / InformatikForum-Stuttgart
– Table 5: Software Heritage / OSSelot / Flutter Community DACH / OWASP / LF Energy / Yocto
Communities see below: Communities Collaborating07 April 202517:15
Open Source as a strategic company task
Sebastian Wolf (SAP)
07 April 202518:00Wrap up Day 1

18:30 Joint walk to the restaurant

19:00 Socializing Event

Day 2

DayStart timeRoom 1 TopicRoom 1 SpeakersDayStart timeRoom 2 TopicRoom 2 Speakers
08 April 202507:30Doors open and registration 
08 April 202508:00Welcome and Introduction to Process Track
Marcel Kurzmann (Bosch)08 April 202508:00Welcome and Introduction to Tooling Track
Oliver Fendt (Siemens)
08 April 202508:15Workshop: Getting started with OpenChain and TODO to build your organization’s open source processes
Shane Coughlan (General Manager, OpenChain)
Thomas Steenbergen (TODO OSPO Ambassador)
08 April 202508:15Workshop – Part 1: Introduction to Fossology workshop
Workshop – Part 2: Introduction to OSSelot workshop
Oliver Fendt (Siemens)
Caren Kresse (OSADL)
08 April 202509:30Break

08 April 202510:00REUSE – Crystal-clear licensing declaration for all use-cases
Max Mehl (Deutsche Bahn / DB Systel)08 April 202510:00Workshop: Managing Open Source in your organization with OSS Review Toolkit (ORT) and Apoapsis
Thomas Steenbergen (TODO OSPO Ambassador)
Hanna Modica (Bosch)
Moderated by Kerstin Sonnenholzer (Bosch)
08 April 202510:30Workshop: open source management processes – collaborating on user stories
As a < WHO >, I want < WHAT > so that < WHY >
– How do you identify open source critical to your business?
– How to sustain the open source you rely on?
– How grow your business using Open Source?
Moderated by Lothar Becker (OSBA)08 April 202510:30Ask an Expert – Ask your open source tooling question to our panel of experts, such as
– How do you see AI impacting open source compliance processes?
– What are your predictions for this year for supply chain security or license compliance?
Tobias Glemser (OWASP)
Philippe Ombredanne(AboutCode+ScanCode)
Helio Chissini de Castro (Cariad)
Moderated by Thomas Steenbergen
08 April 202511:15Break
08 April 202511:30Software Heritage – What a graph can tell your supply-chain about your software
Thomas Aynaud (Software Heritage)08 April 202511:30Workshop:  Working on common understanding and architecture for open source compliance/security management using open source:
– What else do you need beyond the tools?
– What are the available interfaces to connect the tools to you existing development infrastructure?
– How can we discourage people from reinventing the wheel?
Moderated by Oliver Fendt (Siemens)
08 April 202512:15Lunch break and collaboration marketplace

08 April 202513:15Workshop: open source management processes – collaborating on combining open source compliance tools
As a < WHO >, I want connect < TOOL A > to < TOOL B > because < WHY >
– How do you find good practices (blueprints) that address your needs? 
– How to fit existing good practices in your development setup?
Moderated by Marcel Kurzmann (Bosch)08 April 202513:15AboutCode and ScanCode – Practical Compliance in One Stack – Licensing, Vulnerabilities, Code Matching, Scanning and More
Philippe Ombredanne (AboutCode+ScanCode)
08 April 202514:15Break
08 April 202514:30Why Flutter is Gaining Popularity in Software Development and the Automotive Industry
Dhansha Bai Lakhwani (Flutter DACH Community)08 April 202514:30Workshop: Update Tooling list of Open Source Tools
– How to deal with good Open Source tools but weak documentation? – How to earn merits with non-code-contributions?
– Why do you have more transparency about the health state of Open Source Tools?
– How to get or provide commercial support for Open Source Compliance Tools? 
Moderated by Nikola Babadzhanov (Bosch)
08 April 202515:00Building open source management and SBOM process for embedded software – learn from Yocto ProjectJosef Holzmayr (Yocto Project)08 April 202515:00
08 April 202515:30Break
08 April 202515:45Ask an Expert – Ask your open source process question to panel of our experts
Christian Wege (Mercedes)
Caren Kresse (OSADL)
Benjamin Petri (Bosch) 
Nicole Pappler (AlektoMetis)
Moderated by Thomas Steenbergen
08 April 202515:45From Complexity to Clarity: Understanding your Software Product Health
Jan-Niclas Strüwer (Fraunhofer IEM)
08 April 202516:15Wrap Up of Day 2
Marcel Kurzmann

Day 3

Community-led Unconference / Hackathon​

DayStart timeRoom 1 TopicRoom 1 SpeakersDayStart timeRoom 2 TopicRoom 2 Speakers
09 April 202508:30Doors open and registration
09 April 202508:30Doors open and registration
09 April 202509:00ORT Community Day 
Welcome words and participants poll

Nikola Babadzhanov
Thomas Steenbergen
09 April 202509:00
09 April 202509:30Fireside chat with ORT TSC

Informal interview / Q&A session with the ORT technical steering committee
Marcel Bochtler
Martin Nonnenmacher
Thomas Steenbergen 
Moderated by Nikola Babadzhanov
09 April 202509:30Unconference / hackathon on open source management process and tooling
09 April 202510:00Eclipse Apoapsis – progress report on ORT Server
Martin Nonnenmacher09 April 202510:00
09 April 202510:30Break
09 April 202510:30
09 April 202510:45
How we are doing compliance at CARIAD with ORT
Helio Chissini de Castro (Cariad)09 April 202510:45
09 April 202511:30Project OCCTET.eu – the why, what and how
Andreas Kotulla

Martin von Willebrand
09 April 202511:30
09 April 202512:15Lunch Break
09 April 202512:15
09 April 202513:15First Steps With ORT: An EEF Experience
Kiko Fernández (Ericsson, Online talk)09 April 202513:15
09 April 202514:00Roundtable on ORT roadmap -where and how can we work together on shared desired features
Example topics:
– Support SBOMs as input to ORT
– Refactor SPDX reporter to use SPDX official library
Moderated by Nikola Babadzhanov & Thomas Steenbergen09 April 202514:00
09 April 202514:45Community lightning talks09 April 202514:45
09 April 202515:15Break
09 April 202515:15
09 April 202515:30Workshop / roundable breakouts based on participants voted topics
09 April 202515:30
09 April 202516:45Workshop recap & closing words
Nikola Babadzhanov 
Thomas Steenbergen
09 April 202516:45

Please provide and discuss the topics for the Unconference / Hackathon on the Tooling Group mailing list: https://groups.io/g/oss-based-compliance-tooling

Venue and Travel

Venue 1 – Forum Haus der Architekten

Forum Haus der Architektinnen und Architekten

FORUM Haus der Architektinnen und Architekten (HdA)
Danneckerstraße 54
70182 Stuttgart, Germany
https://www.akbw.de/kontakt/anfahrt

Distance to the airport: 12 kilometers / Public Transport 35-45 Minutes

Venue 2 – Bosch Digital | Lb079 (Halle 8)

Bosch Digital | Lb079 (Halle 8) 
Groenerstraße 5/1, 71636 
Ludwigsburg, Germany

Please use the standard entrance.

Distance to the airport: 40 kilometers / Public Transport 1 Hour 10 Minutes

Venue 3 – Restaurant AMADEUS Altes Waisenhaus

Restaurant AMADEUS
Charlottenplatz 17
70173 Stuttgart
https://www.amadeus-stuttgart.de/anfahrt/

Example Lodging Options in Stuttgart

We do not have contracted rooms at these properties and cannot guarantee rates or availability.

Hotel Motel One Stuttgart-Mitte

Close to the Stuttgart Main Station
Distance to venue 1: 2 kilometers / 26 Minutes Walk / Public Transport 16 Minutes 5 Stopps
Distance to venue 2: 16 kilometers / Public Transport 35 Minutes via S-Bahn
Lautenschlagerstraße 14, 70173 Stuttgart
+49 711 300209-0

Hotel Unger Stuttgart

Close to the Stuttgart Main Station
Distance to venue 1: 2,1 kilometers / 28 Minutes Walk / Public Transport 16 Minutes 5 Stopps
Distance to venue 2: 16 kilometers / Public Transport 35 Minutes via S-Bahn
Kronenstr. 17, 70173 Stuttgart
+49 711 20990

Connections to Essen for the FSFE Legal Workshop

For participants attending the FSFE Legal Workshop in Essen from the 9th of April, we will end Day 2 of our event at 16:45 on the 8th of April. This will allow for easy train connections to Essen. Here is a link to the train connections from Venue 1 to Essen via Stuttgart Main Station.

Q&A

  • Who is the target audience of this event?​
    • Software developers, security professionals and OSPO representatives​
  • What the event location?​
    • Day 1& 2 – Haus der Architekten in Stuttgart, Day 3 – Urban Harbor Ludwigsburg​
  • What is the content about?
  • Can I already express my interest to join the event?​
  • Do I need to purchase a ticket?​
    • No, this is a free event but you are required to register for a ticket​
  • Is this a Linux Foundation event?​
    • This is a community event co-hosted by the Linux Foundation’s OpenChain Project, and it will adhere to the Linux Foundation’s policies and code of conduct​
  • Is the event language english?​ / Ist die Veranstaltungssprache englisch?
    • Yes, as we will have international participants, we plan to have english as event language, but for specific sessions we can also discuss to provide it in german (e.g. for people new to the topic) / Ja, wir haben internationale Teilnehmer, daher planen wir mit Englisch als Veranstaltungssprache. Aber wir können uns auch vorstellen bei entsprechendem Bedarf spezifische Themen (z.B. Themen für regionale Teilnehmer, die im Thema neu sind) auch in Deutsch / Schwäbisch 😉 zu machen.
  • Target group is also SME / KMU – is this acc. to KMU 2003/361 with < 250 employees?
    • Concerning the event we would welcome also bigger companies but want to explicitly support the small and medium businesses with the content. Only the concrete The FOSS-LÄND offerings (e.g. vouchers/Beratungsgutschein etc.) are explicitly for SME / KMU in the region, see details in german only: https://www.transformationswissen-bw.de/beratung/beratungsgutschein
  • CRA and NIS2 would be expected as topics & Will the new Software Product Liability Act be a topic?
    • We are currently collecting proposals from all sides (see question about content above with link to the topic backlog). The general questions about What and Why will be addressed in the opening presentation. You can also join the mailing list to pre-discuss the contents for the workshops/round-tables: https://groups.io/g/oss-based-compliance-tooling
  • Is this event limited to the automotive supply chain only?
    • Via OpenChain we are open to more interested parties along other supply chains but want to explicitly support the small and medium businesses in the automotive supply chain (The FOSS-LÄND target group) in the region with the content. If there is bigger interest we can think about a follow-up in an extended setup., please feedback on the mailing-list https://groups.io/g/oss-based-compliance-tooling
  • Is the Process Stream focussed on Software Development Processes?
    • While the process stream was originally meant for OSPO and Open Source Management Processes in the supply chain, the Software Development Process perspective may become relevant for the mapping of blueprints around tooling and the automated handling of non-functional requirements.
  • Will there also be a “Community Stream” e.g. how to collaborate in communities, how to get your OSS project big?
    • There will be two sections in the target groups: A) new to the topic/management and B) advanced/experts => for the second section such a “Community Stream” could be covered e.g. by TODO Group and Good Governance Initiative contributions. Contributions are welcome, see “content question” above with the link to the topic-backlog.

Communities collaborating

CommunityHomepage
AboutCode+ScanCodehttps://www.aboutcode.org
AGL Automotive Grade Linux – OSPO Expert Grouphttps://lf-automotivelinux.atlassian.net/wiki/spaces/OSPO
DoubleOpenhttps://www.doubleopen.org
Eclipse Apoapsishttps://eclipse-apoapsis.github.io/ort-server/
Eclipse SDVhttps://sdv.eclipse.org/
Flutter DACH Communityhttps://www.meetup.com/de-DE/flutter-dach/
The FOSS-LÄNDhttps://www.e-mobilbw.de/automotive-software
Fossologyhttps://www.fossology.org/
InformatikForum Stuttgarthttps://www.informatik-forum.org/
JAVA User Group Stuttgarthttps://www.jugs.org/
LF Energyhttps://lfenergy.org/
OpenChainhttps://openchainproject.org/
OpenChain Open Source Tooling Grouphttps://oss-compliance-tooling.org/
OSADLhttps://osadl.org/
Open Source Business Alliance OSBAhttps://osb-alliance.de/
OSSelothttps://www.osselot.org/
OSS Review Toolkithttps://oss-review-toolkit.org/ort/
OWASPhttps://owasp.org/
ScanOSShttps://github.com/scanoss
Software Heritagehttps://www.softwareheritage.org/
Software Transparency Foundationhttps://www.softwaretransparency.org/
Yocto Projecthttps://www.yoctoproject.org/