This is the second, and final, blog post about United Nations Open Source Week, so if you didn’t read part 1, United Nations: OSPOs for Good Day, you might consider pausing and reading that post first, since it provides more context about the event and why the UN cares so much about open source software.

As part of the week’s activities, there were several side events on Friday, and I spent the day in the Digital Sovereignty and Resilience side event. This blog post has a short summary of the presentation, panels, and discussions, so these don’t necessarily represent my views and might contain factual errors. Speaker names and abstracts for each session can be found on the United Nations Open Source Week website on the side events tab.

The Digital Sovereignty and Resilience side event started by looking at ideas for building a sovereign digital workspace with short presentations about various open source workspace solutions. The French Interministerial Digital Directorate (DINUM) talked about how they have collected a set of tools (Le Suite) for their use and are also collaborating with Germany’s Zendis. There were also short presentations about specific projects that can make up a workspace solution: Matrix, Grist, and IREX (Institut du Retour d’EXperience). But it’s more than a set of tools, we need a better vision for how to build an open source digital workspace and integrate it across governments. It’s not about one tool to beat the others, but about working with companies and contributing within open source communities to help make sure that we have integrated solutions. This requires funding, especially when companies are involved. The UN is trying to coordinate across technologies to integrate solutions and improve collaboration, and they are also looking at potentially hosting some open source solutions – starting within the UN, but this is early days for this work, and we would need to expand it beyond internally within the UN to across countries. 

The next session was all about securing the supply chain through global collaboration, which is something we talk about all of the time within OSPOs and in the corporate world, but in light of the CRA, this is increasingly important for all of us. We need more collaboration across governments and other stakeholders (e.g., companies, organizations) to make sure that we can all work together to understand and improve the security of our open source software, and this is something that the UN might be able to help facilitate. We collaborate now, but it’s pretty ad hoc, and we need better public / private relationships / partnerships. We need more funding to be able to sustain these efforts beyond what groups like Alpha Omega and STF / STA are already funding for security initiatives to improve open source security. 

The folks from the Sovereign Tech Agency led a session called, Invisible Work, Critical Code – The Role of Maintainers in Open Source Digital Infrastructure where they talked about how open source is like a sewer, critical infrastructure that needs to be built and maintained over time. In the case of something like public water systems, railways, libraries, schools, and roads, these are usually maintained by governments paid for by our taxes. Digital infrastructure is fragile (obligatory XKCD), despite being the foundation of the digital economy, and governments should also be investing in critical and essential open source digital infrastructure in support of them as public goods. This was followed by a panel, which talked about how maintaining projects go way beyond just code and include things like conflict resolution, mentorship, communication, building community, and other invisible labor. Being inclusive of people with different needs helps level the power imbalances that we so often see in open source and in software in general. Being welcoming for the most vulnerable people creates spaces where people want to contribute and participate. Software is too important to be left to just developers. 

The final session in this Friday side event is Fostering Resiliency in the Digital Public Infrastructure (DPI). DPI is like a public library and needs to be resilient enough to endure over time and across administrations and economic conditions. We need to think about how we can ensure that the 100,000 components embedded in our software are safe and secure when many of these components aren’t actively maintained. This impacts us on a societal scale because these components are all part of our DPI. People need to be able to depend on DPI based on their use case to avoid societal harm. DPI and open source together allow us to recombine and reconfigure to use the software in ways that allow governments to better support their constituencies. Data integrity and trust are important for DPI across the many stakeholders involved in building and maintaining the software. Risk identification, risk understanding, and risk mitigation are steps toward building resilient DPI. Finally, there was an overview of ApeiroRA and the NeoNephos Foundation for next generation cloud infrastructures and services that strengthen digital sovereignty for Europe, but that could also be used by other regions. 

I really enjoyed the time I spent this week! The best part of the week were the conversations, and it was good to get out of my little open source bubble to talk to and better understand people who are working in contexts completely unlike my own. The UN did a great job of bringing people together from industry, government, not for profit organizations, and other groups from around the world with over 40 countries represented, including many from the global south. If we truly want to make open source software better serve the needs of our global communities, we need to collaborate across all of these groups, so a big thank you to the UN for bringing us all together!