Open Source Summit North America 2025

Location: Outdoor Terrace (Level 1 - Terrace Level)

Start your Day 1 with a refreshing yoga session! Join us for a rejuvenating practice that will energize your body and mind, setting the perfect tone for the day ahead. Whether you're a seasoned yogi or a beginner, this session is designed to help you find balance and focus. Don't miss this opportunity to connect with fellow attendees in a serene and invigorating atmosphere. See you on the mat!

There is no cost to participate and space is available on a first-come, first-served basis.

*Participants must be registered for Open Source Summit North America 2025, and have their event badge.

Monday June 23, 2025 6:45am - 8:00am MDT
Bluebird Ballroom Foyer (Level 1 - Terrace Level)

Special Events / Exhibits / Breaks

7:30am MDT

Continental Breakfast

Monday June 23, 2025 7:30am - 9:00am MDT

Monday June 23, 2025 7:30am - 9:00am MDT
Bluebird Ballroom Foyer (Level 1 - Terrace Level)

Special Events / Exhibits / Breaks

7:30am MDT

Zen Zone

Monday June 23, 2025 7:30am - 5:00pm MDT

712 Meeting Room (Level 3 - Street Level)

All attendees may feel free to use the Zen Zone as needed. It is a physical space where attendees can go if for any reason they can’t interact with other attendees at that time where conversation and interaction are not allowed.

Monday June 23, 2025 7:30am - 5:00pm MDT
712 Meeting Room (Level 3 - Street Level)

Special Events / Exhibits / Breaks

7:30am MDT

Hacker Space

Monday June 23, 2025 7:30am - 5:10pm MDT

Bluebird Ballroom Foyer - Space behind the escalators

Discover a space, where you can collaborate, create, and explore new ideas with fellow attendees. Whether you're here to learn or build, our space is open for everyone to enjoy throughout the conference!

Monday June 23, 2025 7:30am - 5:10pm MDT
Bluebird Ballroom Foyer - Space behind the escalators

Special Events / Exhibits / Breaks

7:30am MDT

Coat & Bag Check

Monday June 23, 2025 7:30am - 6:00pm MDT

607 Meeting Room (Level 3 - Street Level)

Monday June 23, 2025 7:30am - 6:00pm MDT
607 Meeting Room (Level 3 - Street Level)

Special Events / Exhibits / Breaks

7:30am MDT

Registration & Badge Pick-Up

Monday June 23, 2025 7:30am - 6:00pm MDT

Monday June 23, 2025 7:30am - 6:00pm MDT
Bluebird Ballroom Foyer (Level 1 - Terrace Level)

Special Events / Exhibits / Breaks

9:00am MDT

Keynotes to be Announced

Monday June 23, 2025 9:00am - 10:45am MDT

Bluebird Ballroom 1C (Level 1 - Terrace Level)

Monday June 23, 2025 9:00am - 10:45am MDT
Bluebird Ballroom 1C (Level 1 - Terrace Level)

Keynote Sessions

10:45am MDT

Coffee Break

Monday June 23, 2025 10:45am - 11:20am MDT

Monday June 23, 2025 10:45am - 11:20am MDT
Solutions Showcase - Bluebird Ballroom 1AB

Special Events / Exhibits / Breaks

10:45am MDT

Solutions Showcase

Monday June 23, 2025 10:45am - 5:10pm MDT

Monday June 23, 2025 10:45am - 5:10pm MDT
Solutions Showcase - Bluebird Ballroom 1AB

Special Events / Exhibits / Breaks

11:20am MDT

State of the CD Foundation - Dadisi Sanyika, CDF Governing Board Chair, Apple

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3B

Speakers

Dadisi Sanyika

CDF Board Chair, Spinnaker TOC, Engineering Manage, Apple, Inc.

I am Board Chair for the Continuous Delivery Foundation (Linux sub-foundation) and lead a team of engineers at Apple dedicated to improving the Continuous Deployment experience for teams and the community. Our contributions are focused on extending scalability and multi-tenant capabilities... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3B

cdCon

11:20am MDT

Building Trust in ML: Mapping the Model Lifecycle for ML Integrity and Transparency - Marcela Melara, Intel Labs

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2F

Open machine learning (ML) models and datasets are rapidly becoming central to building AI applications. While this trend accelerates innovation and democratizes AI, it exposes applications to security risks like data poisoning and supply chain attacks. Threats like malicious backdoors hidden in pre-trained ML models hosted on major hubs like Hugging Face emphasize the wide reach compromises can have. So, how do we build trust in the ML lifecycle?
This talk presents Atlas, a framework that combines open specifications for data and software supply chain provenance like Coalition for Content Provenance and Authenticity (C2PA) and Supply-chain Levels for Software Artifacts (SLSA) with the integrity features of transparency logs and trusted hardware to run attestable ML pipelines. First, we motivate the need to safeguard all layers of the ML lifecycle. We describe and demonstrate how Atlas’s three core mechanisms enable verification: (1) cryptographic artifact authentication, (2) hardware-based attestation of ML systems, and (3) provenance tracking across ML pipelines. Our Atlas demo integrates several open-source tools to build an end-to-end ML lifecycle transparency system.

Speakers

Marcela Melara

Research Scientist, Intel Labs

Marcela Melara is a research scientist in the Security and Privacy Research group at Intel Labs. Her current work focuses on developing solutions for high-integrity software and AI supply chains. She leads a number of internal, academic and open-source projects on supply chain and... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2F

Audience Experience Level Intermediate

11:20am MDT

The Power of Consolidation: A Unified Stack for Business Intelligence, Security, and Observability - Josh Lee, Altinity, Inc. & Mya Jaye, C8 Labs

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2G

Imagine you’re responding to a production incident, and you’re trying to answer simple questions about it. How many systems do you need to consult when assessing the impact of events at your company? Do you manage different technology stacks for observability, security, and business intelligence?

What if we told you, you could create a unified stack capable of serving all stakeholders simultaneously? In this talk, Mya and Josh explore how open source technologies like ClickHouse, OpenTelemetry, and Grafana enable complex business use cases using modern tooling and practices.

Regardless of your function, you will leave with a deeper understanding of how consolidating these concerns into a unified stack reduces technical complexity and provides a common language for everyone to use - from engineers building new features and product managers evaluating their success, to operators keeping the lights on and C suite’s birds-eye view of the company.

Whether you’re working with a data lake, or more of a data pond, we offer practical architectures and solutions to streamline your operations and bring your stakeholders together, all while using fewer resources.

Speakers

Mya Jaye

Founder, C8 Labs

A brilliant, talented, self-taught, ambivert who loves attending and speaking at conferences. I love tinkering with small board computers like raspberry pis.☕ If you see me around, don't hesitate to come say hi!🏒 Hockey player since I was 7💻 Programming since I was 14... Read More →

Josh Lee

Open Source Developer Advocate, Altinity, Inc.

Whether it’s operators or observability, agile or accessibility, my expertise shines because I’m passionate about all of it. I’ve been building software for more than a decade and I love sharing experiences via public speaking. I’m currently a Developer Advocate for Altinity... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2G

Audience Experience Level Intermediate

11:20am MDT

U-Boot's New Standard Boot and What's Next - Simon Glass, Canonical

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2A

U-Boot provides a fairly new feature called Standard Boot, which replaces the scripts and masses of environment variables previously used. Standard boot can boot your device automatically and quickly.

This session dives into how embedded devices boot, how Standard Boot works under the hood, the benefits of adopting Standard Boot and how to write your own bootmeth and bootdev drivers. By way of example, some existing drivers are covered, including UEFI, extlinux, Android and ChromeOS.

It also provides a general update on U-Boot and what the future might hold.

Speakers

Simon Glass

Fellow Software Engineer, Canonical

Simon Glass has worked in embedded systems for many years, at ARM, Bluewater Systems (which he founded) and Google. In ChromeOS, Simon is responsible for driving adoption of Open Source firmware components in the industry ecosystem. He is a primary contributor to U-Boot and custodian... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2A

Audience Experience Level Any

11:20am MDT

AI for Kernel Engineers - Sasha Levin, NVIDIA

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2D

Beyond the hype, AI is already impacting Linux kernel engineering workflows. This talk presents concrete examples from real-world applications in Linux kernel LTS maintenance and CVE assignment processes. We'll examine where AI tools have meaningfully improved development processes and where they fall short.
Drawing from hands-on experience, we'll demonstrate how AI assists in analyzing patches for LTS kernel trees and streamlines vulnerability classification workflows. We'll share specific metrics showing both successes and limitations, focusing on practical applications rather than theoretical possibilities. We'll also explore emerging opportunities where AI could enhance kernel development while maintaining high engineering standards.
This technical session provides kernel developers, maintainers, and engineering leaders with actionable insights for integrating AI tools into their workflows while preserving the rigor of kernel development practices.

Speakers

Sasha Levin

Distinguished Software Engineer, NVIDIA

Sasha helps maintain the Linux Kernel Stable and LTS trees. He is currently employed by NVIDIA where he helps make Linux better. Previously, Sasha was employed by Google, Microsoft, and the Ksplice team in Oracle.

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2D

Linux

Audience Experience Level Beginner

11:20am MDT

EdgeLake-FL: An Automated Federated Learning Platform for the Edge - Roy Shadmon & Moshe Shadmon, AnyLog

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3E

Edge AI today relies on centralizing data from edge devices to the cloud, but this is impractical due to costs and privacy constraints. Federated Learning (FL) is a viable alternative: edge nodes collaboratively train a ML model without transferring or exposing proprietary data. Instead, only model weights are shared, allowing each entity to develop a model that outperforms what it could train independently. Despite its potential, FL is largely academic due to the complexity of integrating expertise across the technology stack. Additionally, decentralized data can be heterogeneous, requiring non-generalizable, application-specific solutions. EdgeLake-FL is a hardware-agnostic framework leveraging EdgeLake, an LF Edge project, to automate the continuous learning FL workflow. With EdgeLake as the data management layer, decentralized data appears centralized and data heterogeneity is resolved. Using EdgeLake-FL, an ML engineer publishes a training application, and Edge nodes with relevant data autonomously train, share, and aggregate models. Each node can then leverage the aggregated models for inference directly at the Edge. In this talk, I will demo EdgeLake-FL in a real use case.

Speakers

Roy Shadmon

System Architect at AnyLog & EdgeLake TSC Member, AnyLog

Roy Shadmon is an EdgeLake contributor and a System Architect at AnyLog where he leads blockchain and ML initiatives. He is also a Ph.D. candidate at UC Santa Cruz, and his research focus is at the intersection of Bayesian statistics, distributed systems, and Byzantine fault tole... Read More →

Moshe Shadmon

CEO, AnyLog

Moshe Shadmon, CEO at Anylog. AnyLog’s Virtual Edge Data Network is a Plug & Play software, deployed at the edge, allowing real-time insight without centralizing the data. AnyLog enables deployment of applications and AI at the distributed edge. Prior to AnyLog, Moshe was the CEO... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3E

Audience Experience Level Any

11:20am MDT

Leveraging the OPEA Platform and GraphRAG Architectures To Drive Cloud-Native AI Adoption - Stephen Chin, Neo4j & Rachel Roumeliotis, Intel

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2C

In the era of cloud-native technologies, businesses are increasingly looking to integrate advanced AI capabilities into their workflows. This session explores how the Open Platform for Enterprise AI (OPEA) offers a transformative, open-source framework designed to accelerate the adoption of Generative AI (GenAI) across industries. Attendees will learn about the key benefits of adopting an open-source GenAI platform, including flexibility, community-driven improvements, and cost efficiency, as well as the advantages of deploying AI models in a cloud-native environment. We will also dive deep into the emerging GraphRAG (Graph-based Retrieval-Augmented Generation) architecture, demonstrating how it enhances the accuracy and explainability of AI-driven responses. Join us for this session to explore how the open-source OPEA platform and GraphRAG architectures are poised to redefine enterprise AI and to drive smarter, more reliable cloud-native AI applications.

Speakers

Stephen Chin

VP of Developer Relations, Neo4j

Stephen Chin is VP of Developer Relations at Neo4j, member of the Open AI Alliance, and author of several titles with O'Reilly, Apress, and McGraw Hill. He has keynoted numerous conferences around the world including AI DevSummit, Devoxx, DevNexus, JNation, Shift, JavaOne, Joker... Read More →

Rachel Roumeliotis

Director, Open Source Strategy, Intel

Rachel Roumeliotis, Director, Open Source Strategy, Intel is led by the belief that open source is key to growth and innovation, Rachel is focused on partnering with fellow Intel colleagues to incorporate these tenets into its larger business strategy. She is also working with other... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2C

Audience Experience Level Intermediate

11:20am MDT

Effortlessly Build, Run, Secure, and Manage Traffic for a Generative AI Application From Scratch - Lin Sun, solo.io

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3A

Generative AI (GenAI) is ushering in a new era of human innovation, but building your own GenAI application can feel overwhelming. Which Large Language Model (LLM) should you choose? Should you incorporate Retrieval-Augmented Generation (RAG)? How can you ensure your application runs securely and efficiently on Kubernetes, with robust observability and debugging? And how do you manage API calls and control costs for external LLMs?

This demo-driven session will guide you step by step through building, running, securing, and managing traffic for a GenAI application from scratch. Starting with a native setup, we’ll then transition to Kubernetes, simplifying the entire process. You’ll learn how to enhance your application with domain-specific knowledge using RAG and leverage cloud-native tools like Kubernetes, Prometheus, Kiali, Istio, and the Kubernetes Gateway API to run your application securely and effectively.

Speakers

Lin Sun

Head of Open-Source, solo.io

Lin is the Head of Open Source at Solo.io, and a CNCF TOC member and ambassador. She has worked on the Istio service mesh since the beginning of the project in 2017 and serves on the Istio Steering Committee and Technical Oversight Committee. Previously, she was a Senior Technical... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3A

Audience Experience Level Beginner

11:20am MDT

Who Will Maintain the Future? Tackling the Graying of Open Source Software - Abigail Cabunoc Mayes, GitHub

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3C

Open source software powers our world, but many of the maintainers keeping it alive are overburdened and aging out. Balancing technical, community, and financial responsibilities has become overwhelming, leading to burnout and project stagnation. This “graying” of open source raises urgent questions: Who will maintain the future?

Drawing from my experience supporting hundreds of maintainers through programs like GitHub Maintainer Programs, Mozilla Open Leaders, and SustainOSS, I’ll share real-world examples of the challenges maintainers face and the systemic barriers preventing new leadership. While emerging tools help reduce workload, sustainable projects need human stewardship. We'll explore practical solutions: lowering barriers to maintainership, strengthening leadership pipelines, and ensuring projects remain healthy for generations.

Maintaining open source isn’t just about code—it’s about people. Whether you’re a contributor, project lead, or company investing in open source, you’ll leave with concrete actions to help sustain the ecosystem. Let’s build a future where maintainers are supported, projects thrive, and open source continues to grow.

Speakers

Abigail Cabunoc Mayes

Open Source Programs, GitHub

Abigail Cabunoc Mayes (@abbycabs) leads GitHub’s open source maintainer programs where she works to help maintainers – and the open source ecosystem – thrive. Before joining GitHub, Abby founded and led Mozilla Open Leaders, an open source mentorship program that worked with... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3C

Audience Experience Level Any

11:20am MDT

Open Source at the Department of Homeland Security - Jordan Kasper, DHS/OCIO

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3F

The Department of Homeland Security builds and maintains thousands software systems. It would be difficult to find a system that doesn't use open source software. In fact, the U.S. government is likely the single largest consumer of OSS in the world and considering the criticality of the mission, the security of those systems is paramount. But until recently, there was no clear guidance on how we should select, consume, contribute to, and publish open source software. Recently the office of the DHS CIO published such guidance, providing much needed structure. This session will cover how DHS intends to secure its own systems by employing tools and processes to vet open source projects, ingest that software securely, and support those projects with substantive contributions.

Attendees from government entities, contractors, and members of the community should attend to learn how one agency is tackling the supply chain risks inherent in open source while still capturing the benefits that it has to offer. They'll come away with an understanding of how this might impact their work, and how by working together we can build a better open source ecosystem for everyone.

Speakers

Jordan Kasper

Sr Technical Advisor

Jordan Kasper is a software engineer, conference speaker, and open source zealot. He spent much of his career building web applications for organizations of all sizes. In 2017, he joined the U.S. Digital Service to help make tech better for all Americans, working in multiple federal... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3F

Audience Experience Level Beginner

11:20am MDT

BoF: Collaboration with Universities and Enterprises OSPO - Sayeed Choudhury, Carnegie Mellon University; Stephanie Liegg, UC Santa Cruz; Nithya Ruff, Amazon; Natali Vlatko, Cisco

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3G

Join the TODO Group and CURIOSS community for an interactive session where attendees can share use cases on how their organizations are investing in academic research. Explore practices for transferring knowledge from academia and the research community.

We welcome open source managers, OSPO leaders, and other stakeholders from organizations and universities engaged in research or interested to learn more.

Speakers

Nithya Ruff

Director, Amazon OSPO, Amazon

Nithya is the Head of Amazon’s Open Source Program Office. Amazon’s customers value open source innovation and the cloud’s role in helping them adopt and run important open source services. She drives open source culture and coordination inside of Amazon and engagement with... Read More →

Stephanie Lieggi

Executive Director, CROSS/OSPO, UC Santa Cruz

Stephanie Lieggi is executive director for the Center for Research in Open Source Software (CROSS) and the UC Santa Cruz Open Source Program Office (OSPO). In her current roles she supports the work of academic-based open source projects and enables a sustainable contributor base... Read More →

Natali Vlatko

Open Source Lead Architect, Cisco

Natali Vlatko (she/her) is an Open Source Lead Architect at Cisco, specializing in open software, policy, and governance. She is a SIG Docs Co-Chair for Kubernetes and a member of the TODO Group Steering Committee. She plays on the fun computer in her spare time. Her academic background... Read More →

Sayeed Choudhury

Associate Dean for Digital Infrastructure; Director of the Open Source Programs Office; Executive Director of Open Forum for AI, Carnegie Mellon University

Associate Dean for Digital Infrastructure, Director of Open Source Programs Office, and Executive Director of the Open Forum for AI.

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3G

OSPOCon

11:20am MDT

D(ocs)&D(evelopment): Finding the Perfect Party for Your Documentation Campaign - Heds Simons & Kim Nylander, Grafana Labs

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3D

It’s product release time. The code is stable. You’ve got everything EXCEPT the docs.

How do you create meaningful, prioritized content in a short time frame?

Your writer needs to collaborate with a Subject Matter Expert (SME) who understands the technical and user content. At Grafana, this synergy happens between Field Engineers (FE) and Technical Writers (TW). FEs are a three-in-one SME with the understanding of a developer, sales engineer, and technical support.

How does this collaboration benefit both writers and SMEs?
* TW has a single SME for user needs and cross-product technical expertise.
* FEs get accurate, up-to-date content that helps them and Grafana’s OSS community members get up to speed on products.
* OSS Community members get accurate, up-to-date docs.

In this session, you’ll learn how to:
* Identify the right SME
* Establish a collaborative workflow
* Prioritize work that best addresses the user’s needs

We’ll detail how this collaboration started through a shared love of RPGs, the traps we encountered and lessons learnt, and how a bi-weekly session between two colleagues became the foundation for a model now used across Grafana’s telemetry products.

Speakers

Hedley Simons

Senior Principal Field Engineer, Grafana Labs

Heds is a Senior Principal Field Engineer at Grafana Labs, where he builds and maintains internal and external environments, designs advanced workshops, provides input on product use-cases and acts as a SME.Heds comes from a software engineering background, and has written code for... Read More →

Kim Nylander

Principal Technical Writer, Grafana Labs

Professional writer who specializes in explaining complicated concepts in plain English at a level appropriate for the target audience. Over 15 years experience of writing SaaS product content, IT procedures, API documentation, tutorials, online help, FAQs, and specifications... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3D

Audience Experience Level Any

11:20am MDT

Unconference

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2H

Do you have a topic you’d like to discuss with fellow attendees? A project or idea you want to share and get feedback on? Something you'd like to teach others? Sign up to lead an Unconference session!
Unconference sessions are informal, attendee-driven, and a great way to connect with others. Sessions will be set up in a round table format to encourage discussion. There will be no AV—only a flip chart will be provided.
You can submit a topic in advance using this form. Please note: Only a limited number of topics will be accepted in advance. If your topic is selected, we’ll confirm your time slot via email and add it to the official conference schedule so others can join your session. This form will close on June 13, but you will still be able to submit topics onsite during the event in the Solutions Showcase - Bluebird Ballroom 1AB.
Click here to view the Unconference schedule. Be sure to check out the topics being discussed and join us onsite for great conversations!

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2H

Unconference Sessions

11:20am MDT

Why Rust and Zephyr Are a Good Fit - David Brown, Linaro

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2B

When seeking to use Rust for embedded development, there are several options, including bare-metal, a few rust-specific rtos implementations, and several existing RTOSes. This talk discusses why Zephyr is a good fit for an embedded Rust, and especially how we are able to leverage some of Zephyr's strengths, including a rich and diverse set of supported targets, and some of Zephyr's features, such as the work queue mechanism, and how it fits well with Rust's async system.

Speakers

David Brown

Senior Engineer, Linaro

David Brown is part of Linaro, and has worked on the Linux kernel, with a focus on security for a number of years. Recently, he has been focusing on security as it relates to IoT and embedded devices, including focusing on secure booting, and secure network communications. He is currently... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2B

Zephyr

Audience Experience Level Beginner

12:00pm MDT

Better Together Lunch

Monday June 23, 2025 12:00pm - 1:30pm MDT

Go Gourmet Cafe (Level 3 - Street Level)

About the Better Together Lunch
The Better Together Lunch offers an opportunity for all event participants from marginalized communities (including race, gender, sexual orientation, and disability), along with their allies, to come together and build meaningful connections that extend beyond the event. We hope that this gathering will help foster greater representation and inclusion both at the event and in the open source community over time.

No cost and pre-registration is not required to attend. We do our best to accommodate everyone interested in joining, but please note that participation is on a first-come, first-served basis.

Who Can Attend?
Any event participant from a marginalized community (including race, gender, sexual orientation, and disability) and their ally guests.

Is This Event Open to Allies?
Attendees of the Better Together Lunch are welcome to invite one (1) ally to this event. We encourage allies to support inclusion in tech by also participating in the Equity, Inclusion, and Accessibility track and by engaging with attendees from underrepresented backgrounds throughout the event.

If you are interested in learning more about how the Linux Foundation promotes inclusion and equal opportunities, visit our Inclusion & Accessibility page.

Monday June 23, 2025 12:00pm - 1:30pm MDT
Go Gourmet Cafe (Level 3 - Street Level)

Special Events / Exhibits / Breaks

12:00pm MDT

Lunch (Provided Onsite for All Attendees)

Monday June 23, 2025 12:00pm - 1:30pm MDT

Monday June 23, 2025 12:00pm - 1:30pm MDT
Solutions Showcase - Bluebird Ballroom 1AB

Special Events / Exhibits / Breaks

1:30pm MDT

Implementing Zero Trust Security in Jenkins Pipelines With Open Source Tools - Steve Taylor, DeployHub, Inc

Monday June 23, 2025 1:30pm - 1:50pm MDT

Bluebird Ballroom 3B

As cyber threats become increasingly sophisticated, the traditional perimeter-based security model no longer suffices. Zero Trust Security offers a modern framework that assumes no entity—user, device, or application—can be trusted by default, emphasizing "never trust, always verify." But how can this framework be applied effectively within automated CI/CD pipelines like Jenkins?

In this talk, we’ll provide a practical introduction to Zero Trust Security, exploring its key principles and the critical role it plays in modern software delivery. Attendees will learn how to integrate Zero Trust practices into Jenkins pipelines using powerful open-source tools. From secrets management to policy enforcement and continuous vulnerability management, this session will provide actionable steps to secure the entire software development lifecycle.

Speakers

Steve Taylor

CTO, DeployHub

Steve Taylor is a visionary and leader in open-source security, DevOps, and securing the software supply chain. Long before “CI/CD” became a buzzword, Steve was designing cutting-edge pipelines for Fortune 1000 companies, redefining how software is built and deployed. His innovative... Read More →

Monday June 23, 2025 1:30pm - 1:50pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Beginner

1:30pm MDT

Gopher Meets Crab: A Rust Journey in Cloud Native - Phil Estes, AWS

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 2G

If you've been around the container and cloud native ecosystem for any length of time, you know most major components are written in Go: from Docker to runc and from Kubernetes to etcd! This means that many of the common constructs, for example the OCI specs, or Kubernetes API resources, are easy to use from other Go programs, but not quite as easy when you step outside of the Go ecosystem.

In this talk we'll dive into the experience of trying to use containers from a Rust-written client and delve into existing work from early adopters of Rust. There are quite a few crates that help us along the way, providing some level of parity for Rust developers in the cloud native ecosystem. There are still complexities and hurdles as well, and we'll share our experience navigating this as a long-time Go programmer and Rust newbie.

Attendees will take away some quick tips as well as gotchas for working in the container and cloud native ecosystem as a Rust developer and, who knows, maybe soon the Gopher and the Crab will be the best of friends.

Speakers

Phil Estes

Principal Engineer, Core Container Technology, AWS

Phil is a Principal Engineer for Amazon Web Services (AWS), focused on core container technologies that power AWS container offerings like Fargate, EKS, and ECS. Phil is an active contributor and maintainer for the CNCF containerd runtime project, and participates in the Open Container... Read More →

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 2G

Audience Experience Level Beginner

1:30pm MDT

Mainframes Aren’t Dead, They’re Just Running Kubernetes Now - Josephine Pfeiffer, Red Hat

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 2F

Mainframes have been declared dead more times than JavaScript frameworks have been invented—but here they are, still running the backbone of global finance, government, and enterprise computing. And now? They’re running Kubernetes too.

This talk dives into the why and how of running Kubernetes on mainframes, from containerization on z/OS to networking, workload orchestration, and real-world use cases. We’ll break down the challenges, the benefits, and whether this is a clever hack or a genuinely viable approach for modern infrastructure. If you think mainframes are relics, think again—because they’re running microservices now.

Speakers

Josephine Pfeiffer

Senior Cloud Native Consultant, Red Hat

Josephine is a consultant specializing in developer productivity and infrastructure. She has worked for enterprises, SMEs, and startups in roles spanning platform engineering, DevOps, Site Reliability Engineering, and technology management.She is an active open-source contributor... Read More →

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 2F

Audience Experience Level Intermediate

1:30pm MDT

Heterogeneous Linux and RTOS Software Architecture for Low-Price RISC-V Cores - Jim Huang & 繼寬邱, National Cheng Kung University

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 2A

SoCs are increasingly heterogeneous, featuring multiple processor clusters and special-purpose accelerators. As a result, Asymmetric Multiprocessing (AMP) systems must support different operating environments running concurrently on the same chip. This talk outlines the software architecture needed to develop applications for AMP setups, enabling operating systems to interact across diverse homogeneous and heterogeneous configurations. In this way, AMP applications can leverage the parallelism provided by these varied architectures.

Our prototyping efforts focus on low-cost RISC-V processor cores configured as AMP systems, running both the Linux kernel and RTOSes such as ThreadX. This setup includes an IPC layer that implements RPMSG communication between cores. Additionally, our proxy infrastructure highlights how a proxy on the master core can handle POSIX library calls from RTOS-based remote contexts.

Speakers

Jim Huang

Assistant Professor, National Cheng Kung University

Drawing from his contributions to the Android Open Source Project (AOSP), Jim specializes in real-time performance tuning and optimization of Linux-based automations. Additionally, he is a co-founder of the LXDE project, a lightweight desktop environment widely utilized in embedded... Read More →

Chi-Kuan Chiu

Student, National Cheng Kung University

Chi-Kuan Chiu is currently pursuing the B.S. degree in computer science with National Cheng Kung University.

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 2A

Audience Experience Level Beginner

1:30pm MDT

Accelerating Computation With GPU Parallel Processing: Enhancing Performance and Efficiency - Akhilesh Shenoy & Aakarsh Jain, Samsung Semiconductor

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 2E

Graphics Processing Units (GPUs) have become key to modern computing, enabling high-performance parallel processing beyond their original role in gaming. Today, they are critical for solving complex computational challenges effectively. To achieve high levels of parallelism, OpenCL is commonly used to break tasks into kernels, which are executed by multiple threads. Optimizing OpenCL performance on GPUs remains a persistent challenge, as it involves fine-tuning both software (OpenCL code, kernels) and hardware. One of the critical factors influencing GPU performance is the effective use of workgroups. The size of workgroups significantly impacts parallelism and efficiency.
This session focuses on key software optimizations in OpenCL, such as efficient memory management, kernel fusion and optimal workgroup sizing in improving GPU performance. We will demonstrate, how optimized OpenCL code can significantly enhance parallel execution and efficiency. This talk also addresses challenges faced by automotive GPUs, including power and thermal constraints with strategies to overcome these. Best practices for writing efficient OpenCL code tailored for automotive GPUs will also be outlined.

Speakers

Akhilesh Shenoy

Associate Staff Engineer at Samsung Semiconductor, Samsung Semiconductor

Embedded Software developer with 4yrs of experience in Linux BSP, domain.

Aakarsh Jain

Associate Staff Engineer at Samsung Semiconductor, Samsung Semiconductor

6yrs of experience in Embedded Linux BSP

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 2E

Linux

Audience Experience Level Beginner

1:30pm MDT

The Generative AI Commons: Unlocking Potential Through Collaboration and Transparency - Arnaud Le Hors, IBM & Ofer Hermoni, iForAI

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 2C

In the rapidly evolving landscape of Generative AI, it is becoming clearer every day that open strategies are key drivers of innovation and widespread adoption. This session will present the Generative AI Commons, its activities, and deliverables to date, including the Model Openness Framework (MOF) and the Responsible Generative AI Framework,

LF AI & Data initiative dedicated to fostering the democratization, advancement and adoption of efficient, secure, reliable, and ethical Generative AI open source innovations through neutral governance, open and transparent collaboration and education.

Speakers

Arnaud Le Hors

Senior Technical Staff Member Open Technologies, IBM

Arnaud Le Hors is Senior Technical Staff Member of Open Technologies at IBM, primarily focusing on Open Source security and AI. He has been working on standards and open source for over 30 years. Arnaud was editor of several key web specifications including HTML and DOM and was a... Read More →

Ofer Hermoni

Founder, Chief AI Officer, iForAI

Dr. Ofer Hermoni is a visionary AI leader with a Ph.D. in Computer Science and 60+ patents in AI, security, networking, and blockchain. He co-founded the Linux Foundation AI and served as its inaugural technical chair, shaping the global AI ecosystem. A two-time startup founder, he... Read More →

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 2C

Audience Experience Level Any

1:30pm MDT

Panel Discussion: Open Source: What's Next - Tony Wasserman, Software Methods and Tools; Stormy Peters, Independent; Rao Lakkakula, Microsoft; Nithya Ruff, Amazon; Chris Aniszczyk, The Linux Foundation

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 3C

This proposed session is a panel discussion covering recent developments and likely future directions for open source software, particularly as it applies to companies that are developing and/or using open source software in their products. The invited panelists all have extensive experience that cover the most significant issues facing open source today, including licensing, security, AI, and OSPOs.

Speakers

Tony Wasserman

Principal, Software Methods and Tools

Tony Wasserman has divided his career between academia and industry. He is currently Principal of Software Methods and Tools, and an Advisor in the UC Berkeley SkyDeck accelerator. He was Professor of Sfw Mgmt at CMU-Silicon Valley from 2005-23. Earlier, he was CEO of Interactive... Read More →

Stormy Peters

Open Source Advocate, Self employed

Stormy Peters is VP of Communities at GitHub. She leads the teams responsible for enabling the online creators and open source communities on GitHub, including GitHub’s community product efforts, developer relations, education, and other strategic programs. Throughout her career... Read More →

Rao Lakkakula

Partner Director, Open Source Ecosystem, Microsoft

Rao Lakkakula is the Director of Open Source Ecosystem at Microsoft. Rao has held various roles in open source, security, engineering, risk management, and business intelligence. His previous experience includes leadership positions in security at JPMorgan Chase, Climate Corp, Amazon... Read More →

Nithya Ruff

Director, Amazon OSPO, Amazon

Chris Aniszczyk

CTO, Linux Foundation

Chris Aniszczyk is an open source technologist with a passion for building a better world through open collaboration. He's currently a CTO at the Linux Foundation focused on developer experience and running the Cloud Native Computing Foundation (CNCF). Furthermore, he's a Partner... Read More →

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 3C

Audience Experience Level Intermediate

1:30pm MDT

Disconnected Environments in a Connected World - Daniel Moch, Lockheed Martin & Eddie Zaneski, Defense Unicorns

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 3F

Most modern software assumes the internet is always available—but what happens when it’s not? Air-gapped environments are more prevalent than you might think. While they are essential in government, they’re also common in finance, healthcare, and manufacturing. Yet, a surprising amount of today’s tooling—from CI/CD pipelines to package managers—relies on network access and fails when that assumption is broken.

Working in these environments means finding new ways to handle familiar problems. In this talk, we’ll look at the challenges teams face when managing dependencies, applying updates, and automating deliveries without internet access. We’ll share practical solutions, real-world examples, and ways to make modern development practices work in restricted environments.

Speakers

Daniel Moch

Staff Software Engineer, Lockheed Martin

For over 20 years, Daniel has worked as a software engineer in the Defense and Aerospace industry. His experience ranges from embedded device drivers to large logistics and information systems. In recent years, he has focused on helping legacy programs adopt modern DevOps practices... Read More →

Eddie Zaneski

Technical Advisor to the CTO, Defense Unicorns

Eddie lives in Denver, CO with his wife and dog. He loves open source and works on the Kubernetes project. When not hacking on random things you'll most likely find him climbing rocks somewhere.

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 3F

Audience Experience Level Beginner

1:30pm MDT

Alignment of Community Contributions and Business Goals - How Can Your OSPO Help? - Masae Shida, VMware (Broadcom)

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 3G

Today it’s nearly impossible to build software without open source. Some projects are massively popular, and quite often used in multiple products within the same organization. But are we all collaborating on these projects in ways that are aligned across the company? Here your OSPO can help your organization work towards the same goals.
Which open source projects are built into your product portfolio? Who in your organization is contributing to these projects? How do you know your contributions are not impeding each other?
Broader involvement should occur in a coordinated and thoughtful manner across the key projects. Having a united front within open source communities will help your organization drive consistent and effective contributions.
The talk will cover:
● How can your OSPO help coordinate contributions across the organization?
● How can you identify your company’s strategic open source projects?
● How can we ensure these projects will continue to be viable and sustainable?
The audience will learn how an OSPO can enable more efficient and effective contributions to open source projects in ways that are aligned with both their business and community goals.

Speakers

Masae Shida

Staff Technical Program Manager, VMware (Broadcom)

Masae is a Staff Open Source Program Manager leading the company’s open source business and community strategy alignment. Previously she led numerous programs including large-scale DX/IT transformations as part of M&A at Cisco, security/compliance process implementation and consumer... Read More →

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 3G

Audience Experience Level Any

1:30pm MDT

Lower the Barrier of Entry: Empowering Non-writer Contributions To Docs - Manny Silva, Skyflow

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 3D

Documentation thrives on contributions, but many potential contributors hesitate to edit docs because of uncertainty about style, structure, and quality standards. This talk demonstrates how modern tooling can create a supportive environment that empowers non-writers to confidently contribute to documentation. We'll explore a practical toolkit combining templates for clear structure, AI-powered drafting assistance, automated style checking, format linting, content validation, and quality reviews to guide contributors through the docs process. Through these tools and a streamlined editing workflow, teams can create an environment where developers, product managers, support staff, and other non-writers feel confident contributing while maintaining documentation standards. We'll examine real examples of successful implementations and provide practical steps for adding these capabilities to your own docs.

Speakers

Manny Silva

Head of Documentation, Skyflow

Technical writer by day and engineer by night, Manny Silva is Head of Documentation at Skyflow and the creator of Doc Detective. He’s passionate about intuitive and scalable developer experiences and likes diving into the deep end as the 0th user.

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 3D

Audience Experience Level Any

1:30pm MDT

Unconference

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 2H

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 2H

Unconference Sessions

1:30pm MDT

Zephyr for Open Source Health Devices - Ashwin Whitchurch, Protocentral Electronics

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 2B

This talk would highlight the importance of open source health devices and how we used Zephyr across several hardware platforms to develop these devices. We will draw on experiences from our projects including HealthyPi 5, HealthyPi 6 and the wearable HealthyPi Move, all open source hardware and software. More specifically how Zephyr enabled the use of practically a single codebase across three different microcontroller platforms in different form factors.

l will also talk about the challenges faced during the process of making the system wearable and low power and the solutions that worked for us.

Speakers

Ashwin Whitchurch

CEO, Protocentral Electronics

Ashwin is a part of a company called Protocentral Electronics, which is focused on developing open-source hardware for healthcare applications. He is a software and hardware engineer by education and profession, with Masters degrees in both subjects.

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 2B

Zephyr

Audience Experience Level Intermediate

1:30pm MDT

Tutorial: From Planning To Production-Ready RAG With OPEA - Andreas Kollegger, Neo4j; Ezequiel Lanza & Katherine Druckman, Intel

Monday June 23, 2025 1:30pm - 3:05pm MDT

Bluebird Ballroom 3E

Enterprises struggle to integrate fragmented generative AI (GenAI) technologies. Due to its rapid evolution and diverse implementations, even top LLMs hallucinate when answering Kubernetes-related questions.

The Open Platform for Enterprise AI (OPEA), a Linux Foundation project, accelerates GenAI adoption with an orchestration framework that composes microservices via customizable blueprints to deploy or create GenAI applications.

In this hands-on tutorial, developers will deploy advanced retrieval-augmented generation (RAG) applications using Kubernetes. They’ll explore how OPEA orchestrates AI workloads via a microservices architecture and build a production-ready RAG chatbot. Attendees will go beyond deployment, enhancing vector search with knowledge graphs, customizing OPEA components, and scaling AI solutions efficiently on Kubernetes—all while integrating AI agents for more intelligent automation.

Speakers

Ezequiel Lanza

Open Source AI Evangelist, Intel

Passionate about helping people discover the exciting world of artificial intelligence, Ezequiel is a frequent AI conference presenter and the creator of use cases, tutorials, and guides that help developers adopt open source AI tools.

Katherine Druckman

Open Source Evangelist, Intel Corporation

Katherine Druckman is an Open Source Evangelist at Intel, where she enjoys sharing her passion for a variety of open source topics. She currently combines her enthusiasm for software security and emerging AI technology as the OPEA Security Working Group Lead and Co-Chair of the OpenSSF... Read More →

Andreas Kollegger

GenAI Lead for Developer Relations, Neo4j

Andreas is a technological humanist. Starting at NASA, Andreas designed systems from scratch to support science missions. Then in Zambia, he built medical informatics systems to apply technology for social good. Now with Neo4j, he is democratizing graph databases to validate and extend... Read More →

Monday June 23, 2025 1:30pm - 3:05pm MDT
Bluebird Ballroom 3E

Audience Experience Level Intermediate

1:30pm MDT

Tutorial: Guarding the Gates: Understanding and Mitigating OWASP's Top 10 LLM Security Risks - Neetu Jain & Kimberly Nowell-Berry, JPMorgan Chase

Monday June 23, 2025 1:30pm - 3:05pm MDT

Bluebird Ballroom 3A

As organizations rapidly adopt Large Language Models (LLMs) in production environments, understanding their unique security vulnerabilities becomes crucial. This session provides a deep dive into OWASP's Top 10 LLM risks, examining real-world examples and practical mitigation strategies.

Speakers

Kimberly Nowell-Berry

JPMorgan Chase

Neetu Jain

Executive Director, JPMC

Neetu Jain is the Executive Director at JP Morgan Chase in the Emerging Technology Security division, where she leads initiatives in AI security. With 20 years of experience in the tech industry, Neetu has driven innovation and security across various domains and products, including... Read More →

Monday June 23, 2025 1:30pm - 3:05pm MDT
Bluebird Ballroom 3A

Audience Experience Level Intermediate

1:50pm MDT

A Secure Tekton Task by Using Confidential Containers - Tatsushi Inagaki, IBM

Monday June 23, 2025 1:50pm - 2:10pm MDT

Bluebird Ballroom 3B

Software supply chain attack is an emerging threat for today’s enterprises. An attacker first gets an internal network access of the target enterprise, typically by using social engineering. Next the attacker gets administrator access to a software supply chain of the enterprise. Finally the attacker injects a backdoor into a built artifact and steals confidential information or digital assets from the enterprise, or even worse from customers.

A critical attack surface here is the administrator of the software supply chain. Confidential Containers is an open source project to protect containers from administrators by using trusted execution environments (TEEs). It protects a Kubernetes pod from a cluster administrator by running the pod inside of a TEE and validating the pod by remote attestation.

This talk presents a use case of Confidential Containers to protect a Tekton task. You will understand how Confidential Containers protects a task and artifacts even when the cluster administrator is compromised.

Speakers

Tatsushi Inagaki

Staff Research Scientist, IBM

Tatsushi is working on research to enhance the security of IBM Z. He contributed to various open source projects. He is recently contributing to Confidential Containers, which is a sandbox project of Cloud Native Computing Foundation.

Monday June 23, 2025 1:50pm - 2:10pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Advanced

2:25pm MDT

Securing the Software Supply Chain: Integrating OpenSSF Scorecard, Jenkins, and the Ortelius Project - Tracy Ragan, DeployHub, Inc

Monday June 23, 2025 2:25pm - 2:45pm MDT

Bluebird Ballroom 3B

As the number of software vulnerabilities grows, the need for robust, automated security practices in DevOps pipelines is more critical than ever. OpenSSF Scorecard, an initiative by the Open Source Security Foundation (OpenSSF), provides a framework for evaluating the security posture of open-source projects. Ortelius, an open-source platform and dashboard, builds on this foundation by offering continuous vulnerability tracking and management, integrating with tools like OpenSSF Scorecard and OSV.dev.

Adding to this ecosystem, Jenkins plays a pivotal role as a CI/CD powerhouse, making it an ideal candidate for advancing continuous vulnerability management. In this talk, we’ll explore how integrating Ortelius and OpenSSF Scorecard into Jenkins pipelines empowers teams to automate vulnerability scanning, track security metrics, and respond to threats more efficiently. Attendees will learn how to leverage these tools together to create a secure and automated development lifecycle.

Speakers

Tracy Ragan

CEO, DeployHub, Inc.

Tracy is a recognized expert in software supply chain security and DevSecOps, specializing in managing complex, decoupled architectures. She is the CEO of DeployHub, a scalable continuous vulnerability management platform that empowers software to 'self-heal' by automatically applying... Read More →

Monday June 23, 2025 2:25pm - 2:45pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

2:25pm MDT

EdgeLake: Extending the Cloud To the Edge – an LF Edge Project - Moshe Shadmon, AnyLog

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2G

As data volumes grow and real-time processing becomes essential, traditional cloud architectures face limitations in cost, latency, and security. The traditional approach moves all edge data to where the queries are executed—in the cloud—leading to inefficiencies and high costs. EdgeLake (https://lfedge.org/projects/edgelake/), an LF Edge project, takes the opposite approach by bringing queries to the source data at the edge, enabling decentralized data management and local AI/ML processing.

In this talk, we’ll explore how EdgeLake eliminates cloud dependencies, optimizes data infrastructure, and reduces operational costs while ensuring real-time decision-making at the edge. We’ll discuss key use cases (and show a live demo) across industrial automation, smart cities, energy, and telecom, demonstrating how organizations can leverage EdgeLake to unlock the full potential of edge computing.

Join us to learn how EdgeLake is reshaping the future of distributed data architectures and making edge intelligence more accessible.

Speakers

Moshe Shadmon

CEO, AnyLog

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2G

Audience Experience Level Intermediate

2:25pm MDT

Through the Looking Glass: Leveraging Overton Window Concepts To Redefine Infrastructure as Code - Ben Somogyi, Lockheed Martin

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2F

The Overton window, a concept originating in politics, refers to the range of policies that are considered acceptable to a broad and diverse audience. In this session, we will share our experiences and recommendations on how to successfully adapt to shifting "Overton Windows", as they pertain to mainstreaming our platform to support a wide range of customer requirements while minimizing non-recurring engineering expenses. At Lockheed Martin, we have developed a modular open system that incorporates Secure Supply Chain and Cloud Native standards, enabling us to rapidly deliver capabilities to customers in highly regulated and diverse environments, while navigating the complexities of evolving requirements and priorities.

Speakers

Ben Somogyi

Senior Staff DevSecOps Engineer, Lockheed Martin

Versatile, hands-on technical leader and software developer who is building cloud native solutions for Lockheed Martin and its customers.

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2F

Audience Experience Level Intermediate

2:25pm MDT

The State of SBoMs in Embedded - Joshua Watt, Garmin

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2A

Software Bill of Materials (SBoMs) are being increasingly called for in all Software ecosystems, to the point of being mandatory for regulatory compliance. The Embedded space is no different in this regard, so being aware of the available options for complying with SBoM is becoming critical for Embedded development.

In this talk, Joshua will outline prominent options for dealing with SBoM requirements across Open Source Embedded-focused projects, and what to look for in SBoMs for embedded projects to maximize their usefulness.

Speakers

Joshua Watt

Software Engineer, Garmin

Joshua has been working as a software engineer for Garmin since 2008, primarily focused on building products using the Yocto Project. He is also involved with the SPDX community and a member of the OpenEmbedded Technical Steering Committee.

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2A

Audience Experience Level Intermediate

2:25pm MDT

Make Valkey Multi-threaded With Userspace RCU - Jim Huang, National Cheng Kung University

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2E

This presentation explores how to create a multi-threaded version of Valkey by employing userspace Read-Copy-Update (RCU) to achieve high performance. With fewer than 2,000 lines of code modifications, we introduce a coordinator-worker pattern, enabling key-value stores like Valkey and Redis to handle tasks concurrently across multiple threads while using a per-thread event loop for I/O operations. Userspace RCU facilitates lock-free data sharing between a writer thread and multiple reader threads, dramatically improving read performance.

Our experiments show that the multi-threaded Valkey can achieve over one million operations per second on a standard server.

Speakers

Jim Huang

Assistant Professor, National Cheng Kung University

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2E

Linux

Audience Experience Level Beginner

2:25pm MDT

Navigating the Sea of CVEs: Securing Your Linux Distributions - Jess Lowe & Holly Gong, Google

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2D

Are you drowning in a sea of vulnerability advisories, wondering why patching one thing doesn't fix everything? Despite a shared origin, a CVE's impact diverges significantly across Linux distributions. Consequently, a fix at the source does not automatically translate to comprehensive protection downstream. Each distribution requires independent patching, leading to a complex web of security advisories stemming from a single flaw.

In this talk, you'll learn how OSV tools can help you navigate this sea of advisories. We'll explore the root causes of advisory proliferation in Linux and demonstrate how OSV.dev aggregates and cross-references vulnerability data at scale to provide a more complete picture. You'll also see how OSV-Scanner accurately identifies vulnerabilities in your Linux systems, considering distribution-specific nuances and offering actionable guidance. By the end of this session, you'll be equipped with the knowledge and tools to patch smarter and secure your Linux infrastructure more effectively.

Speakers

Jess Lowe

Software Engineer, Google

Jess is a Software Engineer in the Google Open Source Security Team working on OSV.dev and OSV-Scanner.

Holly Gong

Software Engineer, Google

Software Engineer at Google

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2D

Linux

Audience Experience Level Beginner

2:25pm MDT

Beaconforge.org, Open Agentic AI for Hallucination Mitigation - Diego Gosmar, Voiceinteroperability.ai, LF AI and Data

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2C

This talk will describe the emerging standard and the Beaconforge.org framework, which is being developed by the Voiceinteroperability.ai Project of the LFAI and Data Foundation, to enable conversational assistants to interact with each other. Beaconforge.org is based on a standardized set of novel agentic inter-assistant messages that utilize NLP (Natural Language Processing) Universal APIs.

We will also explore how Agentic AI frameworks like Beaconforge.org can help mitigate hallucination effects in generative AI agents. This will be demonstrated through an empirical experiment involving hundreds of diverse prompts, a chain of multiple agents, and four novel KPIs used to evaluate hallucination score mitigation.

More information about the project can be found in the following papers:
Diego Gosmar et al., 2025. Hallucination Mitigation using Agentic AI Natural Language-Based Frameworks, https://arxiv.org/abs/2501.13946

Diego Gosmar et al., 2024. Conversational AI Multi-Agent Interoperability, Universal Open APIs for Agentic Natural Language Multimodal Communications, https://arxiv.org/abs/2407.19438

Speakers

Diego Gosmar

Principal AI Advisor, Voiceinteroperability.ai, LF AI and Data

Diego Gosmar serves as Chief AI Officer specializing in Artificial Intelligence, with particular focus on Generative Conversational AI, Natural Language Processing (NLP), AI Agent interoperability, Sustainable and Ethical Conversational AI.Diego is member of the Open Voice Interoperability... Read More →

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2C

Audience Experience Level Intermediate

2:25pm MDT

Panel Discussion: Driving Automotive Transformation With Open Source - Philipp Ahmann, Etas GmbH (BOSCH); Kate Stewart, The Linux Foundaiton; Masato Endo, Toyota Motor Corporation; Wolfgang Gehring, Mercedes Benz Tech Innovation

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 3C

Open source software has long been utilized in automotive systems, yet the industry is experiencing a renewed focus on its strategic utilization also sparked by the so called Software Defined Vehicle. The establishment of OSPOs across numerous OEMs and Tier suppliers further signals this shift.

This panel digs into the motivations and implications of this trend. The panelist will explore the historical context of OSS in automotive, contrasting it with the current OSPO-driven approach. Key discussion points include the rationale for OSPO creation, the specific challenges they tackle – particularly in light of global sanctions, increasing connectivity demands, and the imperative for cyber resilience – and the anticipated impact on the automotive software landscape with regulated safety-critical Software Defined Vehicle systems.

Speakers

Philipp Ahmann

Sr. OSS Commumity Manager, Etas GmbH (BOSCH)

Philipp Ahmann is a Senior OSS Community Manager at ETAS (a Bosch subsidiary), specializing in safety-critical automotive open source software. With 15+ years' experience in Linux automotive platforms, he has held roles from software engineer to project & line manager. He currently... Read More →

Kate Stewart

VP Dependable Embedded Systems, The Linux Foundation

Kate Stewart works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. Since joining The Linux Foundation, she has launched the ELISA and Zephyr Projects, as well as supporting other embedded projects... Read More →

Masato Endo

Project General Manager, Toyota Motor Corporation

Masato Endo is a Project General Manager of Value Chain Innovation Project in TOYOTA. He focuses also on promoting Open Source Innovation and he set up TOYOTA OSPO in 2024. Furthermore, he plays the following roles in Open Source Communities. -The Linux Foundation Japan Evangelist... Read More →

Wolfgang Gehring

OSPO Lead / FOSS Ambassador, Mercedes Benz Tech Innovation

Dr. Wolfgang Gehring is an Ambassador for Open and Inner Source and has been working on enabling and spreading the idea within Mercedes-Benz. A software engineer by trade, Wolfgang’s goal is to help enable Mercedes-Benz to fully embrace FOSS and become a true Open Source company... Read More →

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 3C

Audience Experience Level Intermediate

2:25pm MDT

Load Testing Is Complicated: A Case Study of NJ Unemployment Insurance - Rob Bayliss, Mighty Acorn Digital

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 3F

In this session we will perform a case study of load testing for a US State’s Unemployment Insurance Modernization initiative. We will talk about the unique requirements and constraints of the project, such as the looming specter of the COVID-19 Unemployment boom. We’ll also review how the testing was done and why we ultimately decided on using browser-based tools such as Artillery with Playwright to build a testing system that could deliver and measure massive amounts of realistic traffic in a way that is quick (30 minutes) and easy to run. Attendees will walk away with an understanding of how one might approach load testing for a system like this, and why using browser based testing might or might not be a good idea.

Speakers

Rob Bayliss

Director, Mighty Acorn Digital

Rob Bayliss is passionate about automation, and has been building fast, reliable systems for state governments since 2017. He is passionate about performance, and once led an initiative to reduce the response times of Mass.gov by 50%, preventing downtime during the pandemic. In 2023... Read More →

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 3F

Audience Experience Level Intermediate

2:25pm MDT

The Role of Package Managers as Partners in License and Attribution Compliance - Damián Vicino, Datadog Inc.

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 3G

Package managers are essential to modern software development, simplifying dependency management but often hiding transitive changes. This has led to large, shifting dependency trees with little oversight.

Despite evolving independently, most package managers follow a similar model: fetching software and metadata. However, the format, quantity, and quality of this metadata vary significantly.

With heterogeneous language stacks on the rise, OSPOs struggle to manage these differences, making compliance an ongoing challenge.

This talk explores different package managers, the compliance data they provide, and highlights good practices from each. Finally, it proposes how the OSPO community can break silos between ecosystems, encouraging convergence on non-language-specific metadata and practices. This, in turn, will streamline compliance work and strengthen the open source ecosystem as a whole.

Speakers

Damián Vicino

Senior Open Source Specialist, Datadog Inc.

Damian Vicino is a Senior Open Source Specialist at Datadog’s OSPO and an Adjunct Research Professor at Carleton University. He began contributing to open source in the early 2000s, leading a local BSD user group and collaborating with a team on five BSDday Argentina events. He... Read More →

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 3G

Audience Experience Level Any

2:25pm MDT

Radical Transparency: Lessons From Open-Sourcing Nearly All Company Documentation - Victor Lyuboslavsky, Fleet Device Management

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 3D

In an era when transparency is often a corporate buzzword, few companies truly embrace it at scale. What happens when a company commits to making nearly all of its internal documentation open source? What are the benefits, risks, and unexpected cultural shifts that arise?

In this session, we’ll take a deep dive into our company’s journey of open-sourcing nearly all documentation—from GitHub issues and design review notes to sprint demos and research documents. We’ll explore the motivations behind this decision, the technical and cultural challenges we faced, and the impact on our customers, employees, and open-source contributors.

Join us as we dissect the practical realities of radical transparency in engineering and product development. Whether you’re considering a similar approach or simply want to understand how transparency at scale affects innovation, security, and collaboration, this session will provide invaluable lessons and strategies.

Speakers

Victor Lyuboslavsky

Software Engineer, Fleet Device Management

Victor is an engineer, author, and entrepreneur with over 25 years of technical leadership and hands-on development experience. Victor has worked in various industries, including semiconductors, health care, and cyber security. He is currently building security telemetry and MDM at... Read More →

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 3D

Audience Experience Level Beginner

2:25pm MDT

Unconference

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2H

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2H

Unconference Sessions

2:25pm MDT

FUOTA Using LORAWAN and Zephyr : DFU in the 'Real' World - Sidd Gupta, Demar Inc. (DBA Zylum)

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2B

The FUOTA (Firmware Update Over-The-Air) specification(s) from LoRa Alliance make up the framework that underpins the critical task of firmware updates of end points (typically battery operated sensors and actuators) that communicate using the LoRaWAN protocol.

The fundamental limitation of the FUOTA specification, as it exists today, is that it does not expect Firmware Artifacts to exceed a few hundred KB in size. With the increasing adoption of the Zephyr RTOS, along with more sophisticated capabilities being added to the end device, artifact sizes have quickly grown to 500 kB (and beyond). This limitation quickly starts to have a real impact, especially as the cost of doing so called 'drive by' updates (using BLE or other higher throughput transports) can get prohibitive.

We present a novel solution to this problem, leveraging the existing and well supported Device Firmware Update (DFU) specification.

In our solution, the LORAWAN protocol becomes another type of SMP transport (along with the already supported Shell, Bluetooth and UDP). We have extended the open source smpclient library from intercreate, as well as the open source LBM stack from Semtech to achieve this.

Speakers

Sidd Gupta

Principal, Demar Inc. (DBA Zylum)

I'm a proud software engineering craftsman, with around 30 years of experience, mostly coding, with a few detours into management and startup entrepreneurship. I run Zylum with my collaborator Guinnes Singh - we're your Zero to One (and beyond) guys. I am currently interested in the... Read More →

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2B

Zephyr

Audience Experience Level Intermediate

2:45pm MDT

Lock the Chef in the Kitchen: Enabling Accurate SBOMs Via Hermetic Builds - Adam Cmiel, Red Hat

Monday June 23, 2025 2:45pm - 3:05pm MDT

Bluebird Ballroom 3B

Imagine your source repository is a kitchen, and the CI task that builds your software is a chef cooking soup. Most attempts to obtain the list of ingredients for the soup will fall into one of two categories.

"Source SBOM" tools gather the list of ingredients by scanning the entire kitchen. There are some recipes and ingredients in the kitchen, but are all of them relevant? Are they correct and complete? What if the chef looks up the recipe online and then orders the missing ingredients?

"Analyzed SBOM" tools try to derive the list of ingredients from the finished soup. This is hard to do well, impossible when the ingredients dissolve completely. And the tool has no chance of knowing where the ingredients came from.

How about we do this: Select the right recipe(s) for the soup. Buy all the ingredients ourselves. Leave them in the kitchen and lock the chef in there until the meal is done. We now have a complete list of ingredients (or a failed soup), and we know where we got them.

Meet Hermeto, a tool that enables your CI pipeline to lock the chef in the kitchen!

Speakers

Adam Cmiel

Senior Software Engineer, Red Hat

I'm a software engineer at Red Hat. I work on Konflux, an open-source CI/CD system focused on supply chain security (that we also use internally at Red Hat to build and release products). I focus on enabling builds to be as secure as possible.

Monday June 23, 2025 2:45pm - 3:05pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

3:05pm MDT

Coffee Break

Monday June 23, 2025 3:05pm - 3:35pm MDT

Monday June 23, 2025 3:05pm - 3:35pm MDT
Solutions Showcase - Bluebird Ballroom 1AB

Special Events / Exhibits / Breaks

3:35pm MDT

Intentrace, Making Strace More Human Using Rust - Mohammad Khalid, Independent

Monday June 23, 2025 3:35pm - 3:45pm MDT

Bluebird Ballroom 2D

Understand how all binaries interact with the linux kernel, how the linux kernel sees userspace code, how it expects it to behave, and how you, an author of such programs, should in response interact with it. intentrace is a rewrite of strace in Rust. currently in Beta.

Speakers

Mohammad Khalid

Software Engineer

A Mechanical Engineer and current Rust programmer. Mohammad had a short stint in manufacturing, and another in Oil & Gas, has since transitioned into Software Engineering and is interested in low level programming.

Monday June 23, 2025 3:35pm - 3:45pm MDT
Bluebird Ballroom 2D

Linux

Audience Experience Level Beginner

3:35pm MDT

Reducing the Risk of Source Tampering With SLSA - Tom Hennen, Google

Monday June 23, 2025 3:35pm - 3:55pm MDT

Bluebird Ballroom 3B

In 2023 Supply-chain Levels for Software Artifacts (SLSA) was released. It provided a framework for protecting software from tampering within the CI/CD workflow from source to publication. Now it’s nearing completion of the SLSA Source Track which brings a similar level of assurance to the management of source code.

The Source Track addresses the threat of tampering with source code within the repository and allows malicious changes to source to be attributed to the actors that introduced those changes. In addition, it provides a framework for recording additional results about source revisions such as if a code review was performed or if the source was analyzed by SAST tools.

We’ll cover how this track can prevent attacks like the 2021 attack against PHP where malicious commits were added to the PHP repository and how it can be used to ensure additional controls (like code review) are implemented to protect against attacks like the recent one against xz. Finally we'll discuss how the source track can be implemented in existing source control systems by examining a proof-of-concept that enables Source Level 3 without specialized support from the source control platform.

Speakers

Tom Hennen

Senior Staff Software Engineer, Google

Tom is a Senior Staff Software Engineer at Google where he’s a UTL on the Software Supply Chain Integrity program. He’s responsible for securing the internal software supply chain, while limiting toil. His focus is ensuring interoperability, extensibility, and adoption of Google’s... Read More →

Monday June 23, 2025 3:35pm - 3:55pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

3:35pm MDT

A Brief History of Kubernetes Fleet Controllers & Essential Features - Mickael Alliel, Komodor

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2G

Managing a few Kubernetes clusters may be feasible, but scaling up to hundreds or thousands introduces unique challenges. At a 100:1 cluster to engineer ratio, standardization, observability, security, and access control become pressing issues. This is when DevOps must shift from "infrastructure engineers" to "platform engineering," where infrastructure needs are fully automated and self-service.

As K8s adoption grows in large organizations, demand for "massive multi-cluster fleet management" support has intensified. This talk examines essential features for Kubernetes fleet controllers, offering a fast-paced review of five open-source tools: Clusternet, Karmada, Crossplane, ClusterAPI, and Rancher. Each tool's unique strengths in provisioning, management, and application support will be covered, showing how each addresses multi-cluster management challenges.

This approach will provide a replicable framework to evaluate & choose the right tools based on specific organizational needs.

Speakers

Mickael Alliel

Backend Tech Lead, Komodor

Mickael is a self-taught developer turned DevOps, passionate about automation, innovation, and creative problem-solving. Mickael enjoys challenging himself and experimenting with new technologies and methodologies. Currently, he is working on developing the next-gen K8s troubleshooting... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2G

Audience Experience Level Intermediate

3:35pm MDT

Toward Usable Open-source Remote Attestation for Cloud and Edge - Lily Sturmann & Michael Peters, Red Hat

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2F

The ability to quickly observe and respond to security threats on remote machines is critically important for business and infrastructure, yet gaps still exist when applying cryptographic attestation solutions in real-world scenarios. Accessible policy generation, clear ways to understand attestation results, and methods for handling system updates need to be available to make remote attestation feasible. Adapting attestation best practices and tools to environments like edge and IoT, with vast scale requirements and limited network connectivity, can pose challenges as well.

Using the speakers’ experience working on open source projects Keylime (remote attestation) and flightctl (edge management), the session will walk through design considerations and challenges in bringing these tools together to monitor remote fleets of edge, IoT, and cloud-based systems at key points in the devices’ lifecycles. Further, the session will discuss remaining open problems as well as some potential solutions working toward the goal of usable, clear, and accurate attestation of remote systems.

Speakers

Lily Sturmann

Principal Software Engineer, Red Hat

Lily is a principal software engineer at Red Hat in the Office of the CTO in Emerging Technologies. She has primarily worked remote attestation, confidential computing, and software supply chain security. Her favorite language is Rust.

Michael Peters

Red Hat, Red Hat

Michael Peters is a Principal Engineer in Emerging Technologies in Red Hat's Office of the CTO. He is a senior systems engineer and programmer with an emphasis on DevOps, Security, and Operability and is one of the current maintainers of the Keylime project. His experience in both... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2F

Audience Experience Level Advanced

3:35pm MDT

Extending Power Over Ethernet to the LTC4266 - Kyle Swenson, Ericsson Software Techology

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2A

Leveraging the recently added Power over Ethernet (PoE) Power Supply Equipment (PSE) support, this talk will go over the current status and the experience implementing support for the LTC4266, the last major PSE chipset on the market. We'll go over the basics of Power over Ethernet, the existing upstream support and in-kernel framework, the user-space interface for controlling PSE, and then dive into the LTC4266 driver specifics.

Speakers

Kyle Swenson

Prinicpal Engineer, Ericsson Software Techology

Kyle maintains the open-source components in the embedded Linux distributions that run on Ericsson's Enterprise Wireless Solution routers, primarily working with the Linux kernel.

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2A

Audience Experience Level Intermediate

3:35pm MDT

State Persistence Over kexec - Mike Rapoport, Microsoft

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2E

For long time kexec was a faster way to reboot a machine without incurring delays caused by firmware and bootloaders. However for many applications even a kexec reboot still means significant service degradation, like disruption of the running guests in virtualized environments and the need to rebuild in-memory caches for large databases.

We propose Kexec HandOver (KHO) mechanism that allows serialization and deserialization of kernel data as well as preserving arbitrary memory ranges across kexec.

In addition, KHO keeps physically contiguous memory regions that are guaranteed to not have any memory that KHO would preserve, but still can be used by the system. The kexeced kernel bootstraps itself using those regions and marks all handed over memory as in use. KHO users then can recover their state from the preserved data. This includes memory reservations, where the user can either discard or claim reservations.

Speakers

Mike Rapoport

Principal Software Engineer, Microsoft

Mike has lots of programming experience in different areas ranging from medical equipment to visual simulation, but most of all he likes hacking on Linux kernel and low level stuff. He started contributing to the Linux kernel while working on ARM and device drivers and then gradually... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2E

Linux

Audience Experience Level Advanced

3:35pm MDT

The MODERN Modern Data Stack: Building an Open Distributed Data Warehouse Beyond Data Lakes - David Aronchick, Expanso

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3E

Organizations face a critical challenge: data is growing exponentially across distributed locations, but traditional centralized processing approaches are becoming unsustainable. With the majority of enterprise data going unused, companies struggle with massive transfer costs, compliance issues, and network reliability problems when moving data to centralized infrastructure.

This talk introduces a paradigm shift: bringing compute to where data lives. Using the open-source Bacalhau project, we'll demonstrate how to:

- Deploy distributed processing jobs across clouds, edge devices, and on-premises infrastructure
- Reduce data movement costs while maintaining centralized control
- Ensure compliance by processing sensitive data in place
- Enable real-time analytics at the edge

Through real-world examples, including an energy company managing 15,000 microgrids and cities processing camera feeds, attendees will learn practical patterns for modernizing their data infrastructure. We'll explore architectural patterns, security considerations, and best practices for implementing compute-over-data architectures.

Speakers

David Aronchick

CEO, Expanso

David Aronchick is CEO of Expanso, the distributed computing company built on Bacalhau ([https://bacalhau.org](https://bacalhau.org/)). Previously, he led Compute over Data at Protocol Labs, Open Source Machine Learning Strategy at Azure, was a product management for Kubernetes... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3E

Audience Experience Level Intermediate

3:35pm MDT

What’s New in Valkey - Madelyn Olson, Amazon & Ping Xie, Google

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2C

Valkey is the leading open-source database for building high performance applications that are compatible with the Redis API. It natively integrates with many popular frameworks and is commonly used for a wide range of applications such as caching, session storage, streaming, and more. In this talk, hear from members of the Valkey technical steering committee discuss some of the exciting new functionality that has been released including the new bloom filter data type, vector similarity search, and a new hash table implementation that reduces memory overhead and improves performance. We'll talk about how these functionalities enable next generation use cases and what's coming in upcoming releases.

Speakers

Madelyn Olson

Software Engineer, Amazon

I work primarily on the open source Redis project and evangelize the importance of open source software development.

Ping Xie

Senior Staff Software Engineer, Google

Ping Xie is a maintainer of Valkey and a Senior Staff Software Engineer at Google, working on GCP Memorystore. As an active contributor to Valkey, Ping focuses on core development, community engagement, and ensuring Valkey remains a reliable and adaptable solution for a wide range... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2C

Audience Experience Level Intermediate

3:35pm MDT

Death by (Python) Pickle: "Betrayal ML" - Kadi McKean & Andy Lewis, ReversingLabs

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3A

In the original Matrix movie, Neo learned Kung Fu through an upload. Imagine if your ML could learn the same way. That's what a pickle file does for ML - "I KNOW KUNG FU" or whatever was in the file that was supposed to be "learned" by your ML model.

What if there was a plot twist where Agent Smith tampered with the Kung Fu module so that it included a fun "bonus" lesson that "taught" Neo to call Agent Smith every time he was trying to find an exit?

That's what's happening in Pickle Files, and that's the setup for ML and AI.

This talk will explain the threat, provide some examples, and discuss emerging detection capabilities. When it's over, you will know kung fu.

Speakers

Kadi McKean

Community Manager, ReversingLabs

Kadi is passionate about the DevOps / DevSecOps community since her days of working with COBOL development and Mainframe solutions. At ReversingLabs she collaborates with developers and security researchers to help entities prioritize their open source risk, reduce technical debt... Read More →

Andy Lewis

TMM and Honeybee Wrangler, ReversingLabs

Despite his misguided childhood and checkered past, Andy has become a contributing member of society. A former US Marine, Andy led the cyber team at Dish & a few other organizations before his journey to The Dark Side of pre-sales engineering. He founded the Denver and Boulder OWASP... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3A

Audience Experience Level Any

3:35pm MDT

Panel Discussion: The Impact of Funding for Sustainable Open Source Projects - Georg Link, Bitergia; Cailean Osborne, The Linux Foundation; Dawn Foster, CHAOSS

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3C

Open source software has become ubiquitous and can be found in almost every codebase, but sustaining those open source projects and communities over the long-term can be a challenge. Much of the critical infrastructure that we all rely on is made up of open source projects that lack the resources to be properly maintained over the long term. Companies, public institutions, and philanthropic organizations are beginning to fill this gap, but measuring the impact of this funding is an ongoing challenge. Funders need to be able to understand the impacts to justify future rounds of funding as well as to optimize funding approaches whilst mitigating ineffective or even harmful approaches.

In this panel, we’ll talk about what we’ve learned from public funding programs in Europe and corporate FOSS funds along with measuring the impact of those funding initiatives. We’ll discuss the challenges that funders have to understand how their funding can have positive or negative impacts on open source projects with different characteristics. The audience will gain an appreciation for funding initiatives for open source projects and how to understand and maximize the impact of those initiatives.

Speakers

Cailean Osborne

Senior Researcher, Linux Foundation

Cailean is a Researcher at the Linux Foundation and a PhD Candidate in Social Data Science at the Oxford Internet Institute, University of Oxford. His interests are in OSS, the digital commons, and public interest computing. Previously, Cailean worked as the International Policy Lead... Read More →

Georg Link

Open Source Strategist and Director of Sales, Bitergia

Georg’s mission is to make open source more professional by using community metrics and analytics. Georg cofounded the CHAOSS Project to advance analytics and metrics for open source project health. Georg is an active contributor to several projects and has often presented on open... Read More →

Dawn Foster

Director of Data Science, CHAOSS

Dr. Dawn Foster works as the Director of Data Science for CHAOSS where she is also a board member / maintainer. She is co-chair of CNCF TAG Contributor Strategy and an OpenUK board member. She has 20+ years of experience at companies like VMware and Intel with expertise in community... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3C

Audience Experience Level Intermediate

3:35pm MDT

Navigating the Challenges of Meeting Government SBOM Regulations in Decoupled Architectures - Tracy Ragan, DeployHub, Inc

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3F

As government regulations, such as Executive Order 14028 - Improving the Nation's Cybersecurity, drive organizations to adopt Software Bill of Materials (SBOM) reporting, modern software systems face unique challenges in achieving compliance. Decoupled cloud-native architectures—comprised of microservices, containers, APIs, and distributed dependencies—make it exponentially more difficult to produce accurate, real-time SBOMs. This talk explores the complexities of implementing SBOM practices in distributed environments, the risks of non-compliance, and strategies to streamline compliance efforts.

Speakers

Tracy Ragan

CEO, DeployHub, Inc.

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3F

Audience Experience Level Beginner

3:35pm MDT

Sponsored Session: Operational Data Stores for Financial Risk Mitigation - Bryce Curtis, Discover Financial Serves

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3H

Managing risk is always top-of-mind in the financial industry and mitigation is essential to reduce it. One significant risk is the software supply chain that represents the complex network of processes, tools and stakeholders involved in the development, distribution and deployment of software throughout the entire software development lifecycle (SDLC). Operational Data Stores (ODS) can be used to help mitigate the risk associated with software running in any enterprise. They accomplish this by aggregating and correlating operational data from across the disparate systems and tools that comprise the SDLC pipeline into a single, standards-based software bill of materials (SBOMs) data model. By providing real-time data access for investigational queries and composite views of all applications for stakeholders and regulatory agencies, risk associated with the full lifecycle of software management and consumption can be mitigated. Join this session to see how Discover is embracing Operational Data Stores and how it can apply to the broader enterprise community.

Speakers

Bryce Curtis

Expert Solution Innovator, Discover Financial Serves

Bryce Curtis is an Expert Solution Innovator in the Discover Financial Serves R&D Lab, where he is a technology leader and researcher for numerous emerging technologies and projects. Bryce has been active in the open source community for many years and believes that open source enables... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3H

Operations Management

3:35pm MDT

Open Source as a Business Imperative: Leveraging PEST Analysis for Strategic Alignment - Kazumi Sato & Masayuki Kuwata, Sony Group Corporation

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3G

Open source has become a critical component of modern business strategy, yet its importance has often been overlooked in traditional strategic discussions. This presentation demonstrates how PEST analysis can be used to clarify its strategic value.

We validated Sony's history with open source initiatives in electronics, gaming, and film production, this analysis shows how these efforts aligned with favorable external factors. This provides insights into how open source drives innovation and talent acquisition.

Looking forward, this presentation explores how companies can strategically align their open source initiatives with current political, economic, social, and technological trends. This includes understanding the impact of emerging regulations, generative AI, and the evolution of distributed collaboration.

Participants gain valuable insights into the strategic importance of open source and learn how to effectively advocate for open source initiatives within their organizations. This presentation offers practical tips for engaging both management and engineers in open source activities, ensuring that open source becomes a key driver of business success.

Speakers

Kazumi SATO

Chief Software Engineer, Chief Open Source Strategist, Distinguished Engineer, Sony Group Corporation

Kazumi SATO is a Distinguished Engineer in Sony. He has been working on Linux-based system software for various Sony products. He also has been working on OSS compliance and relationship with communities in Sony Group. Since 2002, when Sony started to use Linux, he has been leading... Read More →

Masayuki Kuwata

Senior Manager, Sony Group Corporation

Masayuki Kuwata is the OSPO leader of Sony Group Corporation since April 2022. Previously worked on developing embedded software for camcorders and cameras. Currently leading the open source strategy across business units. Organizer of Japan OSPO Local Meetup in Japanese, supported... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3G

Audience Experience Level Intermediate

3:35pm MDT

Documenting the Design of the Linux Kernel - Chuck Wolber, The Boeing Company; Kate Stewart, The Linux Foundaiton; Gabriele Paoloni, Red Hat

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3D

As part of a broader effort to document the architecture and design of the Linux Kernel, we propose a method to formally describe low level developer intent in the form of testable expectations (i.e. requirements). This will provide a fact based foundation for pass/fail test development, test validation via code coverage tools, support optional traceability to higher level design, and enable tool development for process automation.

This talk is a continuation of the proposal for Linux Kernel Requirements that formally originated at the 2024 Linux Plumbers Safe Systems with Linux Mini-conference, and further updated at the December 2024 ELISA Workshop at Goddard Space Center.

This edition will present the current state of the requirement template design, provide examples of Linux kernel source code instrumented with low level requirements, present technical explanations for template design decisions, and provide an opportunity for feedback from the developer community.

Speakers

Chuck Wolber

Associate Technical Fellow, The Boeing Company

Chuck Wolber is a Boeing Associate Technical Fellow primarily focused on embedded platform engineering. He has developed multiple DO-178C certified Linux platforms currently in service on Boeing production aircraft. Chuck is co-author of the book Linux Toys, he is credited with contributions... Read More →

Kate Stewart

VP Dependable Embedded Systems, The Linux Foundation

Gabriele Paoloni

Sr SW Principal Engineer, Red Hat

Gabriele Paoloni is an Open Source Community Technical Leader at Red Hat. He is a passionate technologist and has strong experience in both functional safety and Linux Kernel development, including previous roles leading FuSa software architecture for Intel platforms, CCIX vice... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3D

Audience Experience Level Any

3:35pm MDT

Unconference

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2H

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2H

Unconference Sessions

3:35pm MDT

Real-Time I/O (RTIO) for Developing Real-Time Zephyr Applications - Luis Ubieda, Croxel

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2B

RTIO is a relatively new subsystem in Zephyr, and it enables applications to perform time-critical I/O operations.

This presentation covers:
- Basics of RTIO.
- Async vs Sync paradigms.
- In-tree examples of RTIO: Sensors and Bus drivers.
- Integration guide: how to use RTIO in your Zephyr application.
- Demo: Comparison of Sensor driver with RTIO vs without RTIO.

This presentation is for you:
- You want to learn about RTIO.
- You struggle at achieving real-time performance in Zephyr applications.
- You want to optimize performance of your existing application.

Speakers

Luis Ubieda

Lead Firmware Engineer, Croxel

Luis Ubieda is the Lead Firmware Engineer at Croxel. He is a Zephyr TSC electee and is an active Zephyr collaborator in Sensors and RTIO.

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2B

Zephyr

Audience Experience Level Beginner

3:55pm MDT

Securing OIDC Federation in CI/CD Workflows - Billy Lynch, Chainguard

Monday June 23, 2025 3:55pm - 4:15pm MDT

Bluebird Ballroom 3B

OIDC and workload identity are fantastic ways to improve the security of CI/CD workflows. They offer a mechanism to get rid of traditional long lived keys and access tokens, with many APIs offering ways to use these tokens across environments.

However, the security of identity federation is only as strong as the policies that back them. If used incorrectly, it can be exploited to gain access to sensitive resources and potentially compromise your supply chain to use your own CI/CD platform against you.

In this talk we'll do a deep dive on OIDC and identity federation. We'll look at some of the common risks that come while using it, and strategies to help secure your environment and define strong security policies.

Speakers

Billy Lynch

Staff Software Engineer, Chainguard

Billy is a staff software engineer at Chainguard, working on developer tools and securing software supply chains for everyone! He is a contributor and maintainer to the Sigstore, Tekton, and gittuf projects, and is the creator of gitsign. Prior to working at Chainguard, Billy worked... Read More →

Monday June 23, 2025 3:55pm - 4:15pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

4:30pm MDT

How We Progressively Deliver Changes To Kubernetes Using Canary Deployments and Feature Flags - Bob Walker, Octopus Deploy

Monday June 23, 2025 4:30pm - 4:50pm MDT

Bluebird Ballroom 3B

This is the case study of how we changed how we ship software.

With thousands of customers, each in their own Kubernetes container, deploying updates was tough. Off-hours schedules meant it took over 24 hours to push a new version. If something broke, we had to scramble. Canary deployments let us update small groups of customers at a time. We built a tool to stop rollouts fast when issues appeared, limiting the damage.

In the past, new features went to everyone at once. Rolling back wasn't an option. If something failed it'd leave customers stuck in the mess. Now, using OpenFeature, we hide new functionality behind feature flags. We release features to small groups, gather feedback, and test internally for weeks. If things go wrong, we flip the flag off and move on.

This two-pronged approach lets us avoid risky big-bang releases. We went from deploying every 10 days to every 4, with fewer than 1% high-severity defects. Most of these are resolved before customers notice them.

Speakers

Bob Walker

Field CTO, Octopus Deploy

Bob Walker is a Field CTO Octopus Deploy. Bob started as a developer in the early days of .NET when web forms were the hottest new thing, and manual deployments were the norm. After one too many five-hour 2 AM Saturday deployments, he searched for any automation to stop that pain... Read More →

Monday June 23, 2025 4:30pm - 4:50pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

4:30pm MDT

Effortless Secure and Control Traffic Using Kubernetes Gateway API for Ingress, Egress and Mesh Traf - Lin Sun, solo.io

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2F

How do you secure and control traffic for your north-south (ingress/egress) and east-west (service-to-service) traffic within your Kubernetes cluster? Do you have a unified approach for debugging, observability, and operational consistency across all traffic types?
With the growing maturity of the Kubernetes Gateway API, it’s now easier than ever to manage traffic in all directions with a unified and consistent approach. The Gateway API allows you to control and secure traffic flow without requiring application restarts, offering a seamless way to manage both ingress and egress traffic, as well as service mesh (east-west) communication.
This demo-driven session will showcase how to use the Kubernetes Gateway API to control traffic for both north-south and east-west directions. Leveraging Istio Ambient Mesh, Kgateway, and HTTP metrics, we’ll dynamically monitor application health, progressively roll out new versions, and control external API calls to optimize costs.

Speakers

Lin Sun

Head of Open-Source, solo.io

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2F

Audience Experience Level Beginner

4:30pm MDT

Harnessing Observability for 5G Performance: eBPF and OpenTelemetry Innovations - Fatih E. Nar & Jamie Parker, Red Hat

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2G

This session explores the integration of eBPF and OpenTelemetry (OTel) for achieving unparalleled observability and performance in 5G networks. By leveraging the K8s Operator framework, we demonstrate the Kubernetes-native deployment of advanced observability tools, including the bpfman stack for managing eBPF programs and the OpenTelemetry Operator for scalable telemetry pipelines. Participants will gain actionable insights into optimizing 5G Cloud Native Network Functions (CNFs) through precise observability, robust performance metrics, and real-time diagnostics, while ensuring security and multi-tenancy.

Speakers

Fatih E. Nar

Distinguished Architect, Red Hat

Fatih E. NAR brings extensive experience and influence to Linux, OpenStack, and Kubernetes ecosystems. His contributions drive progressive development and foster a robust TME community. With a background at Google, Verizon Wireless, Canonical Ubuntu, and Ericsson, Fatih's diverse... Read More →

Jamie Parker

Principal Product Manager, Red Hat

Jamie Parker is a Product Manager at Red Hat who specializes in Observability, particularly in the Logging and OpenStack areas. At Red Hat, Jamie works with organizations and customers to learn about their needs within the ever changing Observability landscape, and based on their... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2G

Audience Experience Level Intermediate

4:30pm MDT

How To Accelerate Software Defined Vehicle(SDV) With OSS - Yuichi Kusakabe, Honda Motor Co., Ltd.

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2A

This presentation is the story of Honda's first in-house software development of IVI(In-Vehicle Infotainment) software.
Why Honda promotes in-house software development - Building an in-house software development team that started with two people, All development process from scratch, There is no silver bullet that will solve many problems.
However, we were able to launch this model successfully based on Honda's DNA of Waigaya, A00, and 120% quality products. The key to this is the use of AOSP(Android Open Source Project) and some OSS.
This presentation will show how a traditional automotive OEM like Honda was able to create an in-house software development team and use OSS, including AOSP. By applying OpenChain(ISO/IEC 5230) self-certification and SPDX Lite to our development process, we solved many problems and achieved a higher starting point.
However, vehicles have difficult requirements, so we will tell you the points to minimize the customization of OSS.

Speakers

Yuichi Kusakabe

Chief Architect / OSPO Tech Lead, Honda Motor Co., Ltd.

Yuichi Kusakabe is the Chief Architect at Honda Motor Co., Ltd. , AGL(Automotive Grade Linux) member and COVESA(Connected Vehicle Systems Alliance) member since 2011 with over twenty years of Automotive and Open Source Software Experience. Prior to joining Honda Motor he worked for... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2A

Audience Experience Level Beginner

4:30pm MDT

A Deep Dive Into eBPF Program Loader - Cong Wang, Independent

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2E

As eBPF continues to revolutionize Linux observability and networking, the complexity of its program loading mechanism has evolved significantly.

This technical deep dive unravels the sophisticated machinery behind eBPF program loading, exploring the intricate interplay between userspace loader and Linux kernel verifier. We'll dissect the eBPF program relocation mechanisms, examine the role of BTF (BPF Type Format) in enabling strong typing and verification capabilities, and analyze the complex choreography of bpf() syscalls that bridge userspace and kernel operations. Finally, we will also discuss the security implications and program signing challenges in the loading pipeline.

Speakers

Cong Wang

Linux Kernel Engineer, Self Employed

Cong Wang is a professional Linux kernel developer mainly focuses on networking and eBPF, he is also a Linux kernel maintainer for the networking traffic control subsystem. He has contributed over 1000 patches to Linux kernel.

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2E

Linux

Audience Experience Level Intermediate

4:30pm MDT

Improve Load Balancing With Machine Learning Techniques Based on the Sched_ext Framework - Jim Huang, National Cheng Kung University

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2D

This talk presents a method to enhance CPU scheduling by leveraging machine learning (ML) to extract the key features necessary for task migration, allowing for dynamic and stable optimization of workloads in scenarios prone to CPU imbalance. The approach is built on the sched_ext framework, which integrates eBPF to support user-defined scheduling policies within the Linux kernel.

While conventional approaches maximize CPU utilization, they often overlook contention for lower-level hardware resources, leading to performance bottlenecks -- particularly in compute-intensive servers. By using an ML-based, resource-aware load balancer, this method effectively addresses such imbalances. With sched_ext, we can collect training data and run inference on the model without modifying the kernel.

Our experiments demonstrate that, for certain workloads, this ML-driven approach can outperform EEVDF, offering notable performance gains for the CPU scheduler.

Speakers

Jim Huang

Assistant Professor, National Cheng Kung University

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2D

Linux

Audience Experience Level Beginner

4:30pm MDT

Agents in Action: Advancing Open Source AI Missions - Hema Veeradhi, Red Hat

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3E

AI Agents have become a buzzword in the world of generative AI—but what exactly are agents, and how are they advancing open source AI? Agents are autonomous systems that extend the capabilities of Large Language Models (LLMs) by leveraging external tools and real-time data to perform dynamic actions for solving complex, multi-step tasks. They are at the forefront of transforming open source AI by enabling adaptability, automation and more intelligent decision-making.
In this talk, we’ll explore popular open source agent frameworks like LangChain and Haystack, which are driving rapid development and community-powered innovation in AI agents. Using real-world examples and a live demo, we’ll demonstrate how these frameworks can be leveraged to build a variety of generative AI applications, including RAG, IT operations automation and dynamic, context-aware chatbots.
Attendees will gain a clear insight into why AI agents are at the forefront of innovation and how open source collaboration is driving its evolution. Whether you’re an AI developer, OSPO leader or open source enthusiast, this session will highlight the potential of agents to power the next wave of open source AI missions.

Speakers

Hema Veeradhi

Principal Data Scientist, Red Hat

Hema Veeradhi is a Principal Data Scientist working in the Emerging Technologies team part of the office of the CTO at Red Hat. Her work primarily focuses on implementing innovative open AI and machine learning solutions to help solve business and engineering problems. Hema is a staunch... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3E

Audience Experience Level Any

4:30pm MDT

Generative AI Model Data Pre-Training on Kubernetes: A Use Case Study - Anish Asthana, Red Hat & Mohammad Nassar, IBM

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2C

Large Language Models (LLM) require preprocessing vast amounts of data, a process that can span days due to its complexity and scale, often involving PetaBytes of data. This talk demonstrates how Kubeflow Pipelines (KFP) simplify LLM data processing with flexibility, repeatability, and scalability. These pipelines are being used daily at IBM Research to build indemnified LLMs tailored for enterprise applications.

Different data preparation toolkits are built on Kubernetes, Rust, Slurm, or Spark. How would you choose one for your own LLM experiments or enterprise use cases and why should you consider Kubernetes and KFP?

This talk describes how open source Data Prep Toolkit leverages KFP and KubeRay for scalable pipeline orchestration, e.g. deduplication, content classification, and tokenization.

We share challenges, lessons, and insights from our experience with KFP, highlighting its applicability for diverse LLM tasks, such as data preprocessing, RAG retrieval, and model fine-tuning.

Speakers

Mohammad Nassar

Research Engineer, IBM

Mohammad Nassar, a Cloud Research Engineer at IBM Haifa, specializes in AI-driven data engineering, automation, and hybrid cloud technologies. With an M.Sc. in Computer Science from Technion, his research focused on coding theory and data systems. His work spans AI-powered data preparation... Read More →

Anish Asthana

Engineering Manager, Red Hat

Anish is an engineering manager at Red Hat in the OpenShift AI organization. He is working on making machine learning easier for the wider community by building a platform out with cloud capabilities at the core. Most recently, his interests have been focused on the Distributed Workloads... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2C

Audience Experience Level Intermediate

4:30pm MDT

Security Vibe Check: Which Malware Are You? - Elitsa Bankova & Jess Lowe, Google

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3A

Okay, besties, real talk. Your code's dependencies? They're giving… chaotic energy. Like, are you even SBOMing? 💅
We've all seen the drama. log4j? xz utils? Straight-up trauma. But like, where do you land on the security spectrum? Are you accidentally downloading typosquatted packages because you're living your best, most chaotic life? Or are you a security queen, catching backdoors before they even exist? ✨
This talk is basically a giant vibe check for your security habits. We're gonna do a quick, brutal quiz – think 'are you the drama?' but for your code – and find out which iconic supply chain meltdown matches your energy.
We'll spill the tea on real-world attacks, from the 'oops, that’s a backdoor’ to the 'someone’s running Doom on Minecraft servers again' level. And we’ll give some practical advice on how to have good security posture. Stretch, queen!
If your security is giving 'main character energy' (and not in a good way), you need to be here. Let's level up our security game, avoid becoming the next trending security disaster, and maybe even get some clout for actually knowing when lockfiles actually help. 😉

TL;DR: Quiz, memes, securi-tea. 🫖 Don't be a vulnerability.

Speakers

Elitsa Bankova

Software Engineer, Google

Elitsa is a Software engineer at Google, Australia and is working on Open Source security. She has lived in over 4 countries: born in Bulgaria, she graduated from the University of Edinburgh and worked in Google Switzerland before moving down under. Outside of work, you can find her... Read More →

Jess Lowe

Software Engineer, Google

Jess is a Software Engineer in the Google Open Source Security Team working on OSV.dev and OSV-Scanner.

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3A

Audience Experience Level Any

4:30pm MDT

What Do Legislations Have To Do With Tackling Maintainer Burnout? - Ildiko Vancsa, Open Infrastructure Foundation

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3C

Anyone who’s participated in an open source project before likely saw or experienced the challenge of having more requests coming in than people to attend to them, leading to frustrated, tired and burned out people. The latest regulatory efforts around the globe (the forming Securing OSS Act, CRA, and more), as different governments have come to the realization that their digital infrastructure undeniably depends on OSS, will put an increased pressure on the open source ecosystem. But, it doesn’t have to be like this! So, where do we go from here?

In this presentation, Ildiko will focus on two big areas: maintainer burnout and shortage and governments’ approach to open source around the globe, including legislations and regulations. With an overview of the current state of affairs, she will transition into highlighting the roles and responsibilities of the different players in the landscape, including open source foundations, communities, companies and governments, and next steps to take.

Speakers

Ildiko Vancsa

Director of Community, Open Infrastructure Foundation

As Director of Community at the OpenInfra Foundation, Ildikó is the Community Manager for the StarlingX and the Kata Containers projects, and a co-leader of the OpenInfra Edge Computing Group. Ildikó has been contributing to projects like OpenStack, Anuket and State of the Edge... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3C

Audience Experience Level Intermediate

4:30pm MDT

Enhancing SBOM Generation: Filling the Gaps To Make Actionable SBOMs - Ian Dunbar-Hall, Lockheed Martin & Gary O'Neall, Source Auditor Inc.

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3F

Most developers generating SBOMs use a tool like Syft or Trivy and yell “SHIP IT!” While this might generate an NTIA Minimum Field adherent SBOM, it often lacks information that truly makes it actionable for downstream users.

This talk covers the work of a CISA SBOM Community Tiger Team who created SBOM Generation Reference Implementations for multiple languages and scenarios. We will discuss the distinct phases of SBOM generation and highlighting how each step contributes to a more robust and actionable SBOM. By expanding the SBOM authoring process, organizations can better integrate multiple data sources, enhance metadata accuracy, and customize their workflows to align with evolving security frameworks. This approach enables tool interchangeability while maintaining data integrity and transparency.

Additionally, we will explore implementations, including the integration of SBOM generation into CI/CD pipelines using GitHub and GitLab, supporting multiple programming languages, and ensuring interoperability with both CycloneDX and SPDX formats. We will also discuss ecosystem challenges such as supplier identification, license consistency, and benchmarking completeness.

Speakers

Ian Dunbar-Hall

Open Source Program Office, Lockheed Martin

Ian is a holds the position of Chief Engineer for Lockheed Martin Software Factory and specializes in DevSecOps and full stack engineering. Additionally he is a maintainer on SBOMit and an OpenSSF Governing Board General Member Representative.

Gary O'Neall

Founder and Principal Consultant, Source Auditor Inc.

Gary is a contributor to the Software Package Data Exchange® (SPDX™) - an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. Gary has contributed several open source tools.Gary O’Neall is... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3F

Audience Experience Level Intermediate

4:30pm MDT

TODO Steering Committee - Management & OSPO Ask Anything - Brittany Istenes, FINOS Ambassador, ToDo Group Steering Committee; Natali Vlatko, Cisco; Georg Kunz, Ericsson; Ashley Wolf, GitHub; Stephen Augustus, Bloomberg L.P.; Annania Melaku, F5

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3G

This Ask Anything session connects attendees to the TODO Group Steering Committee. The TODO Group is an open community of practitioners who aim to create, share knowledge and collaborate on best practices on open source management in organizations to run successful Open Source Program Offices.

Members of the steering committee will assist the audience through the best practices, guides, and tools made by and for open source managers to help them in their day-to-day responsibilities, as well as share their first-hand experiences and lessons learned in building and operating OSPOs. Additionally, attendees will learn ways to connect with the TODO Group – the largest OSPO community dedicated to building best practices in open source management. The session will also provide information on accessing OSPO mentorship in their local regions.

Speakers

Annania Melaku

Open Source Program Manager, NGINX part of F5

Annania Melaku is a Technical Program Manager on the Community Team at NGINX, where she focuses on open source strategy and community programs. With a background in software, she brings experience from industries including defense, telecom, and tech. Annania is passionate about building... Read More →

Georg Kunz

Open Source Manager, Ericsson

Georg is a passionate advocate for open source software and a long term contributor to a wide range of open source projects and communities. He currently serves on the Technical Advisory Council (TAC) and the Governing Board of the Open Source Security Foundation (OpenSSF) as well... Read More →

Ashley Wolf

Director, Open Source Programs, GitHub

Ashley Wolf is the Director of Open Source Programs at GitHub. She runs initiatives and programs to empower developers to be successful with open source. She is also passionate about helping companies participate in the open source community. Prior to joining GitHub, Ashley led the... Read More →

Stephen Augustus

Technical Architect, Office of the CTO, Bloomberg L.P.

Technical Architect, Office of the CTO at Bloomberg

Brittany Istenes

OSPO Strategist, FINOS Ambassador, ToDo Group Steering Committee Member

Brittany Istenes started off her career as an elementary school educator which then led to a path of tech. Brittany has led advisory councils, special interest groups, open source contributions, community building, InnerSource initiatives and all the gray areas in between. As a FINOS... Read More →

Natali Vlatko

Open Source Lead Architect, Cisco

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3G

Audience Experience Level Beginner

4:30pm MDT

Docs That Scale: Strategies for Sustainable Documentation in Open Source Projects. - Zainab Daodu, WriteTech Hub

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3D

When documentation becomes outdated, projects lose contributors, support burdens increase, and adoption slows. Yet, many open-source projects struggle with maintaining accurate docs as the codebase evolves.

This session presents five proven strategies to turn documentation from a pain point into a sustainable asset:

Integrate Docs into Development: Treat docs like code, updating them alongside new features through PR workflows and docs-driven development.

Establish Governance: Assign documentation ownership with roles like a rotating "Docs Steward" and regular audits to maintain quality.

Master Versioning: Align docs with software releases, automating updates for deprecated features or breaking changes

Leverage Automation: Use tools to validate content, detect outdated material, and auto-generate sections like API docs

Build a Documentation Culture: Create a contributor-friendly environment with templates, recognition, and clear entry points for first-time contributors

Instead of theory, you'll get adaptable frameworks and real-world examples that work across any tech stack. Leave with actionable workflows that make documentation maintenance less painful and more impactful.

Speakers

Zainab Daodu

Senior Technical Writer, WriteTech Hub

Zainab Daodu is a Senior Technical Writer with a background in software engineering and DevOps, specializing in turning complex tech into clear, impactful documentation. She has worked with Google, Cisco, Tealium, Jenkins, and Wikimedia Foundation, enhancing developer experiences... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3D

Audience Experience Level Intermediate

4:30pm MDT

Optimizing Zephyr for Peak Performance - Jacob Beningo, Beningo Embedded Group

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2B

The Zephyr Project is a leading open-source RTOS for resource-constrained, real-time applications. Its modularity, vendor neutrality, and rich ecosystem make it a powerful choice for embedded developers. However, achieving peak performance requires a deep understanding of Zephyr’s internals and optimization strategies.

This session explores techniques to optimize Zephyr applications for efficiency, low latency, and real-time predictability. Attendees will learn how scheduling, memory management, and interrupt handling impact performance and how to fine-tune these elements for specific workloads. We’ll cover configuring Zephyr for high-performance execution, reducing runtime overhead, and debugging bottlenecks.

Key topics include:
• Zephyr’s scheduling model and task prioritization
• Optimizing interrupts and reducing latency
• Fine-tuning memory management and resource allocation
• Profiling and debugging performance issues
• Advanced optimizations for power efficiency and I/O

Whether you’re developing for IoT, industrial automation, or real-time control, this session will equip you with practical strategies to maximize Zephyr’s performance and reliability.

Speakers

Jacob Beningo

Embedded Software Consultant, Beningo Embedded Group

Jacob Beningo helps embedded teams modernize software architecture, streamline development, and adopt best practices for high-quality, real-time systems. As founder of Beningo Embedded Group, he provides expert training and guided learning to improve code quality, accelerate development... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2B

Zephyr

Audience Experience Level Beginner

4:50pm MDT

Session to be Announced

Monday June 23, 2025 4:50pm - 5:10pm MDT

Bluebird Ballroom 3B

Monday June 23, 2025 4:50pm - 5:10pm MDT
Bluebird Ballroom 3B

cdCon

5:20pm MDT

Speed Networking

Monday June 23, 2025 5:20pm - 6:30pm MDT

Join us at the speed networking event to expand your professional network while enjoying drinks and appetizers. Connect with like-minded individuals in quick, focused conversations to explore potential collaborations and opportunities. It’s a perfect opportunity to make valuable connections in a relaxed and enjoyable atmosphere.

We recommend a notepad, writing utensils, and your business cards. Don’t have business cards? Make sure you arrive early and you can snag some you can customize with your info!

Monday June 23, 2025 5:20pm - 6:30pm MDT
Bluebird Ballroom Foyer (Level 1 - Terrace Level)

Special Events / Exhibits / Breaks

5:30pm MDT

Lightning Talk: Lessons Learned From 10 Years of Automotive Grade Linux - Walt Miner, The Linux Foundation

Monday June 23, 2025 5:30pm - 5:40pm MDT

Bluebird Ballroom 3C

When software first entered the car, it was all closed source, but at the turn of the twenty-first century the complexity of software in cars exploded. Even so, OEMs and Tier Ones continued to keep their software proprietary, so much so that most Tier Ones only reluctantly gave source code to their OEM customers. With consumers now demanding the same app based experience their car that they have on their mobile phones and tablets OEMs have turned to open source software to close the gap. How did the ultra-competitive world of car manufacturers come to together to embrace Automotive Grade Linux and grow a community where Tier One suppliers, OEMs, and hobbyists can come together and build software for your next car? Walt reviews the challenges that were overcome, where we stand today, and what needs to be done to continue to grow the open source automotive community.

Speakers

Walt Miner

Senior Director, Community Manager Automotive Grade Linux, The Linux Foundation

Walt Miner is the Senior Director of Community at The Linux Foundation and has served as Community Manager for Automotive Grade Linux since 2014. Walt has spoken at numerous conferences throughout the worlds and brings over 30 years of embedded software development and management... Read More →

Monday June 23, 2025 5:30pm - 5:40pm MDT
Bluebird Ballroom 3C

Audience Experience Level Any

5:30pm MDT

BoF: From Origins To Open Source: The Journey of DreamWorks Animation's Production Path Tracer, MoonRay - Randy Packer, DreamWorks Animation

Monday June 23, 2025 5:30pm - 6:30pm MDT

Bluebird Ballroom 3A

MoonRay is DreamWorks Animation's open-source production rendering engine, used to create memorable imagery from movies such as How to Train Your Dragon: The Hidden World, Puss in Boots: The Last Wish, The Wild Robot, the upcoming Bad Guys 2 and future titles.

We’ll talk about MoonRay’s origins as an experiment and its foundation for rendering-as-a-service in animated and non-animated content, stylized and photoreal, to its current use as the core production renderer for the feature film studio pipeline at DreamWorks Animation.

After diving into MoonRay’s use at the studio, we’ll present our path to open-sourcing MoonRay, the goals and challenges to launch that, the experiences gained since launch, what it means for DreamWorks, and where we see the potential for the open source community to embrace it and its future in animation, vfx, simulation, visualization, and more.

Speakers

Randy Packer

Sr. Manager, Production Software, DreamWorks Animation, DreamWorks Animation

Randy is sr. manager of rendering, shading and machine learning teams at DreamWorks, having started in 2015 as his first foray into the animation and the film industry. Randy's led the efforts of advancing MoonRay and it's feature set and related technologies since prior to it's usage... Read More →

Monday June 23, 2025 5:30pm - 6:30pm MDT
Bluebird Ballroom 3A

Wildcard, Open Source Leadership

Audience Experience Level Beginner

5:45pm MDT

Lightning Talk: LF Energy SEAPATH : Building an Open Source Ecosystem for the Energy Industry - Christophe Villemer, Savoir-faire Linux

Monday June 23, 2025 5:45pm - 5:55pm MDT

Bluebird Ballroom 3C

The LF Energy SEAPATH project has reached a major milestone with its V1 release in January 2025, establishing itself as the open-source reference for virtualized digital substations. Over the past five years, the project has grown into a structured, collaborative effort that bridges utilities, vendors, hardware manufacturers, and tech companies—unifying a traditionally conservative industry around open innovation. This talk will explore the SEAPATH journey: from its inception as a technical initiative to its current role as a strategic enabler of IT/OT convergence in energy systems. Attendees will gain insights into the challenges of engaging industry stakeholders, the best practices that have sustained growth, and the lessons learned in building an ecosystem where open-source principles drive real-world adoption. SEAPATH’s success is also a testament to the power of community-driven collaboration enabled by LF Energy, which has provided a neutral, trusted framework to bring together key players in the energy sector and accelerate open innovation.

Speakers

Christophe VILLEMER

Executive vice president, Savoir-faire Linux

Christophe is an engineer entrepreneur passionate about creating value through collaboration. He has been involved in open source communities for 20 years also acting as an evangelist for numerous open source projects. At Savoir-faire Linux, he drives strategic and technological partnerships... Read More →

Monday June 23, 2025 5:45pm - 5:55pm MDT
Bluebird Ballroom 3C

Audience Experience Level Beginner

6:00pm MDT

Lightning Talk: From Fork To Foundation: The OpenSearch Journey To the Linux Foundation - Dotan Horovits, AWS

Monday June 23, 2025 6:00pm - 6:10pm MDT

Bluebird Ballroom 3C

Building and managing a successful open source project is no small feat, especially when it begins as a fork born out of the need to preserve openness. OpenSearch started as a response to the relicensing of Elasticsearch and Kibana, and over the years, it has grown into a vibrant, community-driven ecosystem. This year’s milestone of joining The Linux Foundation highlights the project’s commitment to open governance, collaboration, and long-term sustainability.

In this session, we’ll share the lessons learned from OpenSearch’s journey, exploring the strategies behind building a healthy, scalable, and inclusive open source community. From establishing clear governance models to fostering innovation with features like vector search and AI-powered capabilities, we’ll provide actionable insights for maintaining momentum and trust in open source projects.

Whether you’re starting a new open source initiative or managing an existing one, this talk offers a practical guide to navigating challenges, ensuring community alignment, and achieving long-term impact—just as OpenSearch has done.

Speakers

Dotan Horovits

Sr. Developer Advocate for OpenSearch, AWS

Horovits is an international speaker and thought leader, as well as a CNCF Ambassador, and host of the popular OpenObservability Talks podcast. With over 20 years in the tech industry he brings a wealth of knowledge in cloud and cloud-native solutions, DevOps practices and more... Read More →

Monday June 23, 2025 6:00pm - 6:10pm MDT
Bluebird Ballroom 3C