I really like this approach! Indeed security (and privacy) can be one of the aspects we can focus when we are at installfests, confs. etc. It would be very beneficial for our community and (us as users) to see the security aspect of our distro! If you need any assistance or idead Paolo I would be very happy to assist you as I also work in cybersecurity. Best, Nikos Στις Τετ 5 Οκτ 2022 στις 11:53 π.μ., ο/η Paolo Perego <paolo.perego@suse.com> έγραψε:
Hi all, this is the first message in this list so let me spend some words to introduce myself. I'm Paolo, solution security engineer in SUSE since March 2021 and in the application security market since 2001 (mostly as penetration tester and code reviewer).
A couple of weeks ago I attended RomHack, a security event in Rome, with an openSUSE booth. We were also silver sponsor and I had the chance to give a talk on about open source and security, mainly focused on how do we act dealing with packages going in our distro.
I would like to share some notes I wrote right after the conference end.
1. People present on the conference were surprised that an OS vendor was having a booth, but they really liked it and they felt is a good thing.
2. Most of the people who came to our booth were not aware of the existence of SUSE and openSUSE. Perhaps if we participate in more events like this can be the first step in changing that. We could also reach out to contacts with newspaper or tech journalists and youtubers which could help promote our brand. Especially in Italy, where I live.
3. The people who previously heard about us thought that we produce a "derived" distribution. I explained that we use rpm, that we started back then like Slackware fork in the very early stages but now have our own identity, brand and added value services.
4. A person asked "tell me how to convince my boss that you're a good centos replacement". I talked to him about our team efforts in security, hardening configuration of base os, AppArmor, Rancher and NeuVector acquisitions. Perhaps we should brag more about our achievements in the area.
Please note that I'm not a marketing person, so my view is limited. Feel free to integrate to enrich the discussion.
At the time I'm writing this, I'm thinking adding some content to my YouTube channel to promote the usage of openSUSE in security testings, so to prove how versatile it can be.
HTH -- (*_ Paolo Perego @thesp0nge //\ Software security engineer suse.com V_/_ 0A1A 2003 9AE0 B09C 51A4 7ACD FC0D CEA6 0806 294B
-- Nikos Mantas