Online / 5 & 6 February 2022


OST2: A new way to grow security talent for open source projects

Open Security Training 2

In this talk, we'll describe how OpenSecurityTraining2 (OST2) can help grow security talent and awareness on open source projects, and we'll use the coreboot open source firmware as a case study.

Newly structured as a 501c3 non-profit, OST2's core goal is to provide free and open training that helps increase system security. This can take multiple forms, such as training dedicated security engineers, training developers to write more secure code, training potential contributors to security-focused projects, or training engineers on safer alternatives to technologies they're already using. In this talk we'll describe current and future examples of all the previous use cases, and drill deeper into a case study of how 3mbdeb, a licensed service provider for the coreboot open source firmware project, is contributing to OST2 to advance the state of open source firmware security.


Piotr Król
Xeno Kovah