Open Source Summit North America 2025

Mutation testing is a powerful technique used to assess the effectiveness of software tests by introducing small, deliberate changes (mutations) to the codebase. These mutations simulate common coding errors, offering a robust way to evaluate how well existing test suites can detect potential faults. This talk will explore the principles behind mutation testing, its applications in real-world development cycles, and its potential to uncover gaps in test coverage that traditional testing methods may miss. Attendees will learn about the core concepts, tools, and strategies for integrating mutation testing into CI/CD workflow, as well as the challenges and best practices for maximizing its benefits. Whether you’re looking to improve the robustness of your tests or dive deeper into software quality assurance, this session will provide valuable insights into how mutation testing can take your software’s reliability to the next level.

This presentation explores how to create a multi-threaded version of Valkey by employing userspace Read-Copy-Update (RCU) to achieve high performance. With fewer than 2,000 lines of code modifications, we introduce a coordinator-worker pattern, enabling key-value stores like Valkey and Redis to handle tasks concurrently across multiple threads while using a per-thread event loop for I/O operations. Userspace RCU facilitates lock-free data sharing between a writer thread and multiple reader threads, dramatically improving read performance.

Our experiments show that the multi-threaded Valkey can achieve over one million operations per second on a standard server.

Debugging Linux kernel crashes is a fundamental skill for developers working in kernel development. In this session, we’ll dive into four of the most common crash types—null pointer dereference, stack overflow, use-after-free, and divide-by-zero. Using real-world examples from an Azure Linux VM, we’ll analyze dmesg logs, walk through kernel crash reports, and demonstrate how to effectively debug these issues using tools like gdb and KASAN.
Beyond debugging, we’ll explore the performance impact of kernel configurations. Specifically, we’ll examine how kernel command-line parameters influence performance, using the SRSO mitigation as a case study. This session will provide practical insights into debugging crashes and optimizing kernel performance, helping developers strike a balance between stability, security, and efficiency in real-world deployments.

Software is built for a purpose. The same property applies to build platforms!

We will show you how we are leveraging Tekton and Tekton Chains at Red Hat to create a build platform that meets developers where they are at. Developers start with the pipeline defined in their git repository – free for them to modify and update on their terms, with Tekton tasks ready to scan artifacts for vulnerabilities and Renovate pre-configured to help keep dependencies up to date.

This platform helps make sure that the artifacts are going somewhere. Using the detailed SLSA Provenance generated by Tekton Chains, the build platform enables policy driven development. Developers can see in their PRs whether they are on track to meet the target’s requirements – whether it is pushing to a development or production environment. Gone are the days saying “I didn’t know I had to do that!”

We won’t send the artifacts just anywhere, however, as we can tailor policies to ensure that you are meeting all of the requirements. The platform can inspect the provenance to ensure that artifacts are built using trusted steps and all required checks are good for takeoff!

The Responsible Generative AI Framework (RGAF) lays the foundation for ethical and transparent AI development. The RGAF was produced by the Responsible AI Workstream in the Generative AI Commons. The session will provide an introduction to the 9 Dimensions of the RGAF that provide a practical blueprint for building ethical, transparent, and sustainable AI. The session will also refer to the Responsible AI Pathways, a set of strategic directions designed to move from framework to implementation.

You can join the Generative AI Commons here.

Linux is widely regarded as being a strong choice for those who value a secure operating system, but what is it about Linux that earns it this reputation? In addition, while it may be more secure than alternatives, it is by no means impenetrable. What are the weaknesses in a Linux system and how are they commonly exploited by malicious actors? More importantly, what can be done by administrators to ensure that their system is as secure as possible? We will use an example of somebody setting up an Ubuntu web server as a starting point and discuss ways in which the web server can be hardened. We will highlight the importance of implementing best security practices such as using Linux Security Modules, configuring firewalls, and more. As we discuss these best practices, we will demonstrate ways in which failing to use them can leave the web server vulnerable to malicious actors. Ultimately, the audience will leave the talk with an understanding of how Linux systems are vulnerable to attacks, what can be done to harden a Linux system, and how implementing some of these best practices can prevent attacks.

Edge-based computer vision gives us real-time insights, but getting that data where it needs to go without high bandwidth, lag, or hardware strain is a big challenge. Learn how to build a fast, event-driven vision pipeline using WebRTC for real-time streaming and gRPC for lightweight commands. Whether for security cameras or IoT, you'll gain a practical blueprint for a scalable, open-source vision system to stay responsive at the edge while being cost-effective, adaptable, and cloud-independent.

As the fast-paced AI-driven landscape of computing continues to diversify, the importance of multi-arch container images cannot be overstated. Applications are no longer confined to data centers but extend across multiple platforms, devices, and appliances.

Wouldn’t it be great if we could build images for every architecture from just one machine? It would be even more amazing if we could do that without the slowness of emulation! This is where Podman farm comes in. Podman farm is a new feature that allows you to 'farm' out builds to groups of machines you have access to, enabling you to easily build multi-architecture images with a single command. In this talk, we will highlight the challenges of multi-architecture builds and demonstrate how Podman farm addresses them, keeping performance and usability in mind.

Container images that run seamlessly across different architectures ensure consistency, reduce complexity, and accelerate the development cycle. This session will empower attendees to develop on one architecture and deploy confidently on another.

This session provides a comprehensive overview of essential Linux networking concepts, from IP addressing and routing to practical troubleshooting techniques. Participants will learn to configure network interfaces, diagnose common network issues, and gain the confidence to manage Linux network environments effectively.

Open source has become mainstream; but not everyone knows what the term really means or how to succeed with it. New legal regulations such as the Cyber Resilience Act (CRA) in the EU will raise further awareness and require everyone to pay closer attention to open source software. However, there are also equal pressures to streamline and cut costs, often resulting in scaling back open source programs.

This panel brings you speakers in different job roles, including community manager, OSPO program compliance manager, open source maintainer, and standards lead. The panelists will explore their responsibilities, interactions and strategies for success to capture why each of these roles are critical to the success and sustainability of the open source ecosystem, whether we look at open source projects or corporate organizations whose products and services depend on open source.

Join us to learn about how you can build and leverage versatile teams to succeed with open source sustainably!

Managing metadata can be complex and time-consuming, but Apache Gravitino offers the ultimate solution. It provides a single source of truth for multi-regional data with geo-distributed architecture support. This allows you to store and manage your data in one place, accessible from anywhere globally. With unified data and AI asset management, you get centralized security and data access management, making data protection easier. Gravitino helps you focus more on your data by simplifying tasks and offering these benefits:
- Secure and centralized metadata storage and management
- Anytime, anywhere data access
- Streamlined data management with an easy-to-use UI
Gravitino is the ideal solution for simplifying metadata management processes.

In the fast-paced world of CI/CD, traditional code reviews can become a bottleneck, slowing down development and introducing risks due to human errors or inconsistencies. What if you could have an AI-powered assistant that reviews your code in real-time, providing actionable insights, detecting security vulnerabilities, and ensuring compliance—all while integrating seamlessly into your DevOps pipeline?

This session explores how Generative AI is transforming code reviews in CI/CD environments. We will dive into how AI-driven assistants can enhance developer productivity, improve code quality, and automate security and compliance checks.

We will cover:
The challenges of traditional code reviews in modern CI/CD workflows
How Generative AI enhances automated code reviews for speed and accuracy
Real-world use cases and best practices for integrating AI-powered code review assistants into your pipelines
The impact of AI on security, compliance, and developer experience
By the end of this session, you’ll understand how to leverage AI to make your CI/CD pipelines smarter, faster, and more secure—reducing friction in your development lifecycle while ensuring high-quality code.

How do you secure and control traffic for your north-south (ingress/egress) and east-west (service-to-service) traffic within your Kubernetes cluster? Do you have a unified approach for debugging, observability, and operational consistency across all traffic types?
With the growing maturity of the Kubernetes Gateway API, it’s now easier than ever to manage traffic in all directions with a unified and consistent approach. The Gateway API allows you to control and secure traffic flow without requiring application restarts, offering a seamless way to manage both ingress and egress traffic, as well as service mesh (east-west) communication.
This demo-driven session will showcase how to use the Kubernetes Gateway API to control traffic for both north-south and east-west directions. Leveraging Istio Ambient Mesh, Kgateway, and HTTP metrics, we’ll dynamically monitor application health, progressively roll out new versions, and control external API calls to optimize costs.

As confidential virtual machines become mainstream in confidential computing, the Arm Confidential Computing Architecture (CCA) was introduced as a key innovation of Arm v9 in 2021. Linaro has been deeply involved in integrating CCA into open-source projects over the past years.
In this presentation, we'll share the progress of our open-source enablement efforts. This includes the current status of fundamental software support and the next-stage plan for projects such as TF - A, Kernel, and Qemu. We'll also talk about container runtime adoption in Kata containers and Confidential containers. For instance, we'll detail the work on supporting CCA in Kata container runtimes with Qemu backend, like in kata-deploy. The support for guest-components and Trustee in Confidential containers will be covered too.
Remote attestation is another crucial aspect that can't be overlooked. To reduce solution fragmentation in open-source projects for production, Arm and Linaro are collaborating on an end-to-end experimental attestation platform using Veraison project components. We'll present a case study from the Confidential Containers project to show the practical adoption of these technologies.

Many organizations, companies, and departments are now eliminating DEI programs, and with this development, you may be asking what happens next. Even though DEI programs may be disappearing, the conversation around what it entails will still exist. How do we frame the conversation now, and what can we do to advocate on behalf of underrepresented groups? I will walk through some ways in which we can move forward. As someone who had to work with a global audience, I found that the term DEI did not always resonate with everyone. From that experience, I had to find ways to discuss the issues that DEI was meant to address, such as disparity in experiences, perceptions around fairness, the need for better communication processes, and psychological safety on teams. We can use these lessons with a global audience that had different histories and cultural contexts to ensure that conversation is relevant for everyone.

Welcome to this exciting session that's all about diving into the world of quantum computing!
🚀 Whether you're just starting out or already have some knowledge, we're here to guide you through the basics and help you get hands-on with programming quantum computers using cool open-source tools.
Forget all the jargon – we're here to break it down for you in a friendly and easy-to-understand way. From qubits to quantum gates and circuits, we've got you covered! You'll get to play around with frameworks like Qiskit, Cirq, and Pennylane while writing and running simple quantum algorithms. It's like a fun tech playground! 🎮 Curious about how quantum computing differs from classical computing and its real-world applications? We'll explore that too! And let's not forget the amazing open-source quantum frameworks that are driving innovation in this field. We're talking Qiskit, Cirq, Pennylane, and more – all waiting for you to explore.

By the end of this session, you'll be equipped with the basics and practical skills needed to kickstart your journey into the quantum computing world. Perfect for developers, researchers, and tech enthusiasts like yourself!

🌟 Ready to take the plunge? Join us for an exciting adventure in the quantum computing ecosystem!

Topics we'll cover: - Introduction to Quantum Computing: Think qubits, superposition, and quantum gates – we'll make it crystal clear! - Quantum vs. Classical Computing: Let's explore the differences and get a glimpse of the potential applications. - Open-Source Quantum Frameworks: Discover the wonders of Qiskit, Cirq, Pennylane, and more! - Hands-On Programming: Get your hands dirty writing and running simple quantum algorithms – it's all about learning by doing! - Real-World Use Cases: See how quantum computing is making waves in cryptography, optimization, and machine learning. - Community and Resources: Find out how you can be part of the quantum journey and leverage open-source projects.

🌈 So, grab your virtual seat and get ready to unlock the magic of quantum computing with us! Let's make learning together a blast! 🌌🪐

Over the past decade, open source and developer education have evolved dramatically. This talk explores key trends shaping the landscape, from shifts in bootcamp models and messaging to the role of open source in learning pathways. We'll examine what has persisted, what has transformed, and what these changes mean for educators, industry leaders, and learners. Whether you're building developer education programs, contributing to open source learning initiatives, or navigating the intersection of both, this session will provide valuable insights into the forces driving the future of developer education.

Key Themes:
- The enduring role of open source as both a learning tool and a career accelerant
- The impact of AI on developer education and skills acquisition

The rapid pace of innovation is accelerating, and the role of open technologies and methodologies (i.e., open source software, open AI, open data, open collaboration, etc.) have become increasingly critical to enable company competitiveness. Open Source Program Offices (OSPOs) have emerged as a best practice to facilitate company collaboration and innovation with open source software, yet this org pattern is flexible and scalable to other “opens”. Come explore how organizations can adapt their OSPOs to be Open Program Offices (OPOs) and respond to rapid advancements in openness, especially for open community AI.

In particular, we’ll discuss:
- How to optimize the OPO organization for AI – what is different and what is leverageable
- Practical approaches for embedding openness of all kinds into your organization
- Where best to locate an OPO in an organization and the implications of the options
- Extending to open standards and open hardware
- How to drive org alignment and shape your open strategy

Openness is more than a philosophy—it’s a competitive advantage for the future of AI and for community development of any size.