06.09.2025 –, Workshop-Ecke
Sprache: English
As the world relies more and more on Free and Open Source Software components, they are increasingly targeted by security attacks. Since the xz Utils case, social engineering attacks, such as how to deal with them and how to prevent them, have increasingly received attention.
For a report by the Prototype Fund, we are currently looking at the topic of trust in the context of social engineering threats in open source projects. The Prototype Fund is the first low-threshold funding program for free developers in Germany. We fund innovative, community-driven Free and Open Source Software. In this workshop we would like to facilitate a conversation and learn from you and your experience as project maintainers, contributors or observers of the free and open source space.
We will very briefly introduce our observations around the topic of the emerging attack pattern and touch upon practices, frameworks, and regulations that are being developed by different actors in the field. Following this, we will open an exchange with three questions:
1. How suitable are formalised approaches to prevent such attacks for you?
2. What possibly informal approaches exist in your projects?
3. From your perspective: What new solutions and support are needed to tackle the challenge of social engineering attacks in practice?
The purpose of the session is to encourage an exchange about counter actions amongst the participants and gain insights to inform funders and other organisations supporting FOSS, including ourselves, on how to better support funded projects in order to prevent social engineering attacks.
We welcome contributions in English and German.
Judith Fassbender is a researcher in the field of public interest technologies at the Alexander von Humboldt Institute for Internet and Society and at the School of Computer Science at the University of St Andrews. Currently she is working as a researcher for the Prototype Fund at the Open Knowledge Foundation in Berlin.