I really like this approach! Indeed security (and privacy) can be one of the aspects we can focus when we are at installfests, confs. etc. It would be very beneficial for our community and (us as users) to see the security aspect of our distro! If you need any assistance or idead Paolo I would be very happy to assist you as I also work in cybersecurity.

Best,
Nikos

Στις Τετ 5 Οκτ 2022 στις 11:53 π.μ., ο/η Paolo Perego <paolo.perego@suse.com> έγραψε:
Hi all, this is the first message in this list so let me spend some
words to introduce myself. I'm Paolo, solution security engineer in SUSE
since March 2021 and in the application security market since 2001
(mostly as penetration tester and code reviewer).

A couple of weeks ago I attended RomHack, a security event in Rome, with
an openSUSE booth. We were also silver sponsor and I had the chance to
give a talk on about open source and security, mainly focused on how do
we act dealing with packages going in our distro.

I would like to share some notes I wrote right after the conference end.

1. People present on the conference were surprised that an OS vendor was
having a booth, but they really liked it and they felt is a good thing.

2. Most of the people who came to our booth were not aware of the
existence of SUSE and openSUSE. Perhaps if we participate in more events
like this can be the first step in changing that.
We could also reach out to contacts with newspaper or tech journalists
and youtubers which could help promote our brand. Especially in Italy,
where I live.

3. The people who previously heard about us thought that we produce a
"derived" distribution. I explained that we use rpm, that we started
back then like Slackware fork in the very early stages but now have our
own identity, brand and added value services.

4. A person asked "tell me how to convince my boss that you're a good
centos replacement". I talked to him about our team efforts in security,
hardening configuration of base os, AppArmor, Rancher and NeuVector
acquisitions. Perhaps we should brag more about our achievements in the
area.

Please note that I'm not a marketing person, so my view is limited. Feel
free to integrate to enrich the discussion.

At the time I'm writing this, I'm thinking adding some content to my
YouTube channel to promote the usage of openSUSE in security testings,
so to prove how versatile it can be.

HTH
--
(*_  Paolo Perego                           @thesp0nge
//\  Software security engineer               suse.com
V_/_ 0A1A 2003 9AE0 B09C 51A4 7ACD FC0D CEA6 0806 294B


--
Nikos Mantas