Open Source Workshops for Computing & Sustainability
- Date: 2 December 2022
- Location: At Albert Borschette Congress Center (CCAB), Brussels
- Organised: By the European Commission in collaboration with the SWForum.eu Coordination and Support Action
9:15-9:25 Welcome and opening session
- Pearse O'Donohue, Director CNECT.DDG1.E - Future Networks
- Natalia Aristimuño Pérez, Director of Digital Services, DIGIT.D, European Commission
9:25-10:00 Keynote speeches
- John Davis (BSC - Barcelona Supercomputing Centre)
- Maria Dalhage (DIGG - Swedish Agency for Digital Government)
10:00-11:30 Parallel Workshop Session 1
Workshop 1.1 Open Source Processors for the Cloud Continuum
In the last 20 years, Open Source has become pervasive in all the ICT industry. Open Source Software needs to be considered while designing the business strategy of any company in the ICT sector. On the other hand, Open Source hardware is in terms of adoption in a similar position as OSS was a decade ago.
The success of OSS has come with the availability of a flexible open stack from the kernel to the application level. This stack ensures digital autonomy for the EU in the layers it covers. The extension of the stack below the kernel in the HTC sector would extend the digital autonomy to layers where Europe is not independent today. This session will deal with the threats and opportunities associated with the aforementioned extension to the processor level, as well as with the strengths Europe can count on and the weaknesses that need to be overcome.
Workshop 1.2 The role of OSS in Artificial Intelligence enabled systems: Speeding the AI adoption through OSS
AI has acquired a strategic stature within the vision of the European Commission, and a multi-pronged set of objectives is evolving based upon not only technological considerations but also policy-oriented considerations such as ethical issues in AI. OSS has the potential to make significant contributions to each of these objectives. Technologically, much of current AI research, and especially the sub-discipline of Machine Learning (ML), makes use of large, mature open-source components (TensorFlow, etc.). ML also makes heavy use of large datasets for training of the neural networks, and here the principles of Open Data can promote the widespread availability of datasets in all sectors of ML application, ranging from language processing to machine vision. Other challenges to be explored for the potential contribution of open approaches personified by OSS are Explainability/Transparency of ML reasoning (especially in critical applications) and Ethics, such as various forms of bias (gender, race, economic). The use of OSS to make available open platforms / testbeds / facilities for testing ML applications is also an important challenge to explore.
- Workshop 1.3 Building Sustainable Open Source Ecosystems for an Interoperable Europe
With the recent adoption of the interoperability regulation proposal - the Interoperable Europe Act - in mind, the European Commission’s Open Source Observatory (OSOR) is bringing together stakeholders to discuss it in the context of the earlier recommendations on the software, culture and ecosystems of open source provided by the Expert Group for the Interoperability of European Public Services.
While the Act focuses on reinforcing cross-border interoperability and cooperation between the Member States and the European Commission (the co-owners of the proposed governance structure), the nature of interoperability means that the collaboration will be multi-dimensional and the provisions of the Act will also impact open source communities, projects, and companies. In particular, Article 4: Share and reuse of interoperability solutions between public sector bodies, institutions and agencies of the union and Article 8: Interoperable Europe portal, which include references to code sharing and open source licencing, might influence the open source environment both in the public and private sector.
- Workshop 1.4 Identifying, fixing and managing critical open source software used by European Public Services
With thousands of open source software, tools and libraries in use, it is impossible to accurately know the health (long-term upkeep, evolution and maintenance) of each component. Any failure could have severe consequences for the parent application e.g., the recent Log4J vulnerability. Any important but vulnerable software can be considered as critical software. The European Commission’s FOSSEPS project recently completed a study to identify critical software in use at European Public Services. There is a debate about how we prevent software from becoming critical, and how to fix the criticality. Perhaps even more important is how to identify such software in the first place, even if we had a Software Bill Of Materials (SBOM).
11:30-12:00 Coffee Break
12:00-13:30 Parallel Workshop Session 2
- Workshop 2.1 Open Source Software and Cloud Services and Applications: On the way to more interoperable cloud services
According to a study carried out by the European Commission, companies in the EU invested around 1 billion Euros in Open Source Software (OSS) in 2018, which amounted to an economic impact of 65 to 95 million Euros. The same study estimates that an increase of 10% of OSS contributions would annually generate an additional increase of 0.4% to 0.6% in the GDP.
The adoption of cloud computing by the industry can accelerate the commoditization of open source software. Several OSS solutions exist to solve specific challenges that can be found in the cloud continuum services stack. Cloud vendors, especially the large ones, are monetizing OSS by integrating it into their own cloud services proprietary derivatives created by them but few release them as open source or they do it under a very complicated licensing model.
End-to-end integration of the whole cloud stack and easier exit cloud switching options horizontally (between cloud services of the same type) and vertically (between layers of the cloud stack) are amongst the most critical challenges that need to be solved for the cloud continuum to be successful. This can only be achieved by making open source technologies available by each cloud and edge service provider, allowing for portability and simplifying the switch among cloud continuum services. This calls for communities that wish to create open technologies which are part of larger ecosystems, and which together aim to create full stack solutions.
- Workshop 2.2 The potential of the symbiosis of Quantum Computing and OSS: Development of quantum computing OS algorithms and software
Due to its incipient stage of development, Quantum Computing is hybrid by nature. It offers a specialized form of computing power which needs to co-exist with classical architectures in the form of hybrid computing approaches. Sustainable Quantum Computing strategies are based on the combination of classical architectures with traditional hardware that access quantum devices as needed. Therefore, interoperability and reusability are key aspects to take into consideration. A hybrid quantum stack, especially one that relies on both cloud and on- premises / private cloud resources, will require management and orchestration to ensure that programs, experiments, processes and technologies run smoothly and are interoperable.
In this context, OSS solutions can help to reach this level of compatibility and interoperability. This workshop will address the main Quantum Computing challenges and how to address them leveraging on OSS practices and solutions, specially focused on:
- OSS middleware for Quantum Computing
- OSS based interoperable components and libraries for Quantum Computing (i.e. Pennylane libraries)
- Workshop 2.3 Encouraging open-source business applications reuse via the creation of an EU wide Applications Catalogue for European Public Services
Public administrations across Europe have over the years built a huge number of business applications using open-source software tools.
Despite this, we continue to rebuild the same applications, within each country and across the EU. With national open source application catalogues emerging, there is a need for a Europe wide applications catalogue, which users can search to find what they need. Such a catalogue could save millions of Euros and allow faster solution realisation. The Commission’s FOSSEPS Project is building an initial version due in 2023.
- Workshop 2.4 Exploring how the European public sector can cooperate and act together to solve the key open source issues they face
As European Public Services continue to increase their use of open source software and tools, they will invariably face a range of issues that are likely to have been/will be faced by their counterparts in their own country or in other member states.
It makes sense that public administrations share their knowledge and experiences with each other and avoid mistakes. The FOSSEPS project charter specifically focuses on helping European Public Services to treat open source as a valuable and shared resource.
Questions remain on how we achieve this cooperation? Using what mechanisms? Can we identify some practical steps?
13:30-14:30 Lunch Break
14:30-16:00 Parallel Workshop Session 3
- Workshop 3.1 Open standards and industrial use for Open Source: Leveraging the sustainability of Open Source projects and increasing competition and interoperability between different steps in value-chains
Company policies towards open source embrace the use of and contribution to software that is crucial for its products. Raising awareness of Open Source possibilities has been identified as an effective policy for increasing economic growth. Open Source assets facilitate making an efficient use of resources and increase industrial competitiveness. Together with standards they are embedded in nearly all electronic devices we use in our daily live. Computers, TVs, electrical appliances, phones, cars are using millions of lines of code from projects initially started by hundreds of volunteer developers and shared with all. Also, many OS projects implement open standards. Software-related standards that encourage OS implementations facilitate the achievement of industrial targets. Standards Development Organisations (SDOs) and Open Source software development initiatives collaborate in many practical ways to obtain the best of both worlds. The session will analyze the issues to ensure an efficient uptake of Open Source and standards by the industry. In particular, the needs for extending of that OS stack below the kernel for an Open Computing Architecture will be analysed.
- Workshop 3.2 Towards a trustworthy and secure ecosystem of OSS: Increasing the reliability and adoption of OSS projects
From the surveys conducted by the EC as part of the study “The impact of Open Source Software and Hardware on technological independence, competitiveness and innovation in the EU economy” cybersecurity and trustworthiness of OSS and OSH was of significant importance. A particular concern identified is related to the ability of chips or software components to incorporate backdoors or malware embedded by a bad actor in the supply chain. The ability to develop and maintain a root of trust throughout the supply chain is facilitated by open hardware and software. This impact will increase over time.
Thus, the workshop will revolve around the following topics:
- OSS and Trust
- Cybersecurity Certification required?
- Self-Assessment versus Third Party Assessment? (Cost, Time, Resource Constraints)
- Who is making the OSS building blocks? Are there state actors involved or behind it? Should we trust OSS?
- OSS and backdoors (purposely embedded security “holes”)
- ECSO “made in Europe” label (also companies have to “certify” that there are no “backdoors”)
- Security standards and certification for OSS
- Who applies for certification? User? Integrator?
- Who is responsible if there is a security issue / breach? How to make them responsible (fine, pay for damage, etc.)?
- OSS and Trust
- Workshop 3.3 Agreeing, measuring and encouraging organisational contribution to the open source ecosystem
Open Source is a vital infrastructure to our digital world, pervading every personal device and business system we use. Both the private and public sector continue to increase their use of open source, which is a positive trend. However, on the whole, the existence, availability and support of open source is taken for granted. Many individuals, companies, foundations and public administrations do contribute, but this is already recognised to be insufficient. How can we contribute to open source? Can we measure this? Are there metrics? How does a conscientious organisation know it is contributing well? Are there contribution best practices and/or league tables? With ESG, organisations will soon be measuring their environmental footprint. Should we also not measure our use of and contribution to open source? Isn’t this contribution vital to the sustainability of open source?
- Workshop 3.4 Exploring practical solutions to ensure long term sustainability of open source software
With increasing use of open source software, its long-term sustainability is essential to our digital universe. What is sustainability? Do we need to ensure ALL open source software, or only a crucial subset? What should we do to sustain this subset?
Over the last 5 years the EC’s OSPO team have met and debated this issue with many open source practitioners. Via programmes/projects such as EU-FOSSA 2, ISA2 and FOSSEPS, it became clear that directly supporting certain vulnerable software communities could significantly enhance overall sustainability. These are the smaller software communities, typically with one or two maintainers, and some slightly larger communities with stable software that needs regular maintenance. Essentially, we need to support the little guys, and the maintainers. Without this support, their software is much more likely to end up in a critical state of health (in software ICU). The recent European Commission Funding Mechanism study examined financial and non-financial support to these two target groups.
Can we create practical solutions to sustain our open source ecosystem?
16:00-16:35 Closing session & next steps
- Pierre Chastanet, Head of Unit Cloud & Software-DG CONNECT, European Commission