Ben Cotton is a meteorologist by training, but weather makes a great hobby. Ben works as the open source community lead at Kusari and is a contributor to OpenSSF projects like GUAC and OSPS Baseline. Previously, he was Fedora Program Manager at Red Hat and has worked at Docker, Microsoft, and Purdue University. He is an Open Organization Ambassador and author of Program Management for Open Source Projects.

Presentations

23x

You'd better start believing in supply chains because you're in one

“I’m not a supplier!” open source maintainers correctly say. When a large company comes in making unfunded demands, it drives volunteer maintainers away. But supply chain attacks are a reality and they don’t just affect megacorps. As an open source maintainer, you have a supply chain, too.

Improving your security improves safety for everyone. But how can volunteer maintainers who aren’t security experts do this work? This talk introduces easy practices and tools to address common software supply chain concerns. Attendees will also learn how to address supply chain and regulatory concerns from their downstreams.

See Presentation
19x

Your bug tracker and you

Bug trackers are the cornerstone of a vibrant open source community, so of course you have one. But are you tracking what’s important? Are you gardening the bugs to keep them up-to-date? What do your project’s bug reports tell you about the health of your community?

This talk will cover the program management side of bug tracking: what to track, how to triage, and what you can—and can’t—learn from the bugs.

See Presentation