
Newsletter: UN Open Source Week, Rosenpass Investment, Job Opening & more
By Theresa Röcher
In News
Email newsletter on 03 July 2025: Sharing reflections from UN Open Source Week in June, where we convened a delegation of open source experts and emphasized the essential role of open technologies—and our shared responsibility to support them. Learn about our investment in Rosenpass, the recently disclosed OpenPGP.js vulnerability, a new job opportunity on our team, and the events we’ve hosted or attended over the past few weeks.
This message is coming to you from a new email address, info@sovereign.tech. Please update your address book accordingly!
In this newsletter, we’re sharing reflections from UN Open Source Week in June, where we convened a delegation of open source experts and emphasized the essential role of open technologies—and our shared responsibility to support them. Learn about our investment in Rosenpass, the recently disclosed OpenPGP.js vulnerability, a new job opportunity on our team, and the events we’ve hosted or attended over the past few weeks.
If you’d like to find out about these updates as they happen, you can find the Sovereign Tech Agency on Mastodon, LinkedIn, and Bluesky.
Maintaining the Future at UN Open Source Week
In June, the Sovereign Tech Agency returned to the UN Open Source Week with an expanded scope of participation. Besides hosting this year's maintain-a-thon, we contributed across multiple sessions, including a panel at OSPOs for Good day and community-organized side events. We brought a unique perspective, shaped by our role as the leading public institution in Europe dedicated to investing in critical digital infrastructure.
Read more about what we accomplished and what we learned in our latest blog post:

Maintain-a-thon participants
A delegation of experts for UN Open Source Week
As part of United Nations Open Source Week, we convened a delegation of open source experts whose work sustains the digital infrastructure we all rely on. Their presence brought critical, hands-on experience into international conversations on digital public goods, security, and innovation.

Sovereign Tech Agency’s delegation of experts
Rosenpass Investment
We invest globally in the open software components that underpin Germany's and Europe's competitiveness and ability to innovate. Improving the security, stability, and reusability of open software components directly enhances the productivity, competitive edge, and capacity for innovation of startups and small and medium-sized businesses. We’re excited to be working with these maintainers and FOSS communities, and to support the software that forms the foundation of the infrastructure of the 21st century.
Rosenpass
Building quantum-safe, resilient encryption for internet infrastructure with enhanced stability and supply chain protection
Hiring: Finance and Operations Manager
To support our management team, Sovereign Tech Agency is looking for an experienced person to efficiently set up and implement operational processes. As a key member of our administrative team, you will help shape processes, ensure everything runs smoothly, and support the further expansion of the finance and operational side of our organization.
Vulnerability in OpenPGP.js
Finding and fixing vulnerabilities is essential to digital security. The recently identified vulnerability in OpenPGP.js was proactively discovered through the Sovereign Tech Resilience bug bounty program, hosted on YesWeHack. Thanks to the responsible disclosure by security analysts Edoardo Geraci and Thomas Rinsma from Codean Labs, the issue was patched quickly in versions 5.11.3 and 6.1.1
Security is not a state, but a process and we’re proud that transparent coordination between the security analysts and the maintainers of the project led to a swift patch and strengthened our common digital infrastructure.
The Sovereign Tech Resilience program secures critical digital infrastructure through several targeted measures. These include direct contributions to FOSS projects, a bug & fix bounty platform, and code audits to strengthen the resilience of open digital systems.
If your project plays a vital role in digital sovereignty, privacy, or public infrastructure, we encourage you to apply:
On the go
- On 14 May, Tara Tarakiyee co-hosted a workshop in Utrecht with Tweede golf and RustNL. Together with experts from across Europe, the group drafted a joint statement urging action on memory safety and eliminate memory-related vulnerabilities.
On 23 May, Adriana Groh spoke at a symposium on cybersecurity, resilience, and sovereignty hosted at the Akademie für Politische Bildung in Tutzing.
On 28 May, some team members attended re:publica. Powen Shiah gave a lightning talk, where he explored how vital open source infrastructure is maintained by volunteers—and asked who would sustain it as key maintainers retire.

Memory safety workshop

Adriana speaking in Tutzing

Sovereign Tech Agency Team members at re:publica
- On 4 June , Mirko Swillus represented the Sovereign Tech Agency at the second Cyber Resilience Act Expert Group meeting in Brussels, bringing open source expertise to shape practical CRA guidance for FOSS contributors and to strengthen digital infrastructure across Europe.
- On 11 June 2025, Adriana Groh spoke at OpenForum Europe’s Capital Series Poland in Warsaw. In a session with Astor Nummelin Carlberg, she highlighted the EU’s role in sustaining critical open source infrastructure and welcomed growing national and EU-level efforts inspired by the Sovereign Tech Fund model.
- On 20 June 2025, Tara Tarakiyee spoke at Waterkant Festival in Kiel about how Schleswig-Holstein is leading the shift to open source in public administration. They shared how the Sovereign Tech Agency is helping build secure, transparent digital infrastructure for the 21st century—rooted in open technologies.

Open Source Expert Group for CRA

Astor Nummelin Carlberg and Adriana Groh in Warsaw

Tara Tarakiyee and the panelists