Dear OSI community,
Recently we have had an incident reported to us where large numbers of individuals affiliated with OSI (over 100) were tagged in a social media post on LinkedIn. Several individuals have been in touch to query with us how they came to be identified as affiliated with OSI. In particular, some individuals raised the possibility of whether a data breach had occurred.
We have taken steps to investigate the concerns raised to us and can confirm that no breach of data held by OSI has taken place. As best as we can tell from our analysis and from details shared by the individual who published the social media post, names of those affiliated with the OSI have been systematically collected by that individual from publicly available sources. This includes from our annual report, but also from a 2021 Board Election ballot from Helios Voting.
We recognize that some individuals have found this incident and the behavior of this individual deeply uncomfortable and inappropriate, and we recognize that this behavior contradicts the principles of openness, collaboration, and respect that the OSI community upholds.
Regarding our annual report, OSI recognizes and deeply values the contributions of our community, and each year, we publicly acknowledge those who have contributed to the OSI, including full members, as a way to highlight their support and dedication to Open Source. Importantly, currently we do not name anyone in our annual report who has opted out of public recognition. However, in light of this incident, we are actively reviewing our public recognition practices, and additional opt-out mechanisms and privacy protections are now being considered.
It is disappointing that we have to consider these kinds of measures, but we remain committed to fostering a welcoming and safe environment for all contributors. If you or someone you know has been targeted and are uncomfortable, we encourage you to document the incident and report harassment to relevant platforms. Please reach out to the OSI for support.
Sincerely,
OSI