Tobie Langel

Tobie Langel is the Founder and Principal of UnlockOpen, a boutique consulting firm specializing in open tech ecosystem strategy.

He advises:

Leading tech firms such as Google, Microsoft, Mozilla, Intel, Cisco, Airtable, and GitLab;
Industry organizations and Standards Developing Organizations (SDOs) including OpenSSF, OpenJSF, OASIS Open, and W3C;
NGOs, philanthropies, and policy makers, among them the Atlantic Council, OpenForumEurope, the EU Commission, and the United Nations’ Digital Public Goods Alliance.

Before establishing UnlockOpen, Tobie led Facebook’s standards initiative, representing the company at W3C and spearheading the Web Platform Tests open source initiative as a W3C Fellow.

He is well-known for having co-maintaining one of the world’s largest JavaScript libraries, editing multiple web standards implemented in all modern browsers, and for his public speaking and keynotes at key industry events.

Twitter: @tobie

LinkedIn: linkedin.com/in/tobielangel

Website: unlockopen.com

Pronouns: he/him

Recent Presentations

OWASP BeNeLux days

The Missing Post Mortem

The first half of 2024 saw an entirely new category of threat against open source, one that rocked its trust-based system at its core: social engineering takeover attempt of critical open source projects.

These attacks uncovered a systemic gap in open source security management.

Up until now, the open source community wasn’t thought of as a potential cyber attack target. But when critical open source projects become stepping stones for industrial espionage, ransomware attacks, or cyberwarfare, maintainers need to adopt comparable security practices to those found in target organizations.

This creates a unique set of challenges for open source because of its highly distributed nature and volunteer-based model. Meaningfully improving security at scale while preserving the ethos, culture, and diversity of communities that characterize open source and that are largely responsible for its innovative potential isn’t an easy task.

In this talk we’ll do a post-mortem of the social engineering takeover attempt at the OpenJS Foundation. While preserving confidentiality, we’ll outline industry gaps uncovered during this attack. We’ll suggest ways to meaningfully improving security at scale while preserving the ethos, culture, and diversity of communities that characterize open source and that are largely responsible for its success.
9th Cybersecurity Standardisation Conference

Panel: Overarching cybersecurity by standards
EU Open Source Policy Summit

Panel: Standards and Market Access in a Regulated Software Market

Older presentations

More presentations

The CRA is here. Now what?	Open Source Experience	December 2024
Open Source Governance for Software Engineers	Open Source Summit	September 2024
1 Billion Dollars for Open Source Maintainers	Open Source Summit	September 2024
Towards Open Source-Compatible Standards	Open Source Summit	September 2024
1 Billion Dollars for Open Source Maintainers	OW2con'24	June 2024
“Le Débat”	OW2con'24	June 2024
1 Billion Dollars for Open Source Maintainers	State of Open Con	February 2024
40 new ways the CRA can accidentally harm open source	FOSDEM 2024	February 2024
Now more than ever, OSPO alignment with org strategy is key	OSPO OnRamp	January 2024
Open Source Foundations, Dark Knights or Super Heroes?	Open Source Experience	December 2023
Can securing jQuery help secure the Web forward?	W3C Workshop Secure the Web Forward	September 2023
The Software is Provided “As Is”	Upstream	June 2023
Measuring Contribution to Open Source	European Commission Open Source Workshops for Computing & Sustainability	December 2022
Round Table: Financing Critical Open Source Software	Open Source Experience	November 2022
OSS Funding & Sponsorships	contributing.today	June 2022
Sustainability and security: it’s time to connect the dots	Upstream	June 2022
Keynote: From Open Governance to Collective Ownership	Open edX Conference	April 2022
Does open source need its own Priority of Constituencies?	FOSS Backstage	March 2022
Does open source need its own Priority of Constituencies?	SeaGL	November 2021
Open source contribution policies that don’t suck	All Things Open	October 2021
Open source contribution policies that don’t suck	OSPOCon	September 2021
Open source contribution policies that empower, not stifle	Practical Open Source Information	September 2021
Towards a sustainable solution to open source sustainability	EuroPython	July 2021
From laggard to open source powerhouse	OW2Con	June 2021
What is Open Source?	OpenJS World	June 2021
OSS Funding & Sponsorships	contributing.today	April 2021
Towards a sustainable solution to open source sustainability	FOSSASIA Summit 2021	March 2021
Towards a sustainable solution to open source sustainability	FOSS Backstage	February 2021
Does open source need its own Priority of Constituencies?	FOSDEM21	February 2021
Making the business case for contributing to open source	KubeCon + CloudNativeCon	November 2020
Making the business case for contributing to open source	SFScon	November 2020
Recruit, retain, foster	Online CTO Summit: Onboarding and retention	October 2020
A Home for your open source project	Open Source Summit Europe	October 2020
Towards a sustainable solution to open source sustainability	DINAcon	October 2020
Making the business case for contributing to open source	Open Infrastructure Summit	October 2020
Making the business case for contributing to open source	AnsibleFest	October 2020
Y a-t-il de la place pour l’éthique dans l’open source ?	Paris Web	October 2020
Does open source need its own Priority of Constituencies?	State of the Source Summit	September 2020
Towards a sustainable solution to open source sustainability	OpenJS World	June 2020
Why contribute to open source?	Open Source 101	May 2020
Open Source Contribution Policies That Don’t Suck	OpenChain Webinar	May 2020
Why contribute to open source?	All Things Open RTP Meetup	April 2020
From laggard to open source power house	OpenExpo Europe	April 2020
Open Source Contribution Policies That Don’t Suck	FINOS Open Source Readiness	March 2020
Bringing ethics back to open source	FOSDEM	February 2020
Build and leverage your open source culture to recruit, retain, and foster top talent	FINOS Open Source Readiness	January 2020
From laggard to open source power house—a transformative journey to successfully build a strong open source culture	Open Source Strategy Forum	November 2019
Making the Business Case for Contributing to Open Source	All Things Open 2019	October 2019
Governance Update & Next Steps	AMP Contributor Summit	October 2019
Making the Business Case for Contributing to Open Source	OpenExpo Europe	June 2019

Tobie Langel

OWASP BeNeLux days

The Missing Post Mortem

9th Cybersecurity Standardisation Conference

Panel: Overarching cybersecurity by standards

EU Open Source Policy Summit

Panel: Standards and Market Access in a Regulated Software Market