-
Notifications
You must be signed in to change notification settings - Fork 161
FOSDEM 2025 : CFP for Application Security Devroom
We’re thrilled to announce the Call for Participation (CFP) for the very first Application Security Devroom at FOSDEM 2025!
- December 1st, 2024 – Submission deadline
- December 15th, 2024 – Announcement of accepted talks and schedule
- February 1st, 2025 (Saturday, full day) – Application Security Devroom at FOSDEM, Brussels
Modern applications are dynamic, distributed, and data-driven—security can no longer be bolted on after deployment. The open-source community has responded with a new generation of policy-as-code frameworks that make authorization, compliance, and governance programmable, analyzable, and auditable.
Projects like Cedar, OpenFGA, and Open Policy Agent (OPA) are already trusted by major enterprises and open-source platforms, powering fine-grained access control, multi-tenant security, and continuous verification. Together, they form the foundation for declarative, automated security that aligns with cloud-native best practices.
The Application Security Devroom provides a dedicated forum for developers, platform engineers, and security practitioners building this next generation of open-source security tooling.
FOSDEM celebrates open-source software development and the exchange of technical expertise. We welcome proposals covering open-source projects and research that advance application-level security.
Topics include (but are not limited to):
- Policy as Code: new languages, analyzers, or formal verification methods (Cedar, Rego, FGA schemas, etc.)
- Authorization Engines: design patterns for centralized or distributed policy enforcement
- Security in CI/CD: integrating policy testing, analysis, and verification into pipelines
- WASM Security & Sidecars: policy enforcement in service meshes and web runtimes
- Fine-Grained Data Access: attribute-based, relationship-based, and token-based authorization
- AI & Agent Governance: managing policies for autonomous agents and delegated capabilities
- Observability & Auditability: tracing and analyzing authorization decisions at scale
- Cross-Domain Collaboration: open standards, APIs, and schema interoperability between policy systems
If your work helps developers build safer applications through code, this devroom is for you.
FOSDEM 2025 is an in-person event in Brussels, Belgium. We do not accept remote presentations.
We invite proposals for the following talk formats:
- 10 minutes – Short demo or lightning talk
- 20 minutes – Project update or focused presentation
- 30 minutes – Deep dive or architectural exploration
All time slots include Q&A (please allow 5–10 minutes for questions).
Submit your proposals via Pretalx. Be sure to select “Application Security” as the track.
All FOSDEM participants are expected to abide by the FOSDEM Code of Conduct. By submitting a proposal, you agree to uphold these standards.
- Michael Schwartz— BD, [Janssen Project](https://jans.io)
- Andres Aguiar— Contributor, OpenFGA
- Lucas Käldström — Contributor, Cedar / Kubernetes
- Dimitrij Drus — Contributor, OWASP
Contact us with any questions at: 📧 appsec-devroom-manager@fosdem.org