Presented by

  • Luc Letarte

    Luc Letarte
    https://linkedin.com/in/lucletarte

    Luc Letarte is a Research Cybersecurity and Compliance Specialist with Advanced Research Computing at the University of British Columbia and an independent cybersecurity and privacy consultant. He specializes in strengthening academic research and public sector environments through governance, risk management, and compliance programs. A certified cybersecurity and privacy professional, Luc brings extensive experience working in complex environments, delivering actionable solutions for regulatory compliance and cyber risk management. He is a frequent conference speaker and instructor, delivering workshops and presentations on digital trust, cybersecurity risk management, research data management, and institutional risk governance. Fluent in English and French, Luc actively contributes to the higher education, research, and cybersecurity communities and serves on the National Security Council at the Digital Research Alliance of Canada.

Abstract

In a rapidly evolving technology landscape, earning the trust of software adopters has become increasingly challenging. Institutional buyers, funders, and regulators now routinely require security and risk assessments before approving the use or deployment of software. While large technology vendors often have the resources and processes to meet these expectations, many open-source projects struggle to present clear, structured security information. As a result, otherwise strong projects may be overlooked when organizations evaluate tools for adoption or investment. This presentation highlights the critical role of a well-crafted security statement for open-source projects. It outlines what a security statement should include, why it matters in review processes, and how maintainers can communicate effectively with security and risk professionals. Attendees will leave with practical guidance for improving the visibility, credibility, and adoption readiness of their open-source projects.