content/blog/2023-06-upstream-hardware-bom-fireside/index.md

@@ -0,0 +1,20 @@
+---
+title: "Hardware Bills of Material with Deutsche Bahn"
+date: 2023-06-07
+categories:
+  - english
+  - presentation
+tags:
+  - SupplyChain
+  - Security
+video: https://www.youtube.com/watch?v=59WQeWXFmNw
+event:
+  name: Upstream 2023
+  href: https://upstream.live/
+---
+
+At Upstream 2023, I participated in a fireside chat with Luis Villa (Tidelift) and my colleague Erik Schaufuss exploring the fascinating intersection between Software Bills of Materials (SBOMs) and Hardware Bills of Materials (HBOMs) within Deutsche Bahn's complex supply chain. As Germany's national railway company with hundreds of federated subsidiaries, we face unique challenges in managing both rolling stock hardware and the increasingly software-driven assets within trains. The discussion centered on how learnings from the software supply chain transparency movement – particularly around standards like CycloneDX – can inform and improve hardware supply chain management.
+
+The conversation explored Deutsche Bahn's federated corporate structure and how this complexity makes supply chain management particularly challenging yet critical. We discussed the need for standards to communicate information across organizational boundaries, the clash between traditional hardware procurement and modern software practices, and how tracking components in both domains presents parallel challenges. The fireside chat highlighted practical experiences in bridging the gap between software and hardware supply chain transparency, and the importance of ISO standards and industry collaboration in this evolving space.
+
+This session demonstrated that whether dealing with software packages or physical train components, the fundamental challenges of transparency, traceability, and security have more in common than one might initially expect.

content/blog/2023-09-bitkom-forum-open-source-maintainers/index.md

@@ -0,0 +1,22 @@
+---
+title: "Was machen eigentlich Open-Source-Maintainer?"
+date: 2023-09-27
+categories:
+  - deutsch
+  - presentation
+tags:
+  - OSPO
+  - Community
+headerimage:
+  src: firstslide.jpg
+slides: https://www.bitkom.org/sites/main/files/2023-10/BFOSS23-Praesentation-Schumacher-Mehl-Was-machen-eigentlich-Open-Source-Maintainer.pdf
+event:
+  name: Bitkom Forum Open Source 2023
+  href: https://www.bitkom.org/bfoss23
+---
+
+Auf dem 9. Bitkom Forum Open Source in Erfurt präsentierten Cornelius Schumacher und ich eine Erzählung über das Leben von Open-Source-Maintainern, strukturiert als Drama mit Happy End. Durch die Geschichte von "Alex", einer fiktiven Entwicklerin, beleuchteten wir, was Maintainer wirklich antreibt, was sie jenseits des Programmierens tun und welchen Herausforderungen sie sich stellen müssen. Der Vortrag führte von der anfänglichen Motivation, ein neues Tool aus Leidenschaft und eigenem Bedarf zu schaffen, über das Wachstum zur respektierten Maintainerin mit Community-Building-Verantwortung bis hin zum Übergang der Rolle für die Nachhaltigkeit des Projekts.
+
+Die Präsentation hob die oft übersehenen Aspekte der Maintainership hervor: Beantwortung von Issues und Pull Requests, Moderation von Diskussionen, Sicherstellung der Einhaltung des Code of Conduct, Mentoring von Neulingen, Gestaltung von Roadmaps und strategische Entscheidungen. Wir thematisierten auch die kulturellen und prozessualen Unterschiede zwischen Unternehmen und Open-Source-Communities – von hierarchischen versus Peer-Production-Modellen bis hin zu unterschiedlicher Ressourcenverfügbarkeit und Commitment-Strukturen. Die Kernbotschaft: Maintainer sind keine Chefs, sondern Diener ihrer Communities, und das wahre Kapital eines Open-Source-Projekts liegt nicht im Code, sondern in den Menschen und der Community, die es am Leben halten.
+
+Der Vortrag betonte, dass Maintainer zwar in Motivation, Finanzierungsmodellen und Governance-Strukturen unterschiedlich sind, aber Kerncharakteristika teilen: hohes Verantwortungsbewusstsein, autonomes Handeln, Interessenausgleich und Servant Leadership.

content/blog/2023-10-ospology-sbom-introduction/index.md

@@ -0,0 +1,23 @@
+---
+title: "SBOMs – A Short Introduction"
+date: 2023-10-10
+categories:
+  - english
+  - presentation
+tags:
+  - SupplyChain
+  - OSPO
+  - Security
+headerimage:
+  src: firstslide.jpg
+slides: https://up.mehl.mx/slides/2023-10-10-SBOMs-A-Short-Introduction-OSPOlogy.pdf
+event:
+  name: OSPOlogy Live Frankfurt
+  href: https://community.linuxfoundation.org/events/details/lfhq-ospology-european-chapter-presents-ospologylive-frankfurt/
+---
+
+At OSPOlogy Live Frankfurt in October 2023, I gave an introduction to Software Bills of Materials (SBOMs) for the OSPO community. Everyone had heard of SBOMs by then – they seemed ubiquitous, with shiny tools sprouting up everywhere. But what were they actually all about? What were the real use cases? And what often caused practical applications to fail? This talk aimed to provide a common understanding without the marketing-speak.
+
+The session covered the fundamental concepts of SBOMs, explored concrete use cases where they add value, and discussed the challenges organizations face when trying to implement them in practice. Drawing from my experience working with software supply chain transparency at Deutsche Bahn, I highlighted common pitfalls and offered practical insights for OSPOs looking to make sense of the SBOM landscape.
+
+This was part of a two-day event hosted by SAP's OSPO and co-organized with TODO Group, InnerSource Commons, LF Energy, OpenChain, SPDX, CHAOSS, and OpenSSF projects.

content/blog/2024-05-siemens-open-source-maintainers/index.md

@@ -0,0 +1,24 @@
+---
+title: "Who are these Open Source maintainers, actually?"
+date: 2024-05-14
+categories:
+  - english
+  - presentation
+tags:
+  - OSPO
+  - Community
+  - SupplyChain
+headerimage:
+  src: firstslide.jpg
+video: https://www.youtube.com/watch?v=rJL3sGD5EkU
+slides: https://opensource.siemens.com/events/2024/slides/Max_Mehl_Who_are_these_Open_Source_maintainers_actually.pdf
+event:
+  name: Siemens Open Source 2024
+  href: https://opensource.siemens.com/events/2024/#may-14th
+---
+
+At Siemens Open Source 2024, I presented a narrative journey through the life of an Open Source maintainer, structured as a five-act drama with a happy ending. Through the story of "Alex", a fictional developer, I explored what really drives maintainers, what they actually do beyond writing code, and the challenges they face when interacting with corporate structures. The talk moved from the initial motivation of creating a new tool driven by passion and intrinsic needs, through the growth into respected maintainership with community building responsibilities, to the eventual transition of passing on the role to ensure project sustainability.
+
+The presentation highlighted the often-overlooked aspects of maintainership: responding to issues and pull requests, moderating discussions, ensuring code of conduct compliance, mentoring newcomers, designing roadmaps, and making strategic decisions. I also addressed the cultural and process differences between companies and Open Source communities – from hierarchical versus peer production models to the different resource availability and commitment structures. The key message: maintainers are not bosses but servants of their communities, and the true capital of an Open Source project lies not in the code, but in the people and community that keep it alive.
+
+This talk emphasized that while maintainers differ in motivation, funding models, and governance structures, they share core characteristics: a high sense of responsibility, autonomous action, balance of interests, and servant leadership.

content/blog/2025-03-foss-backstage-burden-knowledge/index.md

@@ -0,0 +1,25 @@
+---
+title: "The Burden of Knowledge: Dealing With Open Source Risks"
+date: 2025-03-10
+categories:
+  - english
+  - presentation
+tags:
+  - OSPO
+  - Community
+  - SupplyChain
+  - Security
+headerimage:
+  src: firstslide.jpg
+video: https://www.youtube.com/watch?v=cMHPLeb5QW0
+slides: /docs/2025-03-Managing-Open-Source-Risks.pdf
+event:
+  name: FOSS Backstage 2025
+  href: https://25.foss-backstage.de/session/the-burden-of-knowledge-dealing-with-open-source-risks/
+---
+
+At FOSS Backstage 2025 in Berlin, I explored a critical challenge facing OSPOs and development teams: as we increase analysis of our software supply chains, tools and scorecards reveal potential risks in Open Source projects like low maintenance, lack of community, or poor security practices. But this data alone doesn't help if it merely points out potential problems without offering solutions. The question is: how should we handle this burden of knowledge? Through manual reviews? Questionnaires? Funding? Or should we look away?
+
+In this session, I focused on the strategic decisions organizations need to make when assessing risk in Open Source dependencies. Drawing from my experience at an organization using a six-digit number of Open Source packages, I explored the options between the extremes of "Let's measure everything", "Let's avoid all risky Open Source", and "Let's not look at the data because it might scare off management". I discussed how to decide whether to use a project, invest resources to support it, or move away from a dependency, and when it makes sense to actively engage with or withdraw from an Open Source project.
+
+This talk provided an overview of feasible options and the foundation for a more informed discussion on managing Open Source risks strategically – without ignorance or fear.

content/blog/2025-12-openrailday-moderation/index.md

@@ -12,9 +12,14 @@ headerimage:
   src: openrailday-stage.jpg
   text: My amazing co-moderator Kira Correll and I on stage
 video: https://clip.place/w/p/gZ1HFxLxHri8mDABzqpGHC
+summary: I had the pleasure to moderate the OpenRail Day 2025 in Paris, organised by the OpenRail Association to share knowledge and experiences about open source software in the railway industry. This event brought together railway operators, digital experts, and open source communities from across Europe for a day dedicated to showcasing concrete open source projects already at work in the railway sector.
 event:
   name: OpenRail Day 2025 @ Paris
   href: https://day.openrailassociation.org
 ---
 
-I had the pleasure to moderate the OpenRail Day 2025 in Paris, organised by the [OpenRail Association](https://openrailassociation.org) to share knowledge and experiences about open source software in the railway industry. The event featured several talks and panel discussions with experts from different companies and organisations involved in open source projects related to railways.
+I had the pleasure to moderate the OpenRail Day 2025 in Paris, organised by the [OpenRail Association](https://openrailassociation.org) to share knowledge and experiences about open source software in the railway industry. This event brought together railway operators, digital experts, and open source communities from across Europe for a day dedicated to showcasing concrete open source projects already at work in the railway sector. The conference featured demonstrations, presentations, and workshops around projects like OSRD (Open Source Railway Designer), RCM OSS, LibLRS, and the Netzgrafik-Editor, all hosted by the OpenRail Association.
+
+The event created a space for dialogue between technical, institutional, and industrial stakeholders around key topics such as interoperability, open standards, and international collaboration. Speakers included leaders from major European railway companies like SBB, SNCF, Infrabel, and ONCF, as well as representatives from the European Commission's Open Source Programme Office. This first edition laid the foundation for a format designed to evolve and establish itself over time, in service of a more open and collaborative digital railway ecosystem.
+
+All session recordings, presentations, and photos are available in the [event replay section](https://day.openrailassociation.org).