Open Source Summit North America 2025: Full Schedule

June 23 - 25, 2025
Denver, Colorado
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Mountain Daylight Time (UTC/GMT -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

arrow_back View All Dates

10:20am MDT

Keynote: The Agent2Agent (A2A) Protocol - Mike Smith, Staff Software Engineer, Google

Monday June 23, 2025 10:20am - 10:30am MDT

Bluebird Ballroom 1C (Terrace Level 1)

The Agent2Agent (A2A) Protocol is an open standard designed to enable seamless communication and collaboration between AI agents. We'll discuss the motivation for introducing this new standard and where we see this standard fitting into the broader ecosystem of AI agent development.

Speakers

Mike Smith

Staff Software Engineer, Google

Mike is a Staff Software Engineer at Google where he works on the Agent2Agent (A2A) protocol, a new open standard for communication between AI agents.Mike has previously worked on machine learning and data infrastructure for Google's payment risk system, Verily's clinical study platform... Read More →

OSS NA Mike Smith pdf

Monday June 23, 2025 10:20am - 10:30am MDT
Bluebird Ballroom 1C (Terrace Level 1)

Keynote Sessions

Session Slides Yes

10:30am MDT

Keynote: Living on the Edge: From Chicken Sandwiches to the Danger Zone - Brian Chambers, Chief Architect, Chick-fil-A & Michael Henry, Chief of Information Technology, Secretariat of the Air Force, Studies and Analysis

Monday June 23, 2025 10:30am - 10:50am MDT

Bluebird Ballroom 1C (Terrace Level 1)

Speakers

Brian Chambers

Chief Architect, Chick-fil-A

Brian Chambers is responsible for technology strategy at Chick-fil-A in Atlanta, GA. He is responsible for Chick-fil-A's strategy and execution in rolling out Kubernetes clusters to the Edge in each of its 2,000+ restaurants to enable Internet of Things (IOT) and other applications... Read More →

Michael Henry

Chief of Information Technology, Secretariat of the Air Force, Studies and Analysis

Michael Henry is a distinguished technology leader with extensive experience bridging Department of Defense requirements through the adaptation and implementation of free and open source solutions (FOSS). As the Chief of Information Technology for the Secretariat of the Air Force... Read More →

5. Michael Henry & Brian Chambers pdf

Monday June 23, 2025 10:30am - 10:50am MDT
Bluebird Ballroom 1C (Terrace Level 1)

Keynote Sessions

Session Slides Yes

11:20am MDT

Building Trust in ML: Mapping the Model Lifecycle for ML Integrity and Transparency - Marcela Melara, Intel Labs

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2F

Open machine learning (ML) models and datasets are rapidly becoming central to building AI applications. While this trend accelerates innovation and democratizes AI, it exposes applications to security risks like data poisoning and supply chain attacks. Threats like malicious backdoors hidden in pre-trained ML models hosted on major hubs like Hugging Face emphasize the wide reach compromises can have. So, how do we build trust in the ML lifecycle?
This talk presents Atlas, a framework that combines open specifications for data and software supply chain provenance like Coalition for Content Provenance and Authenticity (C2PA) and Supply-chain Levels for Software Artifacts (SLSA) with the integrity features of transparency logs and trusted hardware to run attestable ML pipelines. First, we motivate the need to safeguard all layers of the ML lifecycle. We describe and demonstrate how Atlas’s three core mechanisms enable verification: (1) cryptographic artifact authentication, (2) hardware-based attestation of ML systems, and (3) provenance tracking across ML pipelines. Our Atlas demo integrates several open-source tools to build an end-to-end ML lifecycle transparency system.

Speakers

Marcela Melara

Research Scientist, Intel Labs

Marcela Melara is a research scientist in the Security and Privacy Research group at Intel Labs. Her current work focuses on developing solutions for high-integrity software and AI supply chains. She leads a number of internal, academic and open-source projects on supply chain and... Read More →

OSS NA 25 Atlas final pdf

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2F

Cloud + Containers

Audience Experience Level Intermediate
Session Slides Yes

11:20am MDT

The Power of Consolidation: A Unified Stack for Business Intelligence, Security, and Observability - Josh Lee, Altinity, Inc. & Mya Jaye, C8 Labs

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2G

Imagine you’re responding to a production incident, and you’re trying to answer simple questions about it. How many systems do you need to consult when assessing the impact of events at your company? Do you manage different technology stacks for observability, security, and business intelligence?

What if we told you, you could create a unified stack capable of serving all stakeholders simultaneously? In this talk, Mya and Josh explore how open source technologies like ClickHouse, OpenTelemetry, and Grafana enable complex business use cases using modern tooling and practices.

Regardless of your function, you will leave with a deeper understanding of how consolidating these concerns into a unified stack reduces technical complexity and provides a common language for everyone to use - from engineers building new features and product managers evaluating their success, to operators keeping the lights on and C suite’s birds-eye view of the company.

Whether you’re working with a data lake, or more of a data pond, we offer practical architectures and solutions to streamline your operations and bring your stakeholders together, all while using fewer resources.

Speakers

Mya Jaye

Founder, C8 Labs

A brilliant, talented, self-taught, ambivert who loves attending and speaking at conferences. I love tinkering with small board computers like raspberry pis.☕ If you see me around, don't hesitate to come say hi!🏒 Hockey player since I was 7💻 Programming since I was 14... Read More →

Josh Lee

Open Source Developer Advocate, Altinity, Inc.

Whether it’s operators or observability, agile or accessibility, my expertise shines because I’m passionate about all of it. I’ve been building software for more than a decade and I love sharing experiences via public speaking. I’m currently a Developer Advocate for Altinity... Read More →

The Power of Consolidation pdf

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate
Session Slides Yes

11:20am MDT

U-Boot's New Standard Boot and What's Next - Simon Glass, Canonical

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2A

U-Boot provides a fairly new feature called Standard Boot, which replaces the scripts and masses of environment variables previously used. Standard boot can boot your device automatically and quickly.

This session dives into how embedded devices boot, how Standard Boot works under the hood, the benefits of adopting Standard Boot and how to write your own bootmeth and bootdev drivers. By way of example, some existing drivers are covered, including UEFI, extlinux, Android and ChromeOS.

It also provides a general update on U-Boot and what the future might hold.

Speakers

Simon Glass

Fellow Software Engineer, Canonical

Simon Glass has worked in embedded systems for many years, at ARM, Bluewater Systems (which he founded) and Google. In ChromeOS, Simon is responsible for driving adoption of Open Source firmware components in the industry ecosystem. He is a primary contributor to U-Boot and custodian... Read More →

U Boot Standard Boot and What's Next pdf

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Any
Session Slides Yes

11:20am MDT

A Deep Dive Into eBPF Program Loader - Cong Wang, Independent

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2E

As eBPF continues to revolutionize Linux observability and networking, the complexity of its program loading mechanism has evolved significantly.

This technical deep dive unravels the sophisticated machinery behind eBPF program loading, exploring the intricate interplay between userspace loader and Linux kernel verifier. We'll dissect the eBPF program relocation mechanisms, examine the role of BTF (BPF Type Format) in enabling strong typing and verification capabilities, and analyze the complex choreography of bpf() syscalls that bridge userspace and kernel operations. Finally, we will also discuss the security implications and program signing challenges in the loading pipeline.

Speakers

Cong Wang

Linux Kernel Engineer, Self Employed

Cong Wang is a professional Linux kernel developer mainly focuses on networking and eBPF, he is also a Linux kernel maintainer for the networking traffic control subsystem. He has contributed over 1000 patches to Linux kernel.

ossna 2025 ebpf loader pdf

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2E

Linux

Audience Experience Level Intermediate
Session Slides Yes

11:20am MDT

Open Collaboration in Action: How We Build RISC-V - Rafael Sene, The Linux Foundation | RISC-V International

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3A

Discover the power of open collaboration with this behind-the-scenes journey into the creation of RISC-V. This session unveils how a global community of engineers, researchers, and innovators work together to design and refine the RISC-V instruction set architecture, bringing open-source principles to silicon. From the challenges of aligning diverse contributions to the triumphs of groundbreaking breakthroughs, you'll learn how the RISC-V ecosystem fosters creativity, accelerates innovation, and democratizes hardware development. Whether you're a seasoned developer or new to hardware design, this talk will inspire you to join the movement redefining the future of computing. Don’t miss this opportunity to see open collaboration in action and learn how you can contribute to shaping the RISC-V revolution!

Speakers

Rafael Sene

Technical Program Manager, The Linux Foundation | RISC-V International

Rafael Peria de Sene is a Technical Program Manager at the Linux Foundation and RISC-V International with over 15 years of experience in software engineering and technical leadership. He has played a key role in expanding the RISC-V ecosystem globally, particularly in Latin America... Read More →

OSS 2025 06 21 Open Collaboration in Action How We Build RISC V pdf

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3A

Open Source 101

Audience Experience Level Beginner
Session Slides Yes

11:20am MDT

Analyzing The Projects We All Depend On - With LFX Insights - Jonathan Reimer, The Linux Foundation

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3H

Open source software powers the critical infrastructure we depend on daily, yet evaluating the health of open source projects remains challenging.

In this talk, we introduce LFX Insights, a Linux Foundation initiative to surface meaningful, standardized metrics on the world’s most critical open source projects. We’ll walk through how we define project criticality, the multidimensional framework we use to evaluate project health, and the data infrastructure powering it all. By making open source more transparent, LFX Insights aims to support decision-making, highlight where help is needed, and contribute to a more sustainable ecosystem.

Speakers

Jonathan Reimer

VP Developer Products, The Linux Foundation

Analyzing The Projects We All Depend On OSS Summit 2025 pdf

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3H

Open Source Leadership

Audience Experience Level Any
Session Slides Yes

11:20am MDT

Open Source in the Federal Government - Jordan Kasper, Independent

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3F

The federal government builds and maintains hundreds of thousands of software systems - and it would be difficult to find a system that doesn't rely on open source software. In fact, the government is likely the single largest consumer of OSS in the world and considering the criticality of the mission, the security of those systems is paramount. There has been limited guidance on how government programs should select, consume, contribute to, and publish open source software, but things are getting better! This session will discuss the current landscape of open source in the federal government and present methods for how we can secure our own systems with tools and processes to vet open source projects, ingest that software securely, and support those projects with substantive contributions.
Attendees from government entities, contractors, and members of the community should attend to learn how the government can tackle the supply chain risks inherent in open source while still capturing the benefits that it has to offer. They'll come away with an understanding of how this might impact their work, and how by working together we can build a better open source ecosystem for everyone.

Speakers

Jordan Kasper

Sr Technical Advisor

Jordan Kasper is a software engineer, conference speaker, and open source zealot. He spent much of his career building web applications for organizations of all sizes. In 2017, he joined the U.S. Digital Service to help make tech better for all Americans, working in multiple federal... Read More →

OSS in Gov Slides pdf

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3F

OpenGovCon

Audience Experience Level Beginner
Session Slides Yes

11:20am MDT

D(ocs)&D(evelopment): Finding the Perfect Party for Your Documentation Campaign - Heds Simons & Kim Nylander, Grafana Labs

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3D

It’s product release time. The code is stable. You’ve got everything EXCEPT the docs.

How do you create meaningful, prioritized content in a short time frame?

Your writer needs to collaborate with a Subject Matter Expert (SME) who understands the technical and user content. At Grafana, this synergy happens between Field Engineers (FE) and Technical Writers (TW). FEs are a three-in-one SME with the understanding of a developer, sales engineer, and technical support.

How does this collaboration benefit both writers and SMEs?
* TW has a single SME for user needs and cross-product technical expertise.
* FEs get accurate, up-to-date content that helps them and Grafana’s OSS community members get up to speed on products.
* OSS Community members get accurate, up-to-date docs.

In this session, you’ll learn how to:
* Identify the right SME
* Establish a collaborative workflow
* Prioritize work that best addresses the user’s needs

We’ll detail how this collaboration started through a shared love of RPGs, the traps we encountered and lessons learnt, and how a bi-weekly session between two colleagues became the foundation for a model now used across Grafana’s telemetry products.

Speakers

Hedley Simons

Senior Principal Field Engineer, Grafana Labs

Heds is a Senior Principal Field Engineer at Grafana Labs, where he builds and maintains internal and external environments, designs advanced workshops, provides input on product use-cases and acts as a SME.Heds comes from a software engineering background, and has written code for... Read More →

Kim Nylander

Principal Technical Writer, Grafana Labs

Professional writer who specializes in explaining complicated concepts in plain English at a level appropriate for the target audience. Over 15 years experience of writing SaaS product content, IT procedures, API documentation, tutorials, online help, FAQs, and specifications... Read More →

D(ocs) & D(evelopment) Finding the Perfect Party for your Documentation Campaign OpenSource Summit pdf

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3D

Technical Documentation

Audience Experience Level Any
Session Slides Yes

11:20am MDT

Why Rust and Zephyr Are a Good Fit - David Brown, Linaro

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2B

When seeking to use Rust for embedded development, there are several options, including bare-metal, a few rust-specific rtos implementations, and several existing RTOSes. This talk discusses why Zephyr is a good fit for an embedded Rust, and especially how we are able to leverage some of Zephyr's strengths, including a rich and diverse set of supported targets, and some of Zephyr's features, such as the work queue mechanism, and how it fits well with Rust's async system.

Speakers

David Brown

Senior Engineer, Linaro

David Brown is part of Linaro, and has worked on the Linux kernel, with a focus on security for a number of years. Recently, he has been focusing on security as it relates to IoT and embedded devices, including focusing on secure booting, and secure network communications. He is currently... Read More →

ossna 2025 rust on zephyr pdf

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2B

Zephyr

Audience Experience Level Beginner
Session Slides Yes

1:30pm MDT

Implementing Zero Trust Security in Jenkins Pipelines With Open Source Tools - Steve Taylor, DeployHub, Inc

Monday June 23, 2025 1:30pm - 1:50pm MDT

Bluebird Ballroom 3B

As cyber threats become increasingly sophisticated, the traditional perimeter-based security model no longer suffices. Zero Trust Security offers a modern framework that assumes no entity—user, device, or application—can be trusted by default, emphasizing "never trust, always verify." But how can this framework be applied effectively within automated CI/CD pipelines like Jenkins?

In this talk, we’ll provide a practical introduction to Zero Trust Security, exploring its key principles and the critical role it plays in modern software delivery. Attendees will learn how to integrate Zero Trust practices into Jenkins pipelines using powerful open-source tools. From secrets management to policy enforcement and continuous vulnerability management, this session will provide actionable steps to secure the entire software development lifecycle.

Speakers

Steve Taylor

CTO, DeployHub

Steve Taylor is a visionary and leader in open-source security, DevOps, and securing the software supply chain. Long before “CI/CD” became a buzzword, Steve was designing cutting-edge pipelines for Fortune 1000 companies, redefining how software is built and deployed. His innovative... Read More →

SteveTaylor June23 130pm ImplementingZeroinJenkins pdf

Monday June 23, 2025 1:30pm - 1:50pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Beginner
Session Slides Yes

1:30pm MDT

Gopher Meets Crab: A Rust Journey in Cloud Native - Phil Estes, AWS

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 2G

If you've been around the container and cloud native ecosystem for any length of time, you know most major components are written in Go: from Docker to runc and from Kubernetes to etcd! This means that many of the common constructs, for example the OCI specs, or Kubernetes API resources, are easy to use from other Go programs, but not quite as easy when you step outside of the Go ecosystem.

In this talk we'll dive into the experience of trying to use containers from a Rust-written client and delve into existing work from early adopters of Rust. There are quite a few crates that help us along the way, providing some level of parity for Rust developers in the cloud native ecosystem. There are still complexities and hurdles as well, and we'll share our experience navigating this as a long-time Go programmer and Rust newbie.

Attendees will take away some quick tips as well as gotchas for working in the container and cloud native ecosystem as a Rust developer and, who knows, maybe soon the Gopher and the Crab will be the best of friends.

Speakers

Phil Estes

Principal Engineer, Core Container Technology, AWS

Phil is a Principal Engineer for Amazon Web Services (AWS), focused on core container technologies that power AWS container offerings like Fargate, EKS, and ECS. Phil is an active contributor and maintainer for the CNCF containerd runtime project, and participates in the Open Container... Read More →

Gopher meets Crab OSSNA 2025 pdf

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Beginner
Session Slides Yes

1:30pm MDT

Heterogeneous Linux and RTOS Software Architecture for Low-Price RISC-V Cores - Jim Huang & Chi-Kuan Chiu, National Cheng Kung University

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 2A

SoCs are increasingly heterogeneous, featuring multiple processor clusters and special-purpose accelerators. As a result, Asymmetric Multiprocessing (AMP) systems must support different operating environments running concurrently on the same chip. This talk outlines the software architecture needed to develop applications for AMP setups, enabling operating systems to interact across diverse homogeneous and heterogeneous configurations. In this way, AMP applications can leverage the parallelism provided by these varied architectures.

Our prototyping efforts focus on low-cost RISC-V processor cores configured as AMP systems, running both the Linux kernel and RTOSes such as ThreadX. This setup includes an IPC layer that implements RPMSG communication between cores. Additionally, our proxy infrastructure highlights how a proxy on the master core can handle POSIX library calls from RTOS-based remote contexts.

Speakers

Jim Huang

Assistant Professor, National Cheng Kung University

Drawing from his contributions to the Android Open Source Project (AOSP), Jim specializes in real-time performance tuning and optimization of Linux-based automations. Additionally, he is a co-founder of the LXDE project, a lightweight desktop environment widely utilized in embedded... Read More →

Chi-Kuan Chiu

Student, National Cheng Kung University

Chi-Kuan Chiu is currently pursuing the B.S. degree in computer science with National Cheng Kung University.

Heterogeneous Linux and RTOS Software Architecture for Low Price RISC V Core pdf

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Beginner
Session Slides Yes

1:30pm MDT

Disconnected Environments in a Connected World - Daniel Moch, Lockheed Martin & Eddie Zaneski, Defense Unicorns

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 3F

Most modern software assumes the internet is always available—but what happens when it’s not? Air-gapped environments are more prevalent than you might think. While they are essential in government, they’re also common in finance, healthcare, and manufacturing. Yet, a surprising amount of today’s tooling—from CI/CD pipelines to package managers—relies on network access and fails when that assumption is broken.

Working in these environments means finding new ways to handle familiar problems. In this talk, we’ll look at the challenges teams face when managing dependencies, applying updates, and automating deliveries without internet access. We’ll share practical solutions, real-world examples, and ways to make modern development practices work in restricted environments.

Speakers

Daniel Moch

Staff Software Engineer, Lockheed Martin

For over 20 years, Daniel has worked as a software engineer in the Defense and Aerospace industry. His experience ranges from embedded device drivers to large logistics and information systems. In recent years, he has focused on helping legacy programs adopt modern DevOps practices... Read More →

Eddie Zaneski

Technical Advisor to the CTO, Defense Unicorns

Eddie lives in Denver, CO with his wife and dog. He loves open source and works on the Kubernetes project. When not hacking on random things you'll most likely find him climbing rocks somewhere.

Disconnected Enviornments in a Connected World pdf

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 3F

OpenGovCon

Audience Experience Level Beginner
Session Slides Yes

1:30pm MDT

Lower the Barrier of Entry: Empowering Non-writer Contributions To Docs - Manny Silva, Skyflow

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 3D

Documentation thrives on contributions, but many potential contributors hesitate to edit docs because of uncertainty about style, structure, and quality standards. This talk demonstrates how modern tooling can create a supportive environment that empowers non-writers to confidently contribute to documentation. We'll explore a practical toolkit combining templates for clear structure, AI-powered drafting assistance, automated style checking, format linting, content validation, and quality reviews to guide contributors through the docs process. Through these tools and a streamlined editing workflow, teams can create an environment where developers, product managers, support staff, and other non-writers feel confident contributing while maintaining documentation standards. We'll examine real examples of successful implementations and provide practical steps for adding these capabilities to your own docs.

Speakers

Manny Silva

Head of Documentation, Skyflow

Technical writer by day and engineer by night, Manny Silva is Head of Documentation at Skyflow and the creator of Doc Detective. He’s passionate about intuitive and scalable developer experiences and likes diving into the deep end as the 0th user.

Lower the Barrier of Entry pdf

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 3D

Technical Documentation

Audience Experience Level Any
Session Slides Yes

1:30pm MDT

Zephyr for Open Source Health Devices - Ashwin Whitchurch, Protocentral Electronics

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 2B

This talk would highlight the importance of open source health devices and how we used Zephyr across several hardware platforms to develop these devices. We will draw on experiences from our projects including HealthyPi 5, HealthyPi 6 and the wearable HealthyPi Move, all open source hardware and software. More specifically how Zephyr enabled the use of practically a single codebase across three different microcontroller platforms in different form factors.

l will also talk about the challenges faced during the process of making the system wearable and low power and the solutions that worked for us.

Speakers

Ashwin Whitchurch

CEO, Protocentral Electronics

Ashwin is a part of a company called Protocentral Electronics, which is focused on developing open-source hardware for healthcare applications. He is a software and hardware engineer by education and profession, with Masters degrees in both subjects.

OSS NA 2025 Zephyr for Open Source Health Devices pdf

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 2B

Zephyr

Audience Experience Level Intermediate
Session Slides Yes

1:30pm MDT

Tutorial: Guarding the Gates: Understanding and Mitigating OWASP's Top 10 LLM Security Risks - Neetu Jain & Kimberly Nowell-Berry, JPMorgan Chase

Monday June 23, 2025 1:30pm - 3:05pm MDT

Bluebird Ballroom 3A

As organizations rapidly adopt Large Language Models (LLMs) in production environments, understanding their unique security vulnerabilities becomes crucial. This session provides a deep dive into OWASP's Top 10 LLM risks, examining real-world examples and practical mitigation strategies.

Speakers

Kimberly Nowell-Berry

JPMorgan Chase

Kim Berry is a seasoned cybersecurity and data innovation leader with over two decades of experience driving secure, scalable solutions at the intersection of technology, risk, and business strategy. Currently at JPMorgan Chase, she brings a unique blend of technical depth and insight... Read More →

Neetu Jain

Executive Director, JPMC

Neetu Jain is the Executive Director at JP Morgan Chase in the Emerging Technology Security division, where she leads initiatives in AI security. With 20 years of experience in the tech industry, Neetu has driven innovation and security across various domains and products, including... Read More →

LLM OWASP OSSNA KB V5 Final V3 pdf

Monday June 23, 2025 1:30pm - 3:05pm MDT
Bluebird Ballroom 3A

Open Source 101

Audience Experience Level Intermediate
Session Slides Yes

1:50pm MDT

CD Demands Continuous Testing: Why We Built a Testing Platform Layer on ECS Using Spinnaker - Jaime G. O'Byrne, JPMorgan Chase and Co

Monday June 23, 2025 1:50pm - 2:10pm MDT

Bluebird Ballroom 3B

Functional tests are not just an idealist luxury – at JPMorgan, they’re compulsory. Since designating Spinnaker as the strategic deployment tool for all public cloud deployments, users who were able to easily run tests using closures in our firm’s Jenkins offering were now finding themselves without a run-context. Where are your tests supposed to run when your deployment tool is now a distributed system?
From “bring your own environment” to “we will run all the firm’s tests on our infrastructure” - this talk will walk through some of the challenges, design decisions, tradeoffs, and general wrangling of complexity that comes from operating a distributed system like Spinnaker, in a highly regulated environment to support continuous testing on the cloud.

Speakers

Jaime OByrne

Senior Associate Software Engineer, JPMorgan Chase and Co

Salvadoran immigrant, Husband, Father of two. Early-Mid career Software Engineer and enthusiast of all things CD and automation.

CD demands Continuous Testing pdf

Monday June 23, 2025 1:50pm - 2:10pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate
Session Slides Yes

2:25pm MDT

Securing the Software Supply Chain: Integrating OpenSSF Scorecard, Jenkins, and the Ortelius Project - Tracy Ragan, DeployHub, Inc

Monday June 23, 2025 2:25pm - 2:45pm MDT

Bluebird Ballroom 3B

As the number of software vulnerabilities grows, the need for robust, automated security practices in DevOps pipelines is more critical than ever. OpenSSF Scorecard, an initiative by the Open Source Security Foundation (OpenSSF), provides a framework for evaluating the security posture of open-source projects. Ortelius, an open-source platform and dashboard, builds on this foundation by offering continuous vulnerability tracking and management, integrating with tools like OpenSSF Scorecard and OSV.dev.

Adding to this ecosystem, Jenkins plays a pivotal role as a CI/CD powerhouse, making it an ideal candidate for advancing continuous vulnerability management. In this talk, we’ll explore how integrating Ortelius and OpenSSF Scorecard into Jenkins pipelines empowers teams to automate vulnerability scanning, track security metrics, and respond to threats more efficiently. Attendees will learn how to leverage these tools together to create a secure and automated development lifecycle.

Speakers

Tracy Ragan

CEO, DeployHub, Inc.

Tracy is a recognized expert in software supply chain security and DevSecOps, specializing in managing complex, decoupled architectures. She is the CEO of DeployHub, a scalable continuous vulnerability management platform that empowers software to 'self-heal' by automatically applying... Read More →

Tracy Ragan MondayJune23 225PM Integrating OpenSSF Scorecard, Jenkins, and the Ortelius Project pdf

Monday June 23, 2025 2:25pm - 2:45pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate
Session Slides Yes

2:25pm MDT

Through the Looking Glass: Leveraging Overton Window Concepts To Redefine Infrastructure as Code - Ben Somogyi & Alec Lewis, Lockheed Martin

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2F

The Overton window, a concept originating in politics, refers to the range of policies that are considered acceptable to a broad and diverse audience. In this session, we will share our experiences and recommendations on how to successfully adapt to shifting "Overton Windows", as they pertain to mainstreaming our platform to support a wide range of customer requirements while minimizing non-recurring engineering expenses. At Lockheed Martin, we have developed a modular open system that incorporates Secure Supply Chain and Cloud Native standards, enabling us to rapidly deliver capabilities to customers in highly regulated and diverse environments, while navigating the complexities of evolving requirements and priorities.

Speakers

Alec Lewis

Lockheed Martin

Ben Somogyi

Senior Staff DevSecOps Engineer, Lockheed Martin

Versatile, hands-on technical leader and software developer who is building cloud native solutions for Lockheed Martin and its customers.

Through the looking glass Leveraging Overton Window concepts to redefine Infrastructure as Code pdf

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2F

Cloud + Containers

Audience Experience Level Intermediate
Session Slides Yes

2:25pm MDT

The State of SBoMs in Embedded - Joshua Watt, Garmin

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2A

Software Bill of Materials (SBoMs) are being increasingly called for in all Software ecosystems, to the point of being mandatory for regulatory compliance. The Embedded space is no different in this regard, so being aware of the available options for complying with SBoM is becoming critical for Embedded development.

In this talk, Joshua will outline prominent options for dealing with SBoM requirements across Open Source Embedded-focused projects, and what to look for in SBoMs for embedded projects to maximize their usefulness.

Speakers

Joshua Watt

Software Engineer, Garmin

Joshua has been working as a software engineer for Garmin since 2008, primarily focused on building products using the Yocto Project. He is also involved with the SPDX community and a member of the OpenEmbedded Technical Steering Committee.

The State of SBoMs in Embedded pdf

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Intermediate
Session Slides Yes

2:25pm MDT

Navigating the Sea of CVEs: Securing Your Linux Distributions - Jess Lowe & Holly Gong, Google

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2D

Are you drowning in a sea of vulnerability advisories, wondering why patching one thing doesn't fix everything? Despite a shared origin, a CVE's impact diverges significantly across Linux distributions. Consequently, a fix at the source does not automatically translate to comprehensive protection downstream. Each distribution requires independent patching, leading to a complex web of security advisories stemming from a single flaw.

In this talk, you'll learn how OSV tools can help you navigate this sea of advisories. We'll explore the root causes of advisory proliferation in Linux and demonstrate how OSV.dev aggregates and cross-references vulnerability data at scale to provide a more complete picture. You'll also see how OSV-Scanner accurately identifies vulnerabilities in your Linux systems, considering distribution-specific nuances and offering actionable guidance. By the end of this session, you'll be equipped with the knowledge and tools to patch smarter and secure your Linux infrastructure more effectively.

Speakers

Jess Lowe

Software Engineer, Google

Jess is a Software Engineer in the Google Open Source Security Team working on OSV.dev and OSV-Scanner.

Holly Gong

Software Engineer, Google

Software Engineer at Google

Navigating the Sea of CVEs pdf

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2D

Linux

Audience Experience Level Beginner
Session Slides Yes

2:25pm MDT

Beaconforge.org, Open Agentic AI for Hallucination Mitigation - Diego Gosmar, Voiceinteroperability.ai, LF AI and Data

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2C

This talk will describe the emerging standard and the Beaconforge.org framework, which is being developed by the Voiceinteroperability.ai Project of the LFAI and Data Foundation, to enable conversational assistants to interact with each other. Beaconforge.org is based on a standardized set of novel agentic inter-assistant messages that utilize NLP (Natural Language Processing) Universal APIs.

We will also explore how Agentic AI frameworks like Beaconforge.org can help mitigate hallucination effects in generative AI agents. This will be demonstrated through an empirical experiment involving hundreds of diverse prompts, a chain of multiple agents, and four novel KPIs used to evaluate hallucination score mitigation.

More information about the project can be found in the following papers:
Diego Gosmar et al., 2025. Hallucination Mitigation using Agentic AI Natural Language-Based Frameworks, https://arxiv.org/abs/2501.13946

Diego Gosmar et al., 2024. Conversational AI Multi-Agent Interoperability, Universal Open APIs for Agentic Natural Language Multimodal Communications, https://arxiv.org/abs/2407.19438

Speakers

Diego Gosmar

Principal AI Advisor, Voiceinteroperability.ai, LF AI and Data

Diego Gosmar serves as Chief AI Officer specializing in Artificial Intelligence, with particular focus on Generative Conversational AI, Natural Language Processing (NLP), AI Agent interoperability, Sustainable and Ethical Conversational AI.Diego is member of the Open Voice Interoperability... Read More →

DG BForge OSS 2025 Official pdf

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2C

Open AI + Data

Audience Experience Level Intermediate
Session Slides Yes

2:25pm MDT

Load Testing Is Complicated: A Case Study of NJ Unemployment Insurance - Rob Bayliss, Mighty Acorn Digital

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 3F

In this session we will perform a case study of load testing for a US State’s Unemployment Insurance Modernization initiative. We will talk about the unique requirements and constraints of the project, such as the looming specter of the COVID-19 Unemployment boom. We’ll also review how the testing was done and why we ultimately decided on using browser-based tools such as Artillery with Playwright to build a testing system that could deliver and measure massive amounts of realistic traffic in a way that is quick (30 minutes) and easy to run. Attendees will walk away with an understanding of how one might approach load testing for a system like this, and why using browser based testing might or might not be a good idea.

Speakers

Rob Bayliss

Director, Mighty Acorn Digital

Rob Bayliss is passionate about automation, and has been building fast, reliable systems for state governments since 2017. He is passionate about performance, and once led an initiative to reduce the response times of Mass.gov by 50%, preventing downtime during the pandemic. In 2023... Read More →

OSS Denver 2025 Load testing is complicated pdf

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 3F

OpenGovCon

Audience Experience Level Intermediate
Session Slides Yes

2:25pm MDT

The Role of Package Managers as Partners in License and Attribution Compliance - Damián Vicino, Datadog Inc.

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 3G

Package managers are essential to modern software development, simplifying dependency management but often hiding transitive changes. This has led to large, shifting dependency trees with little oversight.

Despite evolving independently, most package managers follow a similar model: fetching software and metadata. However, the format, quantity, and quality of this metadata vary significantly.

With heterogeneous language stacks on the rise, OSPOs struggle to manage these differences, making compliance an ongoing challenge.

This talk explores different package managers, the compliance data they provide, and highlights good practices from each. Finally, it proposes how the OSPO community can break silos between ecosystems, encouraging convergence on non-language-specific metadata and practices. This, in turn, will streamline compliance work and strengthen the open source ecosystem as a whole.

Speakers

Damián Vicino

Senior Open Source Specialist, Datadog Inc.

Damian Vicino is a Senior Open Source Specialist at Datadog’s OSPO and an Adjunct Research Professor at Carleton University. He began contributing to open source in the early 2000s, leading a local BSD user group and collaborating with a team on five BSDday Argentina events. He... Read More →

OSPOconNA25 The Role of Package Managers as Partners in License and Attribution Compliance pdf

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 3G

OSPOCon

Audience Experience Level Any
Session Slides Yes

2:25pm MDT

Radical Transparency: Lessons From Open-Sourcing Nearly All Company Documentation - Victor Lyuboslavsky, Fleet Device Management

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 3D

In an era when transparency is often a corporate buzzword, few companies truly embrace it at scale. What happens when a company commits to making nearly all of its internal documentation open source? What are the benefits, risks, and unexpected cultural shifts that arise?

In this session, we’ll take a deep dive into our company’s journey of open-sourcing nearly all documentation—from GitHub issues and design review notes to sprint demos and research documents. We’ll explore the motivations behind this decision, the technical and cultural challenges we faced, and the impact on our customers, employees, and open-source contributors.

Join us as we dissect the practical realities of radical transparency in engineering and product development. Whether you’re considering a similar approach or simply want to understand how transparency at scale affects innovation, security, and collaboration, this session will provide invaluable lessons and strategies.

Speakers

Victor Lyuboslavsky

Software Engineer, Fleet Device Management

Victor is an engineer, author, and entrepreneur with over 25 years of technical leadership and hands-on development experience. Victor has worked in various industries, including semiconductors, health care, and cyber security. He is currently building security telemetry and MDM at... Read More →

Radical transparency Victor Lyuboslavsky Fleet pdf

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 3D

Technical Documentation

Audience Experience Level Beginner
Session Slides Yes

2:25pm MDT

FUOTA Using LORAWAN and Zephyr: DFU in the 'Real' World - Sidd Gupta, Demar Inc. (DBA Zylum)

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2B

The FUOTA (Firmware Update Over-The-Air) specification(s) from LoRa Alliance make up the framework that underpins the critical task of firmware updates of end points (typically battery operated sensors and actuators) that communicate using the LoRaWAN protocol.

The fundamental limitation of the FUOTA specification, as it exists today, is that it does not expect Firmware Artifacts to exceed a few hundred KB in size. With the increasing adoption of the Zephyr RTOS, along with more sophisticated capabilities being added to the end device, artifact sizes have quickly grown to 500 kB (and beyond). This limitation quickly starts to have a real impact, especially as the cost of doing so called 'drive by' updates (using BLE or other higher throughput transports) can get prohibitive.

We present a novel solution to this problem, leveraging the existing and well supported Device Firmware Update (DFU) specification.

In our solution, the LORAWAN protocol becomes another type of SMP transport (along with the already supported Shell, Bluetooth and UDP). We have extended the open source smpclient library from intercreate, as well as the open source LBM stack from Semtech to achieve this.

Speakers

Sidd Gupta

Principal, Desmar Inc. (DBA Zylum)

I'm a proud software engineering craftsman, with around 30 years of experience, mostly coding, with a few detours into management and startup entrepreneurship. I run Zylum with my collaborator Guinnes Singh - we're your Zero to One (and beyond) guys. I am currently interested in the... Read More →

OSS NA25 SiddGupta DFU take 3 pdf

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2B

Zephyr

Audience Experience Level Intermediate
Session Slides Yes

2:45pm MDT

Lock the Chef in the Kitchen: Enabling Accurate SBOMs Via Hermetic Builds - Adam Cmiel, Red Hat

Monday June 23, 2025 2:45pm - 3:05pm MDT

Bluebird Ballroom 3B

Imagine your source repository is a kitchen, and the CI task that builds your software is a chef cooking soup. Most attempts to obtain the list of ingredients for the soup will fall into one of two categories.

"Source SBOM" tools gather the list of ingredients by scanning the entire kitchen. There are some recipes and ingredients in the kitchen, but are all of them relevant? Are they correct and complete? What if the chef looks up the recipe online and then orders the missing ingredients?

"Analyzed SBOM" tools try to derive the list of ingredients from the finished soup. This is hard to do well, impossible when the ingredients dissolve completely. And the tool has no chance of knowing where the ingredients came from.

How about we do this: Select the right recipe(s) for the soup. Buy all the ingredients ourselves. Leave them in the kitchen and lock the chef in there until the meal is done. We now have a complete list of ingredients (or a failed soup), and we know where we got them.

Meet Hermeto, a tool that enables your CI pipeline to lock the chef in the kitchen!

Speakers

Adam Cmiel

Senior Software Engineer, Red Hat

I'm a software engineer at Red Hat. I work on Konflux, an open-source CI/CD system focused on supply chain security (that we also use internally at Red Hat to build and release products). I focus on enabling builds to be as secure as possible.

OSS NA 2025 Hermeto pdf

Monday June 23, 2025 2:45pm - 3:05pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate
Session Slides Yes

3:35pm MDT

Lightning Talk: Intentrace: A Contemporary Take on Strace - Mohammad Khalid, Independent

Monday June 23, 2025 3:35pm - 3:45pm MDT

Bluebird Ballroom 2D

Understand how all binaries interact with the linux kernel, how the linux kernel sees userspace code, how it expects it to behave, and how you, an author of such programs, should in response interact with it. intentrace is a rewrite of strace in Rust. currently in Beta.

Speakers

Mohammad Khalid

Software Engineer

A Mechanical Engineer and current Rust programmer. Mohammad had a short stint in manufacturing, and another in Oil & Gas, and is now actively working with Linux internals and Low Level Programming.

slides pdf

Monday June 23, 2025 3:35pm - 3:45pm MDT
Bluebird Ballroom 2D

Linux

Audience Experience Level Beginner
Session Slides Yes

3:35pm MDT

Reducing the Risk of Source Tampering With SLSA - Tom Hennen, Google

Monday June 23, 2025 3:35pm - 3:55pm MDT

Bluebird Ballroom 3B

In 2023 Supply-chain Levels for Software Artifacts (SLSA) was released. It provided a framework for protecting software from tampering within the CI/CD workflow from source to publication. Now it’s nearing completion of the SLSA Source Track which brings a similar level of assurance to the management of source code.

The Source Track addresses the threat of tampering with source code within the repository and allows malicious changes to source to be attributed to the actors that introduced those changes. In addition, it provides a framework for recording additional results about source revisions such as if a code review was performed or if the source was analyzed by SAST tools.

We’ll cover how this track can prevent attacks like the 2021 attack against PHP where malicious commits were added to the PHP repository and how it can be used to ensure additional controls (like code review) are implemented to protect against attacks like the recent one against xz. Finally we'll discuss how the source track can be implemented in existing source control systems by examining a proof-of-concept that enables Source Level 3 without specialized support from the source control platform.

Speakers

Tom Hennen

Senior Staff Software Engineer, Google

Tom is a Senior Staff Software Engineer at Google where he’s a UTL on the Software Supply Chain Integrity program. He’s responsible for securing the internal software supply chain, while limiting toil. His focus is ensuring interoperability, extensibility, and adoption of Google’s... Read More →

SLSA Source Track OSS NA 2025 pdf

Monday June 23, 2025 3:35pm - 3:55pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate
Session Slides Yes

3:35pm MDT

A Brief History of Kubernetes Fleet Controllers & Essential Features - Mickael Alliel, Komodor

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2G

Managing a few Kubernetes clusters may be feasible, but scaling up to hundreds or thousands introduces unique challenges. At a 100:1 cluster to engineer ratio, standardization, observability, security, and access control become pressing issues. This is when DevOps must shift from "infrastructure engineers" to "platform engineering," where infrastructure needs are fully automated and self-service.

As K8s adoption grows in large organizations, demand for "massive multi-cluster fleet management" support has intensified. This talk examines essential features for Kubernetes fleet controllers, offering a fast-paced review of five open-source tools: Clusternet, Karmada, Crossplane, ClusterAPI, and Rancher. Each tool's unique strengths in provisioning, management, and application support will be covered, showing how each addresses multi-cluster management challenges.

This approach will provide a replicable framework to evaluate & choose the right tools based on specific organizational needs.

Speakers

Mickael Alliel

Backend Tech Lead, Komodor

Mickael is a self-taught developer turned DevOps, passionate about automation, innovation, and creative problem-solving. Mickael enjoys challenging himself and experimenting with new technologies and methodologies. Currently, he is working on developing the next-gen K8s troubleshooting... Read More →

A Brief History of Kubernetes Fleet Controllers & Essential Features Mickael Alliel pdf

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate
Session Slides Yes

3:35pm MDT

Extending Power Over Ethernet to the LTC4266 - Kyle Swenson, Ericsson Software Techology

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2A

Leveraging the recently added Power over Ethernet (PoE) Power Supply Equipment (PSE) support, this talk will go over the current status and the experience implementing support for the LTC4266, the last major PSE chipset on the market. We'll go over the basics of Power over Ethernet, the existing upstream support and in-kernel framework, the user-space interface for controlling PSE, and then dive into the LTC4266 driver specifics.

Speakers

Kyle Swenson

Prinicpal Engineer, Ericsson Software Techology

Kyle maintains the open-source components in the embedded Linux distributions that run on Ericsson's Enterprise Wireless Solution routers, primarily working with the Linux kernel.

ExtendingPoE LTC4266 pdf

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Intermediate
Session Slides Yes

3:35pm MDT

What’s New in Valkey - Madelyn Olson, Amazon & Ping Xie, Google

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2C

Valkey is the leading open-source database for building high performance applications that are compatible with the Redis API. It natively integrates with many popular frameworks and is commonly used for a wide range of applications such as caching, session storage, streaming, and more. In this talk, hear from members of the Valkey technical steering committee discuss some of the exciting new functionality that has been released including the new bloom filter data type, vector similarity search, and a new hash table implementation that reduces memory overhead and improves performance. We'll talk about how these functionalities enable next generation use cases and what's coming in upcoming releases.

Speakers

Madelyn Olson

Software Engineer, Amazon

I work primarily on the open source Redis project and evangelize the importance of open source software development.

Ping Xie

Senior Staff Software Engineer, Google

Ping Xie is a maintainer of Valkey and a Senior Staff Software Engineer at Google, working on GCP Memorystore. As an active contributor to Valkey, Ping focuses on core development, community engagement, and ensuring Valkey remains a reliable and adaptable solution for a wide range... Read More →

OSS Summit NA talk (2) pptx

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2C

Open AI + Data

Audience Experience Level Intermediate
Session Slides Yes

3:35pm MDT

Panel Discussion: The Impact of Funding for Sustainable Open Source Projects - Georg Link, Bitergia; Andrew Nesbitt, Ecosyste.ms; Dawn Foster, CHAOSS; Alyssa Wright, Bloomberg

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3C

Open source software has become ubiquitous and can be found in almost every codebase, but sustaining those open source projects and communities over the long-term can be a challenge. Much of the critical infrastructure that we all rely on is made up of open source projects that lack the resources to be properly maintained over the long term. Companies, public institutions, and philanthropic organizations are beginning to fill this gap, but measuring the impact of this funding is an ongoing challenge. Funders need to be able to understand the impacts to justify future rounds of funding as well as to optimize funding approaches whilst mitigating ineffective or even harmful approaches.

In this panel, we’ll talk about what we’ve learned from public funding programs in Europe and corporate FOSS funds along with measuring the impact of those funding initiatives. We’ll discuss the challenges that funders have to understand how their funding can have positive or negative impacts on open source projects with different characteristics. The audience will gain an appreciation for funding initiatives for open source projects and how to understand and maximize the impact of those initiatives.

Speakers

Andrew Nesbitt

Software Engineer, Ecosyste.ms

Andrew, a software engineer based in UK, channels his efforts into Ruby programming, open source collaboration, and fostering local developer communities. He's deeply engaged with Ecosyste.ms, his current project, which prioritizes sustainability and discovery within open source... Read More →

Georg Link

Open Source Strategist and Director of Sales, Bitergia

Georg’s mission is to make open source more professional by using community metrics and analytics. Georg cofounded the CHAOSS Project to advance analytics and metrics for open source project health. Georg is an active contributor to several projects and has often presented on open... Read More →

Dawn Foster

Director of Data Science, CHAOSS

Dr. Dawn Foster works as the Director of Data Science for CHAOSS where she is also a board member / maintainer. She is co-chair of CNCF TAG Contributor Strategy and an OpenUK board member. She has 20+ years of experience at companies like VMware and Intel with expertise in community... Read More →

Alyssa Wright

Open Source Program Office, Bloomberg

Alyssa Wright co-leads Bloomberg's Open Source Program Office (OSPO) in the Office of the CTO, where she champions the firm's open source strategy and engagement. Guided by the motto "be curious, solve problems, do good," Alyssa focuses on creating positive impact through open source... Read More →

Funding Impact Panel OSSNA2025 pdf

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Intermediate
Session Slides Yes

3:35pm MDT

Navigating the Challenges of Meeting Government SBOM Regulations in Decoupled Architectures - Tracy Ragan, DeployHub, Inc

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3F

As government regulations, such as Executive Order 14028 - Improving the Nation's Cybersecurity, drive organizations to adopt Software Bill of Materials (SBOM) reporting, modern software systems face unique challenges in achieving compliance. Decoupled cloud-native architectures—comprised of microservices, containers, APIs, and distributed dependencies—make it exponentially more difficult to produce accurate, real-time SBOMs. This talk explores the complexities of implementing SBOM practices in distributed environments, the risks of non-compliance, and strategies to streamline compliance efforts.

Speakers

Tracy Ragan

CEO, DeployHub, Inc.

TracyRagan June23 335PM NavigatingSBOMGovernmentRegs pdf

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3F

OpenGovCon

Audience Experience Level Beginner
Session Slides Yes

3:35pm MDT

Sponsored Session: Operational Data Stores for Financial Risk Mitigation - Bryce Curtis, Discover

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3H

Managing risk is always top-of-mind in the financial industry and mitigation is essential to reduce it. One significant risk is the software supply chain that represents the complex network of processes, tools and stakeholders involved in the development, distribution and deployment of software throughout the entire software development lifecycle (SDLC). Operational Data Stores (ODS) can be used to help mitigate the risk associated with software running in any enterprise. They accomplish this by aggregating and correlating operational data from across the disparate systems and tools that comprise the SDLC pipeline into a single, standards-based software bill of materials (SBOMs) data model. By providing real-time data access for investigational queries and composite views of all applications for stakeholders and regulatory agencies, risk associated with the full lifecycle of software management and consumption can be mitigated. Join this session to see how Discover is embracing Operational Data Stores and how it can apply to the broader enterprise community.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Speakers

Bryce Curtis

Expert Solution Innovator, Discover

Bryce Curtis is an Expert Solution Innovator in the Discover Financial Serves R&D Lab, where he is a technology leader and researcher for numerous emerging technologies and projects. Bryce has been active in the open source community for many years and believes that open source enables... Read More →

OSSummit pdf

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3H

Operations Management

Session Slides Yes

3:35pm MDT

Open Source as a Business Imperative: Leveraging PEST Analysis for Strategic Alignment - Kazumi Sato & Masayuki Kuwata, Sony Group Corporation

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3G

Open source has become a critical component of modern business strategy, yet its importance has often been overlooked in traditional strategic discussions. This presentation demonstrates how PEST analysis can be used to clarify its strategic value.

We validated Sony's history with open source initiatives in electronics, gaming, and film production, this analysis shows how these efforts aligned with favorable external factors. This provides insights into how open source drives innovation and talent acquisition.

Looking forward, this presentation explores how companies can strategically align their open source initiatives with current political, economic, social, and technological trends. This includes understanding the impact of emerging regulations, generative AI, and the evolution of distributed collaboration.

Participants gain valuable insights into the strategic importance of open source and learn how to effectively advocate for open source initiatives within their organizations. This presentation offers practical tips for engaging both management and engineers in open source activities, ensuring that open source becomes a key driver of business success.

Speakers

Kazumi SATO

Chief Software Engineer, Chief Open Source Strategist, Distinguished Engineer, Sony Group Corporation

Kazumi SATO is a Distinguished Engineer in Sony.

Masayuki Kuwata

Senior Manager, Sony Group Corporation

Masayuki Kuwata is the OSPO leader of Sony Group Corporation since April 2022.

OSS NA25 PEST Analysis for Strategic Alignment KSATO MKuwata pdf

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3G

OSPOCon

Audience Experience Level Intermediate
Session Slides Yes

3:35pm MDT

Documenting the Design of the Linux Kernel - Chuck Wolber, The Boeing Company; Kate Stewart, The Linux Foundaiton; Gabriele Paoloni, Red Hat

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3D

As part of a broader effort to document the architecture and design of the Linux Kernel, we propose a method to formally describe low level developer intent in the form of testable expectations (i.e. requirements). This will provide a fact based foundation for pass/fail test development, test validation via code coverage tools, support optional traceability to higher level design, and enable tool development for process automation.

This talk is a continuation of the proposal for Linux Kernel Requirements that formally originated at the 2024 Linux Plumbers Safe Systems with Linux Mini-conference, and further updated at the December 2024 ELISA Workshop at Goddard Space Center.

This edition will present the current state of the requirement template design, provide examples of Linux kernel source code instrumented with low level requirements, present technical explanations for template design decisions, and provide an opportunity for feedback from the developer community.

Speakers

Chuck Wolber

Associate Technical Fellow, The Boeing Company

Chuck Wolber is a Boeing Associate Technical Fellow primarily focused on embedded platform engineering. He has developed multiple DO-178C certified Linux platforms currently in service on Boeing production aircraft. Chuck is co-author of the book Linux Toys, he is credited with contributions... Read More →

Kate Stewart

Vice President of Dependable Embedded Systems, The Linux Foundation

Kate Stewart works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. Since joining The Linux Foundation, she has launched the ELISA and Zephyr Projects, as well as supporting other embedded projects... Read More →

Gabriele Paoloni

Sr SW Principal Engineer, Red Hat

Gabriele Paoloni is an Open Source Community Technical Leader at Red Hat.

20250623 OSSNA Linux Kernel Requirements pdf

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3D

Technical Documentation

Audience Experience Level Any
Session Slides Yes

3:35pm MDT

Real-Time I/O (RTIO) for Developing Real-Time Zephyr Applications - Luis Ubieda, Croxel

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2B

RTIO is a relatively new subsystem in Zephyr, and it enables applications to perform time-critical I/O operations.

This presentation covers:
- Basics of RTIO.
- Async vs Sync paradigms.
- In-tree examples of RTIO: Sensors and Bus drivers.
- Integration guide: how to use RTIO in your Zephyr application.
- Demo: Comparison of Sensor driver with RTIO vs without RTIO.

This presentation is for you:
- You want to learn about RTIO.
- You struggle at achieving real-time performance in Zephyr applications.
- You want to optimize performance of your existing application.

Speakers

Luis Ubieda

Lead Firmware Engineer, Croxel

Luis Ubieda is the Lead Firmware Engineer at Croxel. He is a Zephyr TSC electee and is an active Zephyr collaborator in Sensors and RTIO.

OSSNA 2025 RTIO for Developing Real Time Zephyr Applications 250620B pdf

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2B

Zephyr

Audience Experience Level Beginner
Session Slides Yes

3:55pm MDT

Securing OIDC Federation in CI/CD Workflows - Billy Lynch, Chainguard

Monday June 23, 2025 3:55pm - 4:15pm MDT

Bluebird Ballroom 3B

OIDC and workload identity are fantastic ways to improve the security of CI/CD workflows. They offer a mechanism to get rid of traditional long lived keys and access tokens, with many APIs offering ways to use these tokens across environments.

However, the security of identity federation is only as strong as the policies that back them. If used incorrectly, it can be exploited to gain access to sensitive resources and potentially compromise your supply chain to use your own CI/CD platform against you.

In this talk we'll do a deep dive on OIDC and identity federation. We'll look at some of the common risks that come while using it, and strategies to help secure your environment and define strong security policies.

Speakers

Billy Lynch

Staff Software Engineer, Chainguard

Billy is a staff software engineer at Chainguard, working on developer tools and securing software supply chains for everyone! He is a contributor and maintainer to the Sigstore, Tekton, and gittuf projects, and is the creator of gitsign. Prior to working at Chainguard, Billy worked... Read More →

OSSNA 2025 Securing OIDC Federation in CI CD Workflows (1) pdf

Monday June 23, 2025 3:55pm - 4:15pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate
Session Slides Yes

4:30pm MDT

How We Progressively Deliver Changes To Kubernetes Using Canary Deployments and Feature Flags - Bob Walker, Octopus Deploy

Monday June 23, 2025 4:30pm - 4:50pm MDT

Bluebird Ballroom 3B

This is the case study of how we changed how we ship software.

With thousands of customers, each in their own Kubernetes container, deploying updates was tough. Off-hours schedules meant it took over 24 hours to push a new version. If something broke, we had to scramble. Canary deployments let us update small groups of customers at a time. We built a tool to stop rollouts fast when issues appeared, limiting the damage.

In the past, new features went to everyone at once. Rolling back wasn't an option. If something failed it'd leave customers stuck in the mess. Now, using OpenFeature, we hide new functionality behind feature flags. We release features to small groups, gather feedback, and test internally for weeks. If things go wrong, we flip the flag off and move on.

This two-pronged approach lets us avoid risky big-bang releases. We went from deploying every 10 days to every 4, with fewer than 1% high-severity defects. Most of these are resolved before customers notice them.

Speakers

Bob Walker

Field CTO, Octopus Deploy

Bob Walker is a Field CTO Octopus Deploy. Bob started as a developer in the early days of .NET when web forms were the hottest new thing, and manual deployments were the norm. After one too many five-hour 2 AM Saturday deployments, he searched for any automation to stop that pain... Read More →

[CDcon] Progressive Delivery to Kubernetes with Canary and OpenFeature pdf

Monday June 23, 2025 4:30pm - 4:50pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate
Session Slides Yes

4:30pm MDT

Harnessing Observability for 5G Performance: eBPF and OpenTelemetry Innovations - Fatih E. Nar & Jamie Parker, Red Hat

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2G

This session explores the integration of eBPF and OpenTelemetry (OTel) for achieving unparalleled observability and performance in 5G networks. By leveraging the K8s Operator framework, we demonstrate the Kubernetes-native deployment of advanced observability tools, including the bpfman stack for managing eBPF programs and the OpenTelemetry Operator for scalable telemetry pipelines. Participants will gain actionable insights into optimizing 5G Cloud Native Network Functions (CNFs) through precise observability, robust performance metrics, and real-time diagnostics, while ensuring security and multi-tenancy.

Speakers

Fatih E. Nar

Distinguished Architect, Red Hat

Fatih E. NAR brings extensive experience and influence to Linux, OpenStack, and Kubernetes ecosystems. His contributions drive progressive development and foster a robust TME community. With a background at Google, Verizon Wireless, Canonical Ubuntu, and Ericsson, Fatih's diverse... Read More →

Jamie Parker

Principal Product Manager, Red Hat

Jamie Parker is a Product Manager at Red Hat who specializes in Observability, particularly in the Logging and OpenStack areas. At Red Hat, Jamie works with organizations and customers to learn about their needs within the ever changing Observability landscape, and based on their... Read More →

2025 OSS Denver TelcoObservability pdf

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate
Session Slides Yes

4:30pm MDT

Intuit Journey To Unified Observability at Scale: Challenges, Benefits and Lessons Learned - Kalyan Kolachala & Ashwini Dulam, Intuit

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2F

At Intuit we have ~320 Kubernetes clusters running with ~8000 services and ~40 addons in a cluster which generate ~2 billion active time series metrics, 10 million Trace spans/sec and ~ 1.2PB of log data ingested (peak) in a single day. This talk focuses on Intuit’s journey from standalone, siloed, proprietary solutions for logs, metrics and traces to a unified observability solution. This is made possible with a data management architecture that enables seamless navigation and correlation between different observability pillars, usage of AI/ML techniques to quickly detect and isolate problems, UX that brings all the elements of data discovery with an interactive experience and high level features like golden signals, RUM (real user monitoring) and FCI (failed customer interactions). All of this leading to significantly lower MTTD and MTTI. We also discuss the challenges, choices, trade offs, benefits and lessons learned during this journey.

Speakers

Kalyan Kolachala

India SIte head for developer platform, Intuit

Kalyan is a senior engineering leader with experience in delivering world class, enterprise products and platforms involving AI/ML, genAI, SaaS, Kubernetes, Cloud, big data and observability. At the current job at Intuit and previously at Hitachi Vantara, he has been responsible for... Read More →

Ashwini Dulam

Principal Engineer, Intuit

Ashwini is a Principal Software Engineer for the Intuit Observability and Analytics team in Bangalore, India. One of Ashwini’s current day-to-day focus areas is on the various challenges in building scalable, data and AIOps solutions for solving problems in the observability domain... Read More →

Open Source Summit Presentation pdf

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2F

Cloud + Containers

Audience Experience Level Intermediate
Session Slides Yes

4:30pm MDT

How To Accelerate Software Defined Vehicle(SDV) With OSS - Yuichi Kusakabe, Honda Motor Co., Ltd.

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2A

This presentation is the story of Honda's first in-house software development of IVI(In-Vehicle Infotainment) software.
Why Honda promotes in-house software development - Building an in-house software development team that started with two people, All development process from scratch, There is no silver bullet that will solve many problems.
However, we were able to launch this model successfully based on Honda's DNA of Waigaya, A00, and 120% quality products. The key to this is the use of AOSP(Android Open Source Project) and some OSS.
This presentation will show how a traditional automotive OEM like Honda was able to create an in-house software development team and use OSS, including AOSP. By applying OpenChain(ISO/IEC 5230) self-certification and SPDX Lite to our development process, we solved many problems and achieved a higher starting point.
However, vehicles have difficult requirements, so we will tell you the points to minimize the customization of OSS.

Speakers

Yuichi Kusakabe

Chief Architect / OSPO Tech Lead, Honda Motor Co., Ltd.

Yuichi Kusakabe is the Chief Architect at Honda Motor Co., Ltd. , AGL(Automotive Grade Linux) member and COVESA(Connected Vehicle Systems Alliance) member since 2011 with over twenty years of Automotive and Open Source Software Experience. Prior to joining Honda Motor he worked for... Read More →

HowToAccelerateSoftwareDefinedVehicle(SDV)withOSS pdf

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Beginner
Session Slides Yes

4:30pm MDT

Improve Load Balancing With Machine Learning Techniques Based on the Sched_ext Framework - Jim Huang, National Cheng Kung University

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2D

This talk presents a method to enhance CPU scheduling by leveraging machine learning (ML) to extract the key features necessary for task migration, allowing for dynamic and stable optimization of workloads in scenarios prone to CPU imbalance. The approach is built on the sched_ext framework, which integrates eBPF to support user-defined scheduling policies within the Linux kernel.

While conventional approaches maximize CPU utilization, they often overlook contention for lower-level hardware resources, leading to performance bottlenecks -- particularly in compute-intensive servers. By using an ML-based, resource-aware load balancer, this method effectively addresses such imbalances. With sched_ext, we can collect training data and run inference on the model without modifying the kernel.

Our experiments demonstrate that, for certain workloads, this ML-driven approach can outperform EEVDF, offering notable performance gains for the CPU scheduler.

Speakers

Jim Huang

Assistant Professor, National Cheng Kung University

Improve Load Balancing With Machine Learning Techniques based on sched ext pdf

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2D

Linux

Audience Experience Level Beginner
Session Slides Yes

4:30pm MDT

Security Vibe Check: Which Malware Are You? - Elitsa Bankova & Jess Lowe, Google

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3A

Okay, besties, real talk. Your code's dependencies? They're giving… chaotic energy. Like, are you even SBOMing? 💅
We've all seen the drama. log4j? xz utils? Straight-up trauma. But like, where do you land on the security spectrum? Are you accidentally downloading typosquatted packages because you're living your best, most chaotic life? Or are you a security queen, catching backdoors before they even exist? ✨
This talk is basically a giant vibe check for your security habits. We're gonna do a quick, brutal quiz – think 'are you the drama?' but for your code – and find out which iconic supply chain meltdown matches your energy.
We'll spill the tea on real-world attacks, from the 'oops, that’s a backdoor’ to the 'someone’s running Doom on Minecraft servers again' level. And we’ll give some practical advice on how to have good security posture. Stretch, queen!
If your security is giving 'main character energy' (and not in a good way), you need to be here. Let's level up our security game, avoid becoming the next trending security disaster, and maybe even get some clout for actually knowing when lockfiles actually help. 😉

TL;DR: Quiz, memes, securi-tea. 🫖 Don't be a vulnerability.

Speakers

Elitsa Bankova

Software Engineer, Google

Elitsa is a Software engineer at Google, Australia and is working on Open Source security. She has lived in over 4 countries: born in Bulgaria, she graduated from the University of Edinburgh and worked in Google Switzerland before moving down under. Outside of work, you can find her... Read More →

Jess Lowe

Software Engineer, Google

Jess is a Software Engineer in the Google Open Source Security Team working on OSV.dev and OSV-Scanner.

Which malware are you pdf

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3A

Open Source 101

Audience Experience Level Any
Session Slides Yes

4:30pm MDT

Sponsored BoF: Cultivating Quality in Open Source: Modern Strategies for Shared Responsibility - Lance Willett, Automattic

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3H

Maintaining high software quality in large, distributed open source projects presents unique challenges. At Automattic, with projects like WordPress.org, WordPress.com, Jetpack, and WooCommerce, we navigate shared responsibility, diverse contributor quality, and the critical need for stability and backward compatibility across vast ecosystems (WordPress.org: 55,000+ plugins, 13,000+ themes).

This BoF will explore practical, modern approaches to elevate quality for projects of any size. We’ll discuss:

Foster a culture where quality is a core value for all contributors, not a second-hand chore
Scale quality efforts even with limited resources & volunteer fatigue
Leverage AI-assisted workflows for code reviews, automated tests, bug triage, & repo maintenance
Boost engagement with community-focused initiatives like “Testathons” or “Bug Scrubs”

Join us to share experiences and brainstorm solutions to build robust quality practices in open source. Collectively, let’s stay ahead of the game to ensure the long-term health of our projects.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Speakers

Lance Willett

Chief Quality Officer, Automattic Inc.

Lance Willett leads quality at Automattic, the company behind WordPress.com, WooCommerce, Beeper, Gravatar, and more. With over 15 years in open source, Lance aims to create enduring value through freemium business models. Known for web publishing and CMS, he’s an emeritus core... Read More →

OSS NA25 Lance Willett Quality in Open Source BoF pdf

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3H

Open Source Leadership

Session Slides Yes

4:30pm MDT

Travel Retail Disruption using Open Source - Stu Waldron, Open Travel Alliance

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2E

Travel retail, shopping and booking stays, activities, or trips, is ripe for disruption using open source. The travel industry was a pioneer in worldwide interconnectivity between suppliers and sellers starting in the 1970s. Fifty years on the process of shopping and purchasing travel products has been computerized exposed online but works largely the same as it always did. Even as some legacy components have been replaced, their limitations are still present embodied in workflows and policy. Stateful, transactional, processing is still the order of the day. It all needs to be overhauled to move into a stateless, cloud based, digital world. Unaffordable in the current bespoke, siloed world of reservation systems, distributors and channels. Open Source is the obvious answer. As a community make one investment to create the needed foundational capabilities such as offer/order management, security, identity management, event management, rules processing and much more. Noncompetitive functions everyone needs to create traveler solutions such as end to end trip solions and management via an AI powered app. This session will explain how it works.

Speakers

Stu Waldron

Director, Open Travel Alliance

44 years in travel IT. From Mainframes in the 70s to microservices and cloud exploitation. Recently a VP of architecture for a major travel IT provider.

OSS Travel Disruption Denver SW pdf

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2E

Open Source Leadership

Audience Experience Level Beginner
Session Slides Yes

4:30pm MDT

Enhancing SBOM Generation: Filling the Gaps To Make Actionable SBOMs - Ian Dunbar-Hall, Lockheed Martin & Gary O'Neall, Source Auditor Inc.

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3F

Most developers generating SBOMs use a tool like Syft or Trivy and yell “SHIP IT!” While this might generate an NTIA Minimum Field adherent SBOM, it often lacks information that truly makes it actionable for downstream users.

This talk covers the work of a CISA SBOM Community Tiger Team who created SBOM Generation Reference Implementations for multiple languages and scenarios. We will discuss the distinct phases of SBOM generation and highlighting how each step contributes to a more robust and actionable SBOM. By expanding the SBOM authoring process, organizations can better integrate multiple data sources, enhance metadata accuracy, and customize their workflows to align with evolving security frameworks. This approach enables tool interchangeability while maintaining data integrity and transparency.

Additionally, we will explore implementations, including the integration of SBOM generation into CI/CD pipelines using GitHub and GitLab, supporting multiple programming languages, and ensuring interoperability with both CycloneDX and SPDX formats. We will also discuss ecosystem challenges such as supplier identification, license consistency, and benchmarking completeness.

Speakers

Ian Dunbar-Hall

Open Source Program Office, Lockheed Martin

Ian is a holds the position of Chief Engineer for Lockheed Martin Software Factory and specializes in DevSecOps and full stack engineering. Additionally he is a maintainer on SBOMit and an OpenSSF Governing Board General Member Representative.

Gary O'Neall

Founder and Principal Consultant, Source Auditor Inc.

Gary is a contributor to the Software Package Data Exchange® (SPDX™) - an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. Gary has contributed several open source tools.Gary O’Neall is... Read More →

Open Source Summit SBOM Generation pdf

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3F

OpenGovCon

Audience Experience Level Intermediate
Session Slides Yes

4:30pm MDT

Docs That Scale: Strategies for Sustainable Documentation in Open Source Projects - Zainab Daodu, WriteTech Hub

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3D

When documentation becomes outdated, projects lose contributors, support burdens increase, and adoption slows. Yet, many open-source projects struggle to keep their docs evolving alongside their code.

This session presents proven strategies to turn documentation from a pain point into a sustainable asset:

Integrate Docs into Development: Use PR templates, labels, and automation to embed docs in the dev workflow, so updates happen by default, not as an afterthought.
Establish Governance: Assign documentation maintainers, rotate stewardship, and bring visibility into doc responsibilities.
Master Versioning: Align docs with releases through changelog workflows, release gates, and readiness checks.
Leverage Automation: Run style linting, broken link checks, and auto-generate API references from OpenAPI specs using tools like Redoc.
Build a Documentation Culture: Lower contributor barriers with templates, contributor guides, and recognition.

You'll leave with adaptable workflows, live tooling examples, and practical templates that scale across any stack, from open source to enterprise. Whether you’re a maintainer, contributor, or solo writer, this session equips you to make documentation a sustainable, collaborative part of your development process.

Speakers

Zainab Daodu

Founder, Senior Technical Writer, WriteTech Hub

Zainab Daodu is a Senior Technical Writer with a background in software engineering and DevOps, specializing in turning complex tech into clear, impactful documentation. She has worked with Google, Cisco, Tealium, Jenkins, and Wikimedia Foundation, enhancing developer experiences... Read More →

Strategies for Sustainable Documentation in Open Source Projects by Zainab Daodu, WriteTech Hub pdf

Strategies for Sustainable Documentation in Open Source Projects by Zainab Daodu, WriteTech Hub pptx

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3D

Technical Documentation

Audience Experience Level Intermediate
Session Slides Yes

4:30pm MDT

Optimizing Zephyr for Peak Performance - Jacob Beningo, Beningo Embedded Group

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2B

The Zephyr Project is a leading open-source RTOS for resource-constrained, real-time applications. Its modularity, vendor neutrality, and rich ecosystem make it a powerful choice for embedded developers. However, achieving peak performance requires a deep understanding of Zephyr’s internals and optimization strategies.

This session explores techniques to optimize Zephyr applications for efficiency, low latency, and real-time predictability. Attendees will learn how scheduling, memory management, and interrupt handling impact performance and how to fine-tune these elements for specific workloads. We’ll cover configuring Zephyr for high-performance execution, reducing runtime overhead, and debugging bottlenecks.

Key topics include:
• Zephyr’s scheduling model and task prioritization
• Optimizing interrupts and reducing latency
• Fine-tuning memory management and resource allocation
• Profiling and debugging performance issues
• Advanced optimizations for power efficiency and I/O

Whether you’re developing for IoT, industrial automation, or real-time control, this session will equip you with practical strategies to maximize Zephyr’s performance and reliability.

Speakers

Jacob Beningo

CEO / Founder, Beningo Embedded Group

Jacob Beningo helps embedded teams modernize software architecture, streamline development, and adopt best practices for high-quality, real-time systems. As founder of Beningo Embedded Group, he provides expert training and guided learning to improve code quality, accelerate development... Read More →

Beningo 2025 OptimizingZephyrForPeakPerformance pdf

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2B

Zephyr

Audience Experience Level Beginner
Session Slides Yes

5:45pm MDT

Lightning Talk: LF Energy SEAPATH: Building an Open Source Ecosystem for the Energy Industry - Christophe Villemer, Savoir-faire Linux

Monday June 23, 2025 5:45pm - 5:55pm MDT

Bluebird Ballroom 3C

The LF Energy SEAPATH project has reached a major milestone with its V1 release in January 2025, establishing itself as the open-source reference for virtualized digital substations. Over the past five years, the project has grown into a structured, collaborative effort that bridges utilities, vendors, hardware manufacturers, and tech companies—unifying a traditionally conservative industry around open innovation. This talk will explore the SEAPATH journey: from its inception as a technical initiative to its current role as a strategic enabler of IT/OT convergence in energy systems. Attendees will gain insights into the challenges of engaging industry stakeholders, the best practices that have sustained growth, and the lessons learned in building an ecosystem where open-source principles drive real-world adoption. SEAPATH’s success is also a testament to the power of community-driven collaboration enabled by LF Energy, which has provided a neutral, trusted framework to bring together key players in the energy sector and accelerate open innovation.

Speakers

Christophe VILLEMER

Executive vice-president, Savoir-faire Linux

Christophe is an engineer entrepreneur passionate about creating value through collaboration. He has been involved in open source communities for 20 years also acting as an evangelist for numerous open source projects. At Savoir-faire Linux, he drives strategic and technological partnerships... Read More →

OSS NA25 SEAPATH Building Open Source Ecosystem for Energy Sector pdf

Monday June 23, 2025 5:45pm - 5:55pm MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Beginner
Session Slides Yes

10:20am MDT

10:30am MDT

11:20am MDT

11:20am MDT

11:20am MDT

11:20am MDT

11:20am MDT

11:20am MDT

11:20am MDT

11:20am MDT

11:20am MDT

1:30pm MDT

1:30pm MDT

1:30pm MDT

1:30pm MDT

1:30pm MDT

1:30pm MDT

1:30pm MDT

1:50pm MDT

2:25pm MDT

2:25pm MDT

2:25pm MDT

2:25pm MDT

2:25pm MDT

2:25pm MDT

2:25pm MDT

2:25pm MDT

2:25pm MDT

2:45pm MDT

3:35pm MDT

3:35pm MDT

3:35pm MDT

3:35pm MDT

3:35pm MDT

3:35pm MDT

3:35pm MDT

3:35pm MDT

3:35pm MDT

3:35pm MDT

3:35pm MDT

3:55pm MDT

4:30pm MDT

4:30pm MDT

4:30pm MDT

4:30pm MDT

4:30pm MDT

4:30pm MDT

4:30pm MDT

4:30pm MDT

4:30pm MDT

4:30pm MDT

4:30pm MDT

5:45pm MDT

Get help with the event