2024 Conference report

Pass the SALT is a free access, English spoken, 3-day conference dedicated to Free software and Security. It provides a single track of talks and some workshops in parallel.

This document is our annual report for the 2024 edition of the conference. We share all the figures, our insights and analysis about:

Throughout this document, you will find:

  • what has worked during the edition,
  • the areas for improvement,
  • some thoughts from the org team about first collaborations, team evolutions and kinds of speakers you can cross at the conference.

Attendance

In this section you will find all figures and our feedback about the attendance of this edition:

  • 176 people booked their seat. In 2023: 135, 2022: 156
  • 128 people were physically present at the conference. In 2023: 108, 2022: 103
  • No-show rate: 27% In 2023: 20%, 2022: 33%

We were really happy to see more people coming to our conference this year:

  • +30% of registered people,
  • +18% of attendees present on the D day.

Aside from the content of the conference, we can see in these positive numbers the impact of the efforts we’ve put into communication this year:

  • channels: we used 3 social networks (X, Mastodon, [new] LinkedIn) for each communication we made,
  • frequency: regularly since January, [new] weekly since May,
  • targets: [new] we tried to reach, without much success, local infosec communities.

Regarding the relatively low number of attendees in general, there is a lack of students able to attend the conference at this time of the year, due to summer vacation and internships. This is one way to explain the difference with others free access conferences.

Share of attendees that previously came to Pass the SALT: 41% (2023: 44%, 2022: 28%).
source: booking form

Since last year, around 60% of the attendees are new ones and figures seem to be stable.

We think this is a good balance between:

  • people who come on a regular basis for the quality of the talks, workshops, networking and/or atmosphere. They provide the stability and share their knowledge of the culture of the conference to newcomers,
  • new attendees who come to discover the conference and who bring their freshness, their expectations and their new ideas!

Occupation:
source : booking form

  • private sector: 71% (2023: 60%, 2022: 55%)
  • public sector: 14% (21%, 15%)
  • students: 6.5% (8%, 19%)
  • academic: 4.5% (7%, 8%)
  • others: 4% (4%, 3%)

Language: attendees that can speak French: 91% (2023: 90%,2022: 91%). source: booking form It is a very stable percentage since the COVID period. As we said last year, we have not fully recovered our audience usually coming from Germany, Netherlands, Belgium or UK. We would be really pleased to get in touch with networks in these countries. [help needed] So if you have any way to reach them, let’s get in touch! πŸ™‚

Conference content

First, let’s share some raw figures about talks and workshops of this year’s edition!

  • 21 talks (2023: 22, 2022: 22)
  • 9 workshops (2023: 3, 2022)

Call for papers

As you can see, all figures are quite stable aside from the notable exception of the rise of the number of workshops for this edition.

Since the launch of the conference, we are committed to release in open source everything about the conference (figures, process like badge conception etc).

Let’s find below our CFP figures for all our editions (also available on our main website).

Year (IRL editions) Submissions Accepted Invited talks among accepted ones Acceptation Rate
2024 39 30 2 (06.0%) 77.0%
2023 45 25 3 (12.0%) 55.5%
2022 39 27 5 (18.5%) 69.2%
2019 46 35 3 (12.0%) 76.0%
2018 37 29 2 (06.0%) 78.3%

Our feedback:

  • Workshops: this year, we have been really surprized and pleased by the number of submitted and accepted workshops (11, 9). All of them have found their audience (from 6 to 15 attendees, our upper limit). It is a great achievement for this edition!
  • Keynote/closing talk: for PTS24 we haven’t found any fitting topic or speaker. We are definitely not a conference large enough to regularly attract speakers able to give such talks on our stage. When the right content and speaker will be available, we will have a keynote at Pass the SALT. In our opinion, it is the right way to proceed to respect our attendees and it is perfectly OK for us!
  • Acceptance rate: this year, it is quite high compared to the 2022 and 2023 figures. It comes mainly from the fact we had a lot of workshops submitted and (almost all) accepted. When we look only at the talks, the acceptation rate drops a little (72%) to reach a level closer to previous years.
  • Invited talks: we are proud to have a hybrid talks selection process (CFP + invited talks). It allows us to mix the openness of a Call for Papers with the ability to give a special focus to our current edition with a limited number of invited talks (2 for this year).

Speakers geographical distribution

Year France (rest of) Europe (rest of the) World
2024 61% 30% 9%
2023 74% 22% 4%
2022 77% 23% 0%

We are pleased to see (a little) more non French speakers coming to Pass the SALT. We will continue to promote the conference outside France in order to improve our speakers geographical diversity :)

Recording, streaming and slides

  • Talks have been streamed without any major issue. After the conference, we got feedback from many friends having been able to remotely attend part of the conference or even watch all talks flawlessly!
  • This year again, we are proud to say that the videos of all talks of each day have been put online each evening. Hats off to the team members involved πŸ‘
  • All slides have also been put online at the end of the conference on our archives site πŸš€

Our feedback:

  • (near) Emergency video team replacement. This year, due to a late agenda conflict, our friends and partners from Ubicast, who previously managed on-site recording and streaming of the conference, haven’t been able to come on site. It was quite a problem for us because the organization team does not have the manpower nor the know-how to record/stream an event like Pass the SALT.
  • As we are big fans of Cooper’s recording work during many infosec conferences we have attended/talked, we asked him (very lately!) if he would be able to come to record our talks. And guess what? He said “Yes, I can!” 😍
  • And everything worked like a charm! Cooper did a fantastic job (recording, fixing all potential problems with the help of blazing fast Laurent, the Polytech video guy).
  • We are so thankful to Cooper for his commitment, his hard and quality work and his willingness to interact smoothly with all team members! Thanks so much from all the team! πŸ™
  • The Ubicast team has been there to answer all our questions very efficiently and to provide the infrastructre and the video portal to do the streaming. Thanks a lot to them!
  • Finally, hats off to the volunteers in the audience who helped out with the video camera during the conference!

2024 highlights

  • Sessions: after boot security and supply chain security in 2023, this year again, we managed to setup a new session alongside regular ones (DFIR, low level, reverse, network, pentest, crypto etc): WebPKI and Trust.

During this session, we had the opportunity to receive on the same stage Aaron Gable and Philippe Boneff, tech leaders of two major projects for Web security: Let’s Encrypt and Certificate Transparency software at Google. This new session seems to have been really appreciated by attendees and surely, by the team. πŸ™

sessions

  • Speakers: unlike for the 2023 edition, we haven’t faced any specific problem during our contacts with potential speakers coming from big tech companies. The main reason for not being able to come has been (personal or professional) agenda conflicts which is totally legit. We also experienced pleasant situations with very open minded speakers who didn’t know PTS previously and decided to submit to the CfP right after our contact or even better, just after learning PTS exists!

Attendees and Speakers Feedback

All the graphics/figures below are coming from the post-event survey.

Attendees feedback

Event experience The general event experience of our attendees has been very good (31% good or 69% perfect). And every single attendee would like to come back next year!

experience

Attendees globally liked the event (communication, venue, pauses).

Positive points underlined by attendees:

  • ease and quality of the networking with relaxed and open minded speakers,
  • accessibility of the venue,
  • power available in many spots of the main room.

But 2 points were cited half less than other: foodtrucks for lunch and the social on 2nd day evening.

Foodtruck: we can share some facts about the foodtruck. We faced real problems to have a different foodtruck for the second day. At the end (less than a week before the event), we had to fallback on having the same foodtruck for day 2. Not a perfect solution, but at least, unlike last year, it provided several veggie options :)

Social event: it is less understandable for us. Unlike the speakers dinner (more on this below), we have been received by the 3 Brasseurs bar in a large dedicated space with an open terrace. New We delivered this year a lot of free lunch tokens (for each table and more) in addition to 2 free drinks. The day after, we even received good feedback IRL πŸ€·β€β™‚οΈ

πŸ› οΈ Let’s browse 2023 list of suggested improvements and look at the things we deployed to answer them:

  • Clearer practical info page on the website ;
    > org answer: this year, we provided more detailled info page and put way more links to it on our different websites.
  • Improve the event communication ;
    > org answer: we communicated on 3 different social networks (X, Mastodon and [new] this year, on LinkedIn). We communicated on these networks regularly since January, weekly since May.
  • Improve the catering offer during the midday break (especially veggie)
    > org answer: as explained upper, we didn’t manage to have a different foodtruck for the second. But it provided several veggie options to attendees.

πŸ› οΈ List of suggested improvements by our attendees after this year edition:

  • chat/hack zone: add a space for it in the central alley
    > org: nice and legit proposal, will work on it,
  • more speakers diversity: "… because it was a little bit “~30/40 years old white male” “
    > org: a recurrent and completely legitimate request but a hard one πŸ˜” We will try harder (and differently also!),
  • luggages room: having one would be more comfortable
    > org: sure. This year, school provided us a room but it was too far into the building to be practical and safe. We will try to do better next year,
  • branding: in order to emphasize the own and unique soul of the conference, provide more branding with big banners at the front of the school, in alley, into the main room etc. Maybe also some merchandising
    > org: it requires more expenses (for branding) and a lot of added work for merch but we will look at it carefully πŸ‘οΈ,
  • start: starting later on the first day to enable people coming from Paris to arrive more comfortably
    > org: will try too. We also currently don’t know if we will come back on a conference start on Monday 2:00 PM like before or not,
  • lack of students: some of you suggest that students may be perfect targets for a lot of talks and workshops of the conference. And it was so a surprize for you to not having more of them in the attendance
    > org: unfortunately, in early July, most of the students have left the school to go back to home or to do internship in companies.

Talks and workshops

talks level

  • Attendees appreciated the high quality level of both the talks and workshops,
  • The only talk not live delivered but previously recorded by its speaker (due to private reasons) has been really appreciated with its very dynamic and interactive remote live Q/A session. Thanks Tommaso for this effort and your commitment πŸ‘οΈ

tommaso

Speakers feedback

speakers experience

Speakers have globally really appreciated:

  • coming to the event to deliver their talk/WS,
  • attending others talks and interact during social moments with speakers of their session but also those coming from other communities (low level and reverse, crypto, PKI, network and system…).

🎁 The reward bag (with of course, some grams of flower of salt inside πŸ˜‰) we provided to reward our commited speakers has been really appreciated too!

But there is always room for improvement :)

πŸ› οΈ List of suggested improvements by 2024 speakers:

  • speakers dinner: it was unanimously identified as the main area for improvement this year. Too small, too noisy, food, despite being good, came too late in the evening etc.
    > org: we totally agree. We will look for a different and bigger location for the next edition.
  • wifi: despite improvements since previous editions, access to the wifi seems to have been tricky sometimes, notably in the workshop area.
  • feedback on talk/workshop content and delivering: some of you have asked if it would be possible to get feedback from attendees.
    > org: a totally legit question but we have not yet found the medium to do it efficiently. It is a work in progress on our side.
  • Q/A: a speaker has been complaining about the lack of time given to attendees when they have no question coming quickly enough after the talk.
    > org: usually, in this case, the person chairing the session always asks the first question. We will try to be more vigilant to give more opportunity to attendees to ask their questions.

Budget & Sponsoring

Pass the SALT is since day one a free conference (as in free beer) that gives access to the attendees to all talks, workshops but also pauses and social events at no cost.

For us, it is the way to ensure that anybody, regardless of their context and financial capabilities, can have access to state-of-the-art knowledge in Security and Free Software areas but also to exchanges with all community members.

We have seen some evolution in our sponsors line-up: a long time supporter decided to move away (Google) and we are very grateful for its long-term support. We have also welcomed three new sponsors (Passbolt, Cyberzen and Seek IT Security) and we thank them warmly to join others sponsors and partners (Gandi, Quarkslab, Lexfo, Synacktiv, Randorisec and Polytech) to allow us to run this new edition πŸ‘οΈ

The organization team really wants to thank all our sponsors and partners for their support and without who nothing would have been possible πŸ‘πŸ™

sponsors

In order to provide transparency to all but also to help everybody who would like to launch their own event, whe share the big lines of the budget:

Approx. Budget: 15.000€~

Approx. Budget breakdown in %:

  • 35.3%: catering (pauses, social event, spearkers dinner)
  • 33.2%: travel expenses reimbursement
  • 22.0%: onsite communication, identification and rewards expenses (badges, lanyards, tokens, kakemonos, stickers, speakers rewards etc)
  • 8.5%: onsite private security company services (*)
  • 2%: recurrent expenses (bank account, servers, domain name etc).

(*) New requirement in 2024: due to the highest level of terrorism threat on all the French territory, Polytech has been required to have private access control forces for all events held into its building. So, we have inherited this obligation. We are crossing fingers to see this requirement cancelled after the end of Olympic Games 🀞

Some org team thoughts

Collaboration born from discussions during the conference

Sharing and collaboration are the main reason behind the existence of this conference and we are delighted to share these first two accomplishments that emerged directly from discussions during the 2024 edition:

  • Quentin JEROME, Kunai main developer, added logs rotation with max size and compression to his product 2 weeks after a discussion with attendees (@xme and @DavidSzili ?) during the conference πŸ‘
  • very early discussions started between Certificate Transparency community members and an Internet provider in order to evaluate the opportunity to implement the first CT log in Europe. Let’s see where this will take usπŸ€žπŸ™

You can find all the collaborations that were born during the conference (at least those we heard of!) on the dedicated page of our website πŸ™β€οΈ

Expert but cool and open minded speakers

Before concluding, just a nice side note to illustrate the kind of relaxed yet high-level speakers you can have access to freely (as in free beer but also as in free speech) and easily during Pass the SALT talks, workshops and social moments:

  • a close friend of us (and speaker!) told us on last day that he sadly wasn’t able to attend the workshop about Landlock (an open source Linux application sandboxing solution),
  • we answered that we can introduce him to MickaΓ«l SalaΓΌn who gave the workshop,
  • after the exchange, our friend came back to us happy but also shaken: “MickaΓ«l answered to all my questions, it is wonderful! But I was shocked because I discovered during the talk that he wasn’t an advanced user of Landlock like I presumed before but he was … the Linux kernel developer who designed, developed and landed Landlock into the Linux Kernel πŸ‘€ Nothing less than that, it is incredible!” πŸ˜‰β€οΈπŸš€

It is for us the perfect illustration of what we want to provide to all the Security & Free Software community members, old and new: a free, open and human sized event where everybody can listen, exchange and collaborate easily with high level yet accessible and open minded speakers from all over the world πŸ™

experts

Team is growing 🫢

This year, we welcomed two new and young members inside the D-day org team. They have brought with them their volunteer and event organization experience alongside their enthusiasm. Thanks a lot to them!

Their arrival also forced us to better document the way we operated before the conference, as well as during the event itself. We really hope it has been enough but their feedback seems to indicate that we haven’t been too bad as they have already engaged themselves to be there next year πŸ˜‰

Some innovations

Privacy lanyards: last year, we have tried to increase privacy during the event for our attendees who wanted to by providing them a specific lanyard which indicates to all others participants that they don’t want to appear on photos. Due to its 2023 success, we have perpetuated it!

AI: this year, like many of you, we have given a try to AI to generate some of our images to communicate on social media.

ai

Badges: last, as each edition, we provide wooden badges (openly documented of course). And this year, inspiration has not been so hard to find πŸ˜‰

badges

Conclusion

Finally, according to survey results, speakers and attendees feedback, 2024 edition seems to have been a good one πŸ™‚ All the speakers got the opportunity to share their last research and development with their community but also with people (attendees and speakers) coming from other communities of the Security and Free Software landscape. And this, in the relaxed atmosphere of a human sized event! ❀️

We know that we have a lot of work ahead of us to address the different improvements asked by speakers and attendees, we are going to do our best to reach their expectations!

We let the finals words go to two of our great speakers:
Src: speakers survey

  • Xavier Mertens aka @xme: “Awesome as usual. Small event but a concentration of crazy people”
  • Thomas Chopitea aka @tomchop_: “As usual, PTS is a great event with a tight-knit community. I love coming here and interacting with speakers, attendees, and organizers :)”


It has been a blast! See you at #PTS25! πŸ‘‹ 😘
Pass the SALT 2024 organization team