Open Source Summit North America 2025

Open machine learning (ML) models and datasets are rapidly becoming central to building AI applications. While this trend accelerates innovation and democratizes AI, it exposes applications to security risks like data poisoning and supply chain attacks. Threats like malicious backdoors hidden in pre-trained ML models hosted on major hubs like Hugging Face emphasize the wide reach compromises can have. So, how do we build trust in the ML lifecycle? 
This talk presents Atlas, a framework that combines open specifications for data and software supply chain provenance like Coalition for Content Provenance and Authenticity (C2PA) and Supply-chain Levels for Software Artifacts (SLSA) with the integrity features of transparency logs and trusted hardware to run attestable ML pipelines. First, we motivate the need to safeguard all layers of the ML lifecycle. We describe and demonstrate how Atlas’s three core mechanisms enable verification: (1) cryptographic artifact authentication, (2) hardware-based attestation of ML systems, and (3) provenance tracking across ML pipelines. Our Atlas demo integrates several open-source tools to build an end-to-end ML lifecycle transparency system.

Mainframes have been declared dead more times than JavaScript frameworks have been invented—but here they are, still running the backbone of global finance, government, and enterprise computing. And now? They’re running Kubernetes too.

This talk dives into the why and how of running Kubernetes on mainframes, from containerization on z/OS to networking, workload orchestration, and real-world use cases. We’ll break down the challenges, the benefits, and whether this is a clever hack or a genuinely viable approach for modern infrastructure. If you think mainframes are relics, think again—because they’re running microservices now.

The Overton window, a concept originating in politics, refers to the range of policies that are considered acceptable to a broad and diverse audience. In this session, we will share our experiences and recommendations on how to successfully adapt to shifting "Overton Windows", as they pertain to mainstreaming our platform to support a wide range of customer requirements while minimizing non-recurring engineering expenses. At Lockheed Martin, we have developed a modular open system that incorporates Secure Supply Chain and Cloud Native standards, enabling us to rapidly deliver capabilities to customers in highly regulated and diverse environments, while navigating the complexities of evolving requirements and priorities.

The ability to quickly observe and respond to security threats on remote machines is critically important for business and infrastructure, yet gaps still exist when applying cryptographic attestation solutions in real-world scenarios. Accessible policy generation, clear ways to understand attestation results, and methods for handling system updates need to be available to make remote attestation feasible. Adapting attestation best practices and tools to environments like edge and IoT, with vast scale requirements and limited network connectivity, can pose challenges as well.

Using the speakers’ experience working on open source projects Keylime (remote attestation) and flightctl (edge management), the session will walk through design considerations and challenges in bringing these tools together to monitor remote fleets of edge, IoT, and cloud-based systems at key points in the devices’ lifecycles. Further, the session will discuss remaining open problems as well as some potential solutions working toward the goal of usable, clear, and accurate attestation of remote systems.

How do you secure and control traffic for your north-south (ingress/egress) and east-west (service-to-service) traffic within your Kubernetes cluster? Do you have a unified approach for debugging, observability, and operational consistency across all traffic types?
With the growing maturity of the Kubernetes Gateway API, it’s now easier than ever to manage traffic in all directions with a unified and consistent approach. The Gateway API allows you to control and secure traffic flow without requiring application restarts, offering a seamless way to manage both ingress and egress traffic, as well as service mesh (east-west) communication.
This demo-driven session will showcase how to use the Kubernetes Gateway API to control traffic for both north-south and east-west directions. Leveraging Istio Ambient Mesh, Kgateway, and HTTP metrics, we’ll dynamically monitor application health, progressively roll out new versions, and control external API calls to optimize costs.