Jump to content

Newsletter: UN Open Source Week, Rosenpass Investment, Job Opening & more

By Theresa Röcher

In News

Email newsletter on 03 July 2025: Sharing reflections from UN Open Source Week in June, where we convened a delegation of open source experts and emphasized the essential role of open technologies—and our shared responsibility to support them. Learn about our investment in Rosenpass, the recently disclosed OpenPGP.js vulnerability, a new job opportunity on our team, and the events we’ve hosted or attended over the past few weeks.

This message is coming to you from a new email address, info@sovereign.tech. Please update your address book accordingly!

In this newsletter, we’re sharing reflections from UN Open Source Week in June, where we convened a delegation of open source experts and emphasized the essential role of open technologies—and our shared responsibility to support them. Learn about our investment in Rosenpass, the recently disclosed OpenPGP.js vulnerability, a new job opportunity on our team, and the events we’ve hosted or attended over the past few weeks.

If you’d like to find out about these updates as they happen, you can find the Sovereign Tech Agency on Mastodon, LinkedIn, and Bluesky.


Maintaining the Future at UN Open Source Week

In June, the Sovereign Tech Agency returned to the UN Open Source Week with an expanded scope of participation. Besides hosting this year's maintain-a-thon, we contributed across multiple sessions, including a panel at OSPOs for Good day and community-organized side events. We brought a unique perspective, shaped by our role as the leading public institution in Europe dedicated to investing in critical digital infrastructure.

Read more about what we accomplished and what we learned in our latest blog post:

UN Open Source Week

Group photo of participants at the maintain-a-thon event

Maintain-a-thon participants


A delegation of experts for UN Open Source Week

As part of United Nations Open Source Week, we convened a delegation of open source experts whose work sustains the digital infrastructure we all rely on. Their presence brought critical, hands-on experience into international conversations on digital public goods, security, and innovation.

Meet the experts

Sovereign Tech Agency’s delegation of experts posing together in a group photo

Sovereign Tech Agency’s delegation of experts


Rosenpass Investment

We invest globally in the open software components that underpin Germany's and Europe's competitiveness and ability to innovate. Improving the security, stability, and reusability of open software components directly enhances the productivity, competitive edge, and capacity for innovation of startups and small and medium-sized businesses. We’re excited to be working with these maintainers and FOSS communities, and to support the software that forms the foundation of the infrastructure of the 21st century.

Rosenpass

Building quantum-safe, resilient encryption for internet infrastructure with enhanced stability and supply chain protection


Hiring: Finance and Operations Manager

To support our management team, Sovereign Tech Agency is looking for an experienced person to efficiently set up and implement operational processes. As a key member of our administrative team, you will help shape processes, ensure everything runs smoothly, and support the further expansion of the finance and operational side of our organization.

Job description


Vulnerability in OpenPGP.js

Finding and fixing vulnerabilities is essential to digital security. The recently identified vulnerability in OpenPGP.js was proactively discovered through the Sovereign Tech Resilience bug bounty program, hosted on YesWeHack. Thanks to the responsible disclosure by security analysts Edoardo Geraci and Thomas Rinsma from Codean Labs, the issue was patched quickly in versions 5.11.3 and 6.1.1

Security is not a state, but a process and we’re proud that transparent coordination between the security analysts and the maintainers of the project led to a swift patch and strengthened our common digital infrastructure.

The Sovereign Tech Resilience program secures critical digital infrastructure through several targeted measures. These include direct contributions to FOSS projects, a bug & fix bounty platform, and code audits to strengthen the resilience of open digital systems.

If your project plays a vital role in digital sovereignty, privacy, or public infrastructure, we encourage you to apply:

Sovereign Tech Resilience


On the go

  • On 14 May, Tara Tarakiyee co-hosted a workshop in Utrecht with Tweede golf and RustNL. Together with experts from across Europe, the group drafted a joint statement urging action on memory safety and eliminate memory-related vulnerabilities.
  • On 23 May, Adriana Groh spoke at a symposium on cybersecurity, resilience, and sovereignty hosted at the Akademie für Politische Bildung in Tutzing.

  • On 28 May, some team members attended re:publica. Powen Shiah gave a lightning talk, where he explored how vital open source infrastructure is maintained by volunteers—and asked who would sustain it as key maintainers retire.

workshop attendees sitting and discussing

Memory safety workshop 

Adriana speaking into a microphone

Adriana speaking in Tutzing

some team members from Sovereign Tech Agency posing at re:publica conference

Sovereign Tech Agency Team members at re:publica

  • On 4 June , Mirko Swillus represented the Sovereign Tech Agency at the second Cyber Resilience Act Expert Group meeting in Brussels, bringing open source expertise to shape practical CRA guidance for FOSS contributors and to strengthen digital infrastructure across Europe.
  • On 11 June 2025, Adriana Groh spoke at OpenForum Europe’s Capital Series Poland in Warsaw. In a session with Astor Nummelin Carlberg, she highlighted the EU’s role in sustaining critical open source infrastructure and welcomed growing national and EU-level efforts inspired by the Sovereign Tech Fund model.
  • On 20 June 2025, Tara Tarakiyee spoke at Waterkant Festival in Kiel about how Schleswig-Holstein is leading the shift to open source in public administration. They shared how the Sovereign Tech Agency is helping build secure, transparent digital infrastructure for the 21st century—rooted in open technologies.
open source expert group in Brussels, standing around a CRA Roll-up banner

Open Source Expert Group for CRA

Astor Nummelin Carlberg and Adriana on stage in Warsaw speaking to each other

Astor Nummelin Carlberg and Adriana Groh in Warsaw

panelists on stage at Waterkant Festival

Tara Tarakiyee and the panelists  


More articles

All articles

  • News

    Read article: Maintaining the Future at UN Open Source Week

    In June 2025, the Sovereign Tech Agency took part in UN Open Source Week in New York City. We convened a delegation of open source experts to bring hands-on experience into global conversations around digital cooperation and public infrastructure. Across multiple sessions, we highlighted the essential role of open technologies and the responsibility that institutions share for supporting them.

  • News

    Read article: A delegation of experts for UN Open Source Week

    As part of United Nations Open Source Week, we’re convening a delegation of 12 open source experts whose work sustains the digital infrastructure we all rely on. Their presence brings critical, hands-on experience into international conversations on digital public goods, security, and innovation.

  • News

    Read article: We’re hosting the Maintain-a-thon at UN Open Source Week

    As part of the 2025 UN Open Source Week, the Sovereign Tech Agency and Alpha Omega are hosting a special hackathon: the maintain-a-thon. It convenes key open source experts and maintainers from around the world and highlights the importance of sustainability and long-term stewardship in open source digital infrastructure.