The people behind OSPOs can bring strong potential and opportunities to strengthen the security of open source projects. The recent results from the new State of OSPO report find that 96% of organizations with an OSPO or similar open source initiatives use these entities to provide advice on security decisions and risk mitigation strategies.
People working at OSPOs usually act as the linchpin and point of contact where maintainers of open source projects can reach out and better identify project health issues. Questions arise, such as: How is the working environment of the community that sustains the open source projects critical to my organization? Are maintainers having issues dealing with all the feature requests and problems? Do they need help with infrastructure, funding, etc.?
This talk aims to shed light on different ways OSPOs and security teams can work together, not only from a project risk assessment perspective but also from a more human, relational network of people sustaining those projects.