UCSC OSPO Participation in the Open Forum Academy Symposium

Stephanie Lieggi, Executive Director of the UC Santa Cruz Open Source Program Office (OSPO), participated in the Open Forum Academy (OFA) Symposium held in Rio de Janeiro, Brazil in November 2025.

The symposium agenda is available here.

Lieggi presented preliminary findings from a research project funded by the Digital Infrastructure Insights Fund (DIIF) examining parallels between post-9/11 trade security frameworks and the emerging policy landscape for open source software (OSS) supply chain security.

The presentation drew on comparative analysis of U.S. customs and trade security initiatives—most notably the Customs-Trade Partnership Against Terrorism (C-TPAT) and the Container Security Initiative (CSI)—and assessed how the incentive structures, public-private partnership models, and international harmonization mechanisms that made those programs effective might inform analogous frameworks for OSS security. A central theme was moving the policy conversation beyond surface-level comparisons (such as the Software Bill of Materials / shipping manifest analogy) toward more actionable, principles-based frameworks.

The work is a collaboration between researchers at UCSC OSPO, the Berkeley Institute of Data Science, and the Center for Nonproliferation Studies/MIIS.

Supporting Materials The following project materials are available for reference:

Preliminary Report Presentation Slides

This research is ongoing. A final report incorporating findings from expert interviews across the trade security and OSS security practitioner communities is forthcoming.