“The headlines about log4j were only a few weeks ago and have triggered an intensive discussion about the security of open source software, but also about software supply chains in general. For in addition to the criticality of individual programme libraries and modules, it is becoming clear that critical dependencies can put entire software stacks and software supply chains at risk. This was recently joined by a (renewed) debate about the funding of critical open source packages, which was triggered by the developer of the open source projects Colors.js and Faker.js [1].

At the same time, open source has arrived in the German economy. This is clearly demonstrated by the figures of the Bitkom Open Source Monitor 2021. The deployment and use of open source is part of the daily business for many companies and organisations. This raises numerous questions about the fundamental but above all the secure use of open source software.

The 8th Bitkom Forum Open Source (#bfoss22) will address various aspects of the security of and with open source and offer a stage for impulses, ideas, and initiatives. Because the successful deployment and use of open source software requires trust and competence: Open Source. But secure!”