Loading…
June 23 - 25, 2025
Denver, Colorado
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Mountain Daylight Time (UTC/GMT -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
Company: Intermediate clear filter
arrow_back View All Dates
Wednesday, June 25
 

11:00am MDT

From CDEvents To Actions: Designing the Workflow Conductor - Dadisi Sanyika & Ben Powell, Apple
Wednesday June 25, 2025 11:00am - 11:20am MDT
Bluebird Ballroom 3B
The CDEvents specification has been around for some time but what are "we" doing with it? This talk peels back the layers of our journey from CDEvents to the engineering design of a "Workflow Conductor". We will examine how specific events can be translated into actionable steps, enabling the Workflow Conductor to manage and coordinate diverse CI/CD tools. The focus will be on how the declaration of intent is tracked across tools, maintaining a consistent and auditable process. Join us to discover the technical underpinnings of this system and learn how it can transform your software delivery pipeline.
Speakers
avatar for Dadisi Sanyika

Dadisi Sanyika

CDF Board Chair, Spinnaker TOC, Engineering Manage, Apple, Inc.
I am Board Chair for the Continuous Delivery Foundation (Linux sub-foundation) and lead a team of engineers at Apple dedicated to improving the Continuous Deployment experience for teams and the community. Our contributions are focused on extending scalability and multi-tenant capabilities... Read More →
avatar for Ben Powell

Ben Powell

Software Engineer, Apple
Ben is a software engineer at Apple for the Spinnaker team with previous experience at AWS for the AWS SDK and ECS team. He has contributed to various different tools, services, and proposals through the years, governs the Cloud SIG for Spinnaker, and is an active participant for... Read More →
Wednesday June 25, 2025 11:00am - 11:20am MDT
Bluebird Ballroom 3B
  cdCon

11:00am MDT

The 5 OSS Observability Resource Killers: What You Don't Know Can Cost You! - Amir Jakoby, Sawmills
Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2G
Our cloud native world has become more than just tooling, it's an entire ecosystem with many add-ons, complementary tools, when it comes to K8s CRDs, and services that provide its powerful capabilities and infinite scale...but at what cost?

In this talk, we'll share first of its kind research that will highlight the 5 most common OSS cloud native tools killing your observability costs. We'll start by exploring how different observability tools structure pricing, the complexities that compound cost calculation, and especially which OSS tools in your stack are the most resource-intensive services.

You'll discover how you can know whether it's KEDA or Karpenter, ArgoCD or Kyverno ballooning budgets. But don't panic! We'll wrap up with good practices for configuring popular tools to be more economical, so you can leverage the powerful K8s ecosystem without breaking the bank.
Speakers
avatar for Amir Jakoby

Amir Jakoby

CTO & Co-Founder, Sawmills
Amir Jakoby is a seasoned technology executive with over 18 years of experience in software engineering, leadership, & product innovation. He currently serves as Co-Founder and CTO of Sawmills.ai. Previously, as VP of Engineering at New Relic, Amir led a global team of 85 engineers... Read More →
Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2G
  Cloud + Containers

11:00am MDT

Self-Driving DAMON/S: Controlled and Automated Access-aware Efficient Systems - SeongJae Park, Meta
Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2B
Data access monitoring and access-aware system operations based on it can be very useful and efficient when it is used wisely. Otherwise, it can be useless or even harmful. Hence, users are often required to do time-consuming and repetitive testing and tuning. It is not only data access monitoring's problem but a common issue at system-level operations.

DAMON is a Linux kernel subsystem for efficient data access monitoring and access-aware system operations. It mitigates the tuning problem by embedding a few automation mechanisms that allows users to run it in an automated for best outputs, but still safely controlled way.

This talk introduces the tuning problem and DAMON's automation mechanisms in detail, with usage guidelines and evaluation results. Audiences will be able to understand how they can use DAMON for more efficient system, and get some ideas about how to solve the tuning problems in general.
Speakers
avatar for SeongJae Park

SeongJae Park

Software Engineer, Meta
SeongJae Park is a Linux kernel programmer who maintains the data access monitoring framework of the Linux kernel called DAMON (https://damonitor.github.io/). His interests include operating system kernels, parallel computing, and memory management.
Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2B
  Linux

11:00am MDT

Guarding the LLM Galaxy: Security, Privacy, and Guardrails in the AI Era - Jigyasa Grover, BORDO AI & Rishabh Misra, Attentive Mobile Inc
Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 3E
The widespread adoption of Large Language Models (LLMs) like GPT-4, Claude, and Gemini has introduced unprecedented capabilities and equally unprecedented risks. Organizations are increasingly deploying LLMs to handle sensitive tasks, from processing medical records to analyzing financial documents. This talk examines the evolving landscape of LLM security and privacy, combining theoretical foundations with a walkthrough of example implementations.

Through real-world case studies of both attacks and defenses and practical implementation guidance using popular security tools, we'll explore critical vulnerabilities and proven defensive techniques. Special attention will be given to securing fine-tuned and domain-specific LLMs, with live examples using NVIDIA’s NeMo Guardrails, LangChain's security tools, and Microsoft's guidance library.
Speakers
avatar for Jigyasa Grover

Jigyasa Grover

Lead, AI & Research, BORDO AI
10-time award winner in Artificial Intelligence and Open Source and the co-author of the book 'Sculpting Data For ML', Jigyasa Grover is a powerhouse brimming with passion to make a dent in this world of technology and bridge the gaps. AI & Research Lead, she has years of ML engineering... Read More →
avatar for Rishabh Misra

Rishabh Misra

Lead Machine Learning Engineer, Attentive Mobile Inc
Author of the book "Sculpting Data for ML", I am a Lead ML Engineer & Researcher recognized by the US Government for outstanding contribution to ML research. I have extensively published and reviewed research at top AI conferences in NLP (LLMs / GenAI), Deep Learning, and Applied... Read More →
Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 3E
  Open AI + Data

11:00am MDT

The Xen Safety Concept, a Major Milestone Toward Certification - Stefano Stabellini, AMD
Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2D
Over the past decade, the Xen community has worked tirelessly to develop key features that now form a top-tier automotive solution. Xen's most important role remains that of an enforcer, ensuring strict isolation between domains so that the execution of one domain remains unaffected by others. As one of the system's most critical components, Xen is well suited for the highest levels of safety certification.

Since 2023, AMD, in collaboration with the Xen community, has been working to make Xen safety-certifiable according to the ISO 26262 and IEC 61508 safety standards. A major milestone was achieved in Q4 2024 when we obtained Safety Concept Approval from the safety assessors. They reviewed Xen and our safety plans and confirmed compliance with the relevant standards. This is a critical milestone on the road to Xen safety, demonstrating that Xen can be safety-certified.

This presentation will provide detailed insights into the Safety Concept, the activities involved in its development, and the review process. Additionally, it will offer an in-depth update on our journey toward achieving Xen safety certification.
Speakers
avatar for Stefano Stabellini

Stefano Stabellini

Fellow, AMD
Stefano Stabellini is a Fellow at AMD, where he leads system software architecture and the virtualization team. Stefano has been involved in Xen development since 2007. He created libxenlight in November 2009 and started the Xen port to ARM with virtualization extensions in 2011... Read More →
Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2D
  Safety-Critical Software

11:00am MDT

Tutorial: Take Control of Git: Beyond the Basics - Kim Schlesinger, Contentful & Kyle Coberly, Urban Sky
Wednesday June 25, 2025 11:00am - 12:35pm MDT
Bluebird Ballroom 3A
You can commit, pull, and push—but do you truly understand Git? Does it feel more like a fragile system you tiptoe around than a tool that empowers your workflow? If navigating your repository makes you hesitant, it's time to go beyond the basics and build real confidence.

In this hands-on workshop, you’ll learn to:

1. Navigate with confidence: Jump between commits without fear using Reflog, ensuring you never lose your place
2. Refine your workflow: Embrace the safety of version control with patches, diffs, and resets to commit first and edit later
3. Keep your best work: Shape your commit history with checkout file, cherry-pick, and interactive rebase to express your intent clearly

Version control isn’t just a safety net—it’s a tool that amplifies your impact as an engineer. Equip yourself with the professional’s toolkit and make Git work for you!
Speakers
avatar for Kim Schlesinger

Kim Schlesinger

Technical Learning Experience Designer, Contentful
Kim Schlesinger is a seasoned tech educator specializing in Kubernetes, containers, and curriculum design. With a passion for making complex technical concepts accessible, she has helped many developers and teams build their skills in cloud-native technologies. Kim is currently a... Read More →
avatar for Kyle Coberly

Kyle Coberly

Staff Software Engineer, Urban Sky
Kyle Coberly is a software engineer and coach specializing in web product development, quality, and agility. He’s currently a Staff Software Engineer at Urban Sky and an adjunct professor of Information Technology at the University of Denver. He was formerly the Director of Education... Read More →
Wednesday June 25, 2025 11:00am - 12:35pm MDT
Bluebird Ballroom 3A
  Open Source 101

11:55am MDT

FoundationDB, the Black Knight - Peter Boros, Tigris Data
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2G
Monty Python’s Black Knight is the opponent that couldn’t lose. Even after all of his limbs were cut off, he offered a draw: “it’s just a scratch.”

FoundationDB (FDB) is a distributed transactional key-value store that is very difficult to defeat just like the Black Knight. Open-sourced in 2018 after an acquisition by Apple, FDB was designed to be a common layer: almost all databases have a backing key-value store. Many have built on top of it including Snowflake, Adobe, & Datadog.

FDB got it right: transactions, distributed by default, and extreme reliability. Kyle Kingsbury (aphyr) the author of Jepsen series on distributed systems correctness, said: "haven't tested foundation in part because their testing appears to be waaaay more rigorous than mine."

We demo a live FDB cluster and try to disrupt its operations. Our attempts are informed by real world experience supporting a metadata service for billions of objects globally.

When we finally succeed, we show how backups and disaster recovery resurrect FDB. We’ll learn about highly resilient design patterns and operations. We have battle scars, and want to help others!
Speakers
avatar for Peter Boros

Peter Boros

Founding Engineer, Tigris Data
Peter is a founding engineer at Tigris Data. He has been using and working with open source software from early 2000s. Peter's first and foremost professional interest is performance tuning and large scale automation. Before rejoining Tigris Data, Peter worked on large scale MySQL... Read More →
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2G
  Cloud + Containers

11:55am MDT

Virtio-msg: Making Virtio Work Where It Does Not Today - Bill Mills, Linaro
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2A
Virtio-msg is a new virtio transport that allows Virtio to be used on AMP systems between Linux and Zephyr on a co-processor, between the Linux Kernel and Secure World TEEs like Trusty and OP-TESS, and other places where Virtio-mmio and Virtio-pci do not work.
Speakers
avatar for Bill Mills

Bill Mills

Principal Technical Consultant, Linaro
Bill Mills has been professionally active in embedded systems for over 37 years. He has been the lead developer on debugger/emulator, RTOS kernel, VoIP, and many other projects. He has been focused on Embedded Linux strategy for over 15 years. He is a founding member of the Yocto... Read More →
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2A
  Embedded Linux Conference

11:55am MDT

The Big-endian RISC-V Linux Adventure - Ben Dooks, Codethink
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2C
The latest RISC-V ISA specification allows for runtime configuration of the data endian between little and big. Since no one had done this before, we decided to investigate how difficult it would be to get a prototype Linux implementation running in big endian on an emulated RISC-V system such as under QEMU.

The talk goes from the description of the new ISA feature, our initial analysis and the modifications to software such as the Linux kernel, QEMU and OpenSBI and an overview of the issues that we found and how to fix them. This includes kvm and how that works with mixed endian kvm instances, and the modifications to kvmtool to make this work.

We conclude with how the project went, what we published and a call to arms to continue testing and fixing outstanding issues.
Speakers
avatar for Ben Dooks

Ben Dooks

Senior Engineer, Fellow, Codethink
Senior open source consultant at Codethink and long-time contributor to various projects such as the Linux Kernel.
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2C
  Linux

11:55am MDT

Harnessing Event-Driven and Multi-Agent Architectures for Complex Workflows in Generative AI System - Mary Grygleski, Callibrity
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3F
Generative AI applications, in general, excel in zero-shot and one-shot types of specific tasks. However, we live in a complicated world and we are beginning to see that today’s generative AI systems are simply not well equipped to handle the increased complexity that is found especially in business workflows and transactions. Traditional architectures often fall short in handling the dynamic nature and real-time requirements of these systems. We will also need a way to coordinate multiple components to generate coherent and contextually relevant outputs. Event-driven architectures and multi-agent systems offer a promising solution by enabling real-time processing, decentralized decision-making, and enhanced adaptability.

This presentation proposes an in-depth exploration of how event-driven architectures and multi-agent systems can be leveraged to design and implement complex workflows in generative AI. By combining the real-time responsiveness of event-driven systems with the collaborative intelligence of multi-agent architectures, we can create highly adaptive, efficient, and scalable AI systems. This presentation will delve into the theoretical and practical sides.
Speakers
avatar for Mary Grygleski

Mary Grygleski

Director, Emerging Technologies, Callibrity
Mary is a Technical Advocate, Java Champion, and the Director of Emerging Technologies at Callibrity. She started as an engineer in Unix/C, then transitioned to Java around 2000 and has never looked back since then. After 20+ years of being a software engineer and technical architect... Read More →
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3F
  Open AI + Data

11:55am MDT

Building InnerSource Community: What Goes Behind the Scenes? - Shanmugapriya Manoharan, IKEA (Ingka Group)
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3C
InnerSource involves much more than just opening up the codebase for reuse & contribution. So much nuanced, time sensitive work is done by maintainers behind the scenes to nurture a community around an InnerSource project - answering queries from the community in a timely manner, finding & promoting project to right customers (potential contributors), maintaining regular communication & creating a safe space for community to provide feedback, to name a few. These activities require commitment by the maintainers. It may come naturally for those who are familiar with inclusive, open source ways of working. For teams new to InnerSource and/or not familiar with open source development models, there is a need for a mindset shift to open development models. What can prevent teams within the company from reusing and contributing to an InnerSource project? Will inclusivity matter while building an internal community? What factors in an InnerSource project affect this inclusiveness? Is there a difference in community building strategy between InnerSource and open source projects? In this talk, I will share my learnings on what works and what does not, while building internal communities.
Speakers
avatar for Shanmugapriya Manoharan

Shanmugapriya Manoharan

OSS Engineering Advisor, OSPO, IKEA (Ingka Group)
Shanmugapriya is an Open Source & InnerSource SME, working as Engineering Advisor at OSPO, IKEA IT AB. She has 15+ years of experience in driving initiatives and projects including Open Source and InnerSource projects, while working in organizations like HPE and Dell Technologies... Read More →
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3C
  Open Source Leadership

11:55am MDT

Securing Software Supply Chains for the Public Good - Daniel Moch, Lockheed Martin & William Crum, SpectroCloud
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3G
Drawing from our experiences within the public sector, we discuss software supply chain security as it pertains to public sector organizations, including the unique risks and challenges they face and how we can all work together to improve the security of the open source ecosystem.
Speakers
avatar for Daniel Moch

Daniel Moch

Staff Software Engineer, Lockheed Martin
For over 20 years, Daniel has worked as a software engineer in the Defense and Aerospace industry. His experience ranges from embedded device drivers to large logistics and information systems. In recent years, he has focused on helping legacy programs adopt modern DevOps practices... Read More →
avatar for William Crum

William Crum

Defense Success Engineer, SpectroCloud
Sergeant William Crum is a U.S. Marine Corps Reservist and software engineer at Spectro Cloud. He serves with the Marine Innovation Unit, driving software modernization within the Marine Corps. In his civilian role, he is a Docker Captain and Senior Defense Engineer at Spectro Cloud... Read More →
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3G
  OpenGovCon

11:55am MDT

In From the Cold - Open Source as Part of Mainstream Software Asset Management - Shane Coughlan, The Linux Foundation
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3D
Software Asset Management (SAM) provides a way to manage software across small, medium and large entities. It is often seen as a way of addressing licensing or for making sure company staff are using permitted software applications and versions.

Open source has traditionally been divorced from SAM, which was focused on proprietary software solutions. Partly this was due to practical matters like different licensing schemes, and partly it was an artifact of separate paths of evolution.

However, in recent years open source has increasingly adopted approaches to licensing, security and other challenges that mirror SAM. Examples include the use of standards like ISO/IEC 5230 for licensing and ISO/IEC 18974 for security, of implementation standards like ISO/IEC 5962 for Software Bill of Materials.

As a consequence, open source is now more closely aligned with SAM. This talk will examine what that means for open source management overhead today, and where it will take us in the future. This talk is intended to equip people in open source strategy, legal and team leadership to navigate changes as smoothly as possible.
Speakers
avatar for Shane Coughlan

Shane Coughlan

OpenChain General Manager, The Linux Foundation
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open... Read More →
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3D
  Operations Management

11:55am MDT

Verifying the Rust Standard Library - Rahul Kumar, Amazon Web Services
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2D
The Rust programming language is experiencing rapid adoption in critical infrastructure and systems programming, propelled by its memory safety guarantees and developer productivity advantages. Significant technology policies, such as the US National Cyber Strategy, explicitly endorse Rust as a pathway to memory-safe software. Unsafe code blocks, however, can circumvent Rust’s compile-time guarantees. To address this disparity, AWS has collaborated with the Rust Foundation on the Rust Standard Library Verification project, whose objective is to formally verify the safety of the Rust standard library. We are actively integrating automated verification into the Rust Library release process, thereby ensuring continuous safety validation across releases.

Our presentation will elucidate the structural framework and rationale underpinning our verification contest. We will demonstrate our current progress, showcasing successful verification examples and discussing the diverse open-source tools employed in the verification process. We will conclude with our prioritized areas for 2025 and practical ways for the Rust community to actively participate in this pivotal security initiative.
Speakers
avatar for Rahul Kumar

Rahul Kumar

Senior Manager Applied Science, Amazon Web Services
Rahul Kumar completed his PhD from Brigham Young University. He has worked on formal verification and static analysis at Microsoft, Microsoft research, NSA JPL. He also worked on combining empirical software engineering and static analysis techniques for creating machine learning... Read More →
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2D
  Safety-Critical Software

11:55am MDT

Developing a Community-Driven Standard for Open Source Software Quality - Philipp Ahmann, Etas GmbH (BOSCH) & Gabriele Paoloni, Red Hat
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2F
Established quality standards, designed for traditional V-Model ( requirements driven) development, are inadequate for evaluating and supporting code-driven, CI/CD-based nature of modern (open source) software. This hinders OSS adoption in regulated industries, particularly for safety-critical systems. This session introduces a novel standard proposal specifically designed to assess OSS process capabilities by documenting open source best practices and providing a practical assessment guide. It aims to bridge the gap between OSS development practices and the needs of regulated industries, fostering greater trust and enabling wider adoption.

This session outlines the three phases from research to execution for establishing the standard, drawing on relevant academic research and showcasing exemplary open source projects with established best practices. The authors will also explore existing scoring initiatives and some quality metrics. The session concludes with a roadmap for collaborative development of the standard and a call to action for community participation.
Speakers
avatar for Philipp Ahmann

Philipp Ahmann

Sr. OSS Commumity Manager, Etas GmbH (BOSCH)
Philipp Ahmann is a Senior OSS Community Manager at ETAS (a Bosch subsidiary), specializing in safety-critical automotive open source software. With 15+ years' experience in Linux automotive platforms, he has held roles from software engineer to project & line manager. He currently... Read More →
avatar for Gabriele Paoloni

Gabriele Paoloni

Sr SW Principal Engineer, Red Hat
Gabriele Paoloni is an Open Source Community Technical Leader at Red Hat. He is a passionate technologist and has strong experience in both functional safety and Linux Kernel development, including previous roles leading FuSa software architecture for Intel platforms, CCIX vice... Read More →
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2F
  Standards + Specifications

12:25pm MDT

Lightning Talk: It's Friday! - Alon Nisser, Zencity
Wednesday June 25, 2025 12:25pm - 12:35pm MDT
Bluebird Ballroom 3B
It's Friday afternoon, and you've got plans for this evening. You've just finished the feature. you push to master, and click deploy. OR DO YOU? let's talk about Friday deployments and what they can teach us. A candid talk about CI/CD as an unfinished journey.
Speakers
avatar for Alon Nisser

Alon Nisser

Principal engineer Zencity, Zencity
Software developer. currently in Zencity.io. Writing software as a hobby and as a profession. Strong opinions on things. Open source aficionado. Trying to make a difference.Sometimes software makes we wonder if I'd be better off being a farmer
Wednesday June 25, 2025 12:25pm - 12:35pm MDT
Bluebird Ballroom 3B
  cdCon

2:10pm MDT

Managing Resources To Lower Costs - Mark Waite, CloudBees & Melissa McKay, JFrog
Wednesday June 25, 2025 2:10pm - 2:30pm MDT
Bluebird Ballroom 3B
Do you have a closet that’s overflowing? In order to accommodate your favorite latest wardrobe styles (and to avoid a closet clutter disaster), you might need to let go of those jeans two sizes too small or… gasp! … prune your conference t-shirt collection to a reasonable number.

In the CI/CD world, cleaning out your closet translates in part to activities like pruning artifact repos and limiting bandwidth usage appropriately. Businesses are incessantly looking for ways to trim the fat for leaner, healthier bottom lines, and DevOps operational infrastructure can be a clutter hotspot when it comes to resource expense.

Learn how the Jenkins project has reduced costs with more effective management of its operational resources. We’ll share techniques that we’ve used to identify costs, reallocate resources to reduce those costs, and adapt to changing environments. The Jenkins closet is looking better than ever!
Speakers
avatar for Mark Waite

Mark Waite

Manager, CloudBees
Mark is a member of the Jenkins governance board, maintainer of the Jenkins git plugin, and a long-time contributor to continuous integration and continuous delivery topics.
avatar for Melissa McKay

Melissa McKay

Head of Developer Relations, JFrog
Melissa is passionate about Java, DevOps and Continuous Delivery. She is currently Head of Developer Relations for JFrog and a member of the Technical Steering Committee of the Open Platform for Enterprise AI (OPEA). Melissa has been recognized as a Java Champion and a Docker Captain... Read More →
Wednesday June 25, 2025 2:10pm - 2:30pm MDT
Bluebird Ballroom 3B
  cdCon

2:10pm MDT

Traefik V4: What We’re Cooking for You - Nicolas Mengin & Emile Vauge, Traefik Labs
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2G
Traefik is one of the most popular open-source projects in the world, with over 3 billion downloads and a top 15 spot on DockerHub. As a powerful Ingress and Gateway Controller, Traefik simplifies exposing, securing, and managing services and APIs dynamically and at scale—whether in simple setups or complex cloud-native environments.

Just one year after the release of Traefik v3, we're already taking things to the next level! In this session, Emile Vauge (Traefik Creator) and Nicolas Mengin (Traefik Maintainer) will unveil the exciting new features coming in Traefik v4, including:
- A new plugin system for even greater extensibility
- Pre-routing operations to optimize traffic handling
- Enhanced TLS certificate management for better security and automation
- Improved configuration management for a smoother experience
- … and much more!

Join us to get a sneak peek at what’s next for Traefik and see how these innovations will make your cloud-native journey even easier.
Speakers
avatar for Nicolas Mengin

Nicolas Mengin

Head of Development, Traefik Labs
Developer and DevOps - Maintainer of Traefik. Head of Development at Traefik Labs, the company behind Traefik, the popular cloud-native Gateway Controller, and Traefik Hub, a comprehensive API Management solution for Kubernetes. Responsible for overseeing the implementation of... Read More →
avatar for Emile Vauge

Emile Vauge

CTO, Traefik Labs
Emile is a Developer. He created Traefik in 2015 and is now the CTO of Traefik Labs, the company sponsoring the open source project.
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2G
  Cloud + Containers

2:10pm MDT

V4L2 Media Controller Request API - Karthik Poduval, Amazon Lab126
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2A
Media Request API was designed to allow V4L2 devices like memory to memory video processing or codec devices and complex camera pipelines to support per frame settings and per frame metadata. In this talk we will deep dive on the details of this API with example use cases such as memory to memory video processing devices and complex ISP pipelines using this API for per frame settings and per frame metadata.
Speakers
avatar for Karthik Poduval

Karthik Poduval

Principal Software Development Engineer, Amazon Lab126
Karthik Poduval is a Principal Software Development Engineer at Amazon Lab126. In this role, he develops Embedded Linux device drivers and middleware stack for camera/ISP and other imaging devices.
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2A
  Embedded Linux Conference

2:10pm MDT

Can File Systems Survive in Data-centric World? - Viacheslav Dubeyko, IBM
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2B
The volume of processing data is growing exponentially. AI/ML algorithms, financial transactions, social networks, cloud computing represent modern trends that latency, performance sensitive, and data hungry. File systems represent crucial and fundamental technology that builds foundation of data storage stack. However, pressure of data-centric and data-intensive nature of modern applications revealed significant overhead that file systems introduce in data storage stack. Moreover, massive amount of hardware accelerator and kernel bypassing technologies, dis-aggregated architecture, ultra-fast storage devices create “illusion” or “impression” that file systems could be a redundant item of data storage stack. Can file systems survive in data-centric world?
Speakers
avatar for Viacheslav Dubeyko

Viacheslav Dubeyko

Linux kernel developer, IBM
Acquired a Ph.D degree in 2002 (X-ray spectroscopy) and served as a researcher in Samsung Electronics, Huawei, HGST, and Western Digital. As a Linux kernel developer contributed in HFS+ and NILFS2 file system drivers and designed a SSDFS open-source file system. Research interests... Read More →
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2B
  Linux

2:10pm MDT

Building Your (Local) LLM Second Brain - Olivia Buzek, IBM
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 3E
LLMs are hotter than ever, but most LLM-based solutions available to us require you to use models trained on data with unknown provenance, send your most important data off to corporate-controlled servers, and use prodigious amounts of energy every time you write an email.

What if you could design a “second brain” assistant with OSS technologies, that lives on your laptop?

We’ll walk through the OSS landscape, discussing the nuts and bolts of combining Ollama, LangChain, OpenWebUI, Autogen and Granite models to build a fully local LLM assistant. We’ll also discuss some of the particular complexities involved when your solution involves a local quantized model vs one that’s cloud-hosted.

In this talk, we'll build on the lightning talk to include complexities like:
* how much latency are you dealing with when you're running on a laptop?
* does degradation from working with a 7-8b model reduce effectiveness?
* how do reasoning + multimodal abilities help the assistant task?
Speakers
avatar for Olivia Buzek

Olivia Buzek

STSM watsonx.ai - IBM Research, IBM
Olivia has been building machine learning and natural language processing models since before it was cool. She's spent several years at IBM working on opening up Watson tech, around the country and around the world.
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 3E
  Open AI + Data

2:10pm MDT

Using SBOMs for Linux Foundation Projects - Jeff Shapiro, The Linux Foundation & Gary O'Neall, Source Auditor Inc.
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 3D
Last year we introduced the LF-SBOM, which we are now generating for many projects. Today we will provide an update on this important effort to provide SBOMs for most critical LF projects. We will review the work done to date, and go into more detail on how to use the LF-SBOM specification. We will give real world concrete examples on how to use our SBOM to generate a Security Vulnerability report, and how to generate a report of open source licenses. We will also discuss how to use our SBOMs to meet new regulations (e.g. US CISA and EU CRA) when delivering software to the government sector, and how to use our SBOM as an example when you create one for your own project.
Speakers
avatar for Jeff Shapiro

Jeff Shapiro

Director of License Scanning, The Linux Foundation
Jeff Shapiro is the Director of License Scanning for The Linux Foundation. He has 30 years of experience in the software industry, including 10 years in software auditing, open source scanning, and training developers in OSS license compliance.
avatar for Gary O'Neall

Gary O'Neall

Founder and Principal Consultant, Source Auditor Inc.
Gary is a contributor to the Software Package Data Exchange® (SPDX™) - an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. Gary has contributed several open source tools.Gary O’Neall is... Read More →
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 3D
  Operations Management

2:10pm MDT

Building a Safe and Open Vehicle Core With Open Source - Philipp Ahmann, Etas GmbH (BOSCH)
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2D
Recently the Safe Open Vehicle Core (S-Core) project was started as a collaborative code-first project between automotive OEMs and Tier suppliers developing a safety-certifiable middleware stack for high-performance ECUs in software-defined vehicles. Targeting the non-differentiating core functionality, S-Core middleware software sits between the hardware abstraction layer and the platform API accessed by vehicle function applications. Compatible with POSIX-based OSes like Automotive Grade Linux and complementary to the ELISA project, S-Core focuses on achieving ISO 26262, ASPICE, and ISO 21434 compliance.

This presentation details S-Core's development process, scope, status, and timeline, highlighting its integration within the broader automotive safety and SDV landscape. The author further showcases the project's work towards robust and automated development through a docs-as-code approach utilizing open-source tools such as ReStructuredText, Sphinx-Needs, Bazel, and PlantUML.
Speakers
avatar for Philipp Ahmann

Philipp Ahmann

Sr. OSS Commumity Manager, Etas GmbH (BOSCH)
Philipp Ahmann is a Senior OSS Community Manager at ETAS (a Bosch subsidiary), specializing in safety-critical automotive open source software. With 15+ years' experience in Linux automotive platforms, he has held roles from software engineer to project & line manager. He currently... Read More →
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2D
  Safety-Critical Software

3:05pm MDT

How To Put Swift in a Box: Container Images From Scratch With Swift Container Plugin - Euan Harris, Apple, Inc.
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2G
Containers have changed how we build and run services. The days of FTPing a binary up to a server are gone, because our platforms expect to run containers. We build container images at every stage of development, whenever we want to test our services, and when we deploy them.

If container images are what we need, could our development tools help us build them? Yes, they can! In this talk, we'll take a container image apart, see what makes it tick, then put it back together again from first principles - all using Swift!

Swift is a high performance, memory-safe language which is ideal for server-side development. We will:

* download a container image, take it apart by hand and explore what’s inside;
* cross-compile a Swift service effortlessly to different Linux distributions, on x86 or ARM, statically or dynamically linked, from development environments on macOS or Linux;
* use Swift's pluggable build system to produce container images efficiently and automatically for every build;
* test the image.

Containers are a universal building block of modern services. Even if you're not yet using Swift, these ideas and principles also underpin your current build and deployment workflow.
Speakers
avatar for Euan Harris

Euan Harris

Software Engineer, Apple, Inc.
Euan builds cloud services and infrastructure using Swift at Apple. He enjoys working with containers, virtual machines, networks and interesting programming languages. Previously, Euan helped maintain Docker Swarm's overlay networking and HTTP ingress, and contributed to XenServer's... Read More →
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2G
  Cloud + Containers

3:05pm MDT

Overlay Images To the Rescue - Frank Vasquez, Packt
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2A
The Yocto project offers unparalleled flexbility in how you structure your embedded Linux image builds. Yocto's multilayered approach enables us to build different images for different purposes (e.g. development, production, etc). This flexibility extends beyond the image build process out to runtime.

What if you could load debug symbols onto an edge device? Restart your application with gdbserver? Start bpftrace sessions? Connect to a VPN? All at the press of a button? You can through the magic of systemd and overlayfs. systemd-sysext activates and deactivates system extension images merging them together to compose the contents of your /usr/ and /opt/ directories.

By separating your root filesystem into individual layers that each do one thing and one thing only, you can respond to trouble by reconfiguring your system at runtime. I will show you how to leverage system extension images and btrfs subvolumes to build Yocto images that can be reassembled on demand.
Speakers
avatar for Frank Vasquez

Frank Vasquez

Technical Author and Independent Consultant, Packt
Frank Vasquez is a software engineer and published author with over a decade of experience designing and building embedded Linux systems. During that time, he has shipped numerous products including a rackmount DSP audio server, a diver-held sonar camcorder, a consumer IoT hotspot... Read More →
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2A
  Embedded Linux Conference

3:05pm MDT

AI Pipelines With OPEA: Best Practices for Cloud Native ML Operations - Ezequiel Lanza, Intel & Melissa McKay, JFrog
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3E
The Open Platform for Enterprise AI (OPEA) is an open source project intended to assist organizations with the realities of enterprise-grade deployments of GenAI apps. Beginning from scratch is a costly endeavor, and the ability to quickly iterate on a solution and determine its viability for your organization is essential to ensure you are making the best moves forward.

During this session, Ezequiel and Melissa will introduce you to the OPEA platform and how to empower your team to build, deploy, and manage AI pipelines more effectively. Attendees will gain insights into best practices for handling complex AI/ML workloads, automating dependency management, and integrating Kubernetes for efficient resource utilization. With a focus on real-world applications, this talk not only showcases the transformative potential of these tools but also encourages attendees to explore new ways to contribute, innovate, and collaborate in driving the future of AI adoption in enterprise environments.
Speakers
avatar for Ezequiel Lanza

Ezequiel Lanza

Open Source AI Evangelist, Intel
Passionate about helping people discover the exciting world of artificial intelligence, Ezequiel is a frequent AI conference presenter and the creator of use cases, tutorials, and guides that help developers adopt open source AI tools.
avatar for Melissa McKay

Melissa McKay

Head of Developer Relations, JFrog
Melissa is passionate about Java, DevOps and Continuous Delivery. She is currently Head of Developer Relations for JFrog and a member of the Technical Steering Committee of the Open Platform for Enterprise AI (OPEA). Melissa has been recognized as a Java Champion and a Docker Captain... Read More →
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3E
  Open AI + Data

3:05pm MDT

Panel Discussion: Build a Great Business on Open Source Without Selling Your Soul - Robert Hodges, Altinity; Ann Schlemmer, Percona; Tatiana Krupenya, DBeaver
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3C
A profitable business is one of the best protections for commercial open source projects and communities that depend on them. This talk draws on the experience of companies that pulled it off to explain how to do it for your own projects. We’ll discuss commercial models that actually work, giving back to the community, and gracefully collecting money for free software. We'll also touch on topics for larger projects like foundations and taking VC funding. It is possible to balance a strong belief in open source communities with making payroll every two weeks. We've done it and will share our secrets.
Speakers
avatar for Ann Schlemmer

Ann Schlemmer

CEO, Percona
Ann is a seasoned leader & advocate for open source with over 15 years experience in open source. CEO of Percona, a world-class open source database software firm, she is driven by passion for people & belief in open source's power to create an inclusive tech industry. Her authenticity... Read More →
avatar for Tatiana Krupenya

Tatiana Krupenya

CEO, DBeaver
CEO of DBeaver, universal database management tool
avatar for Robert Hodges

Robert Hodges

CEO, Altinity
Robert Hodges serves as CEO at Altinity, a leading software and services provider for ClickHouse. Robert has more than 30 years of experience with database systems and applications including pre-relational databases such as M204, online SQL transaction processing, Hadoop, and analytics... Read More →
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3C
  Open Source Leadership

3:05pm MDT

Let's Play AI Supply Chain Candyland! - Sarah Evans, Dell Technologies & Christopher Robinson, OpenSSF - The Linux Foundation
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3D
Picture the WHOLE software supply chain, beginning to end; it's a little like that olde tyme classic, "Candyland".

Designed NOT with preschoolers in mind, AI Supply Chain Candy Land is for everyone interested in learning about the software supply chain for AI/ML. Travel through exotic locations like The Peppermint Forest of swirly-twirly dependencies, The Fudgy Swamp of Compliance, and much more!

AI/ML is a fast-moving space within technology. However, everything we've learned in software engineering of the last few decades ALSO applies to this "new" world of AI/ML. We'll apply traditional software supply chain security techniques and, wherever able, tools to help developers and consumers win AI Supply Chain Candyland.

Through an enjoyable and colorful game, with useful examples taken from standards and frameworks, the audience will have a better appreciation and ability to apply supply chain security concepts and tools to the development and support of AI/ML-based solutions.
Speakers
avatar for Christopher

Christopher "CRob" Robinson

Security Lorax, OpenSSF
Christopher Robinson (aka CRob) is the Chief Security Architect for the Open Source Security Foundation. With over 25 years of Enterprise-class engineering, architectural, operational and leadership experience, CRob has worked at several Fortune 500 companies with experience in the... Read More →
avatar for Sarah Evans

Sarah Evans

Distinguished Engineer, Dell Technologies
Sarah is a security innovation researcher, leveraging diverse experiences as an IT and security practitioner to improve security by design in emerging technologies. Prior to Dell, Sarah has had roles at in the finance, defense, manufacturing and education industries. Sarah also contributes... Read More →
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3D
  Operations Management

3:05pm MDT

Panel Discussion: Strengthening Software Supply Chains: Harmonizing SLSA Provenance and SPDX SBOM for Better Adoption - Gopi Krishnan Rajbahadur & Elyas Rashno, Queen's University; Mihai Maruseac, Google; Karen Bennet, Responsible AI Solutions
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2F
The Software Bill of Materials (SBOM) and Supply-chain Levels for Software Artifacts (SLSA) are key frameworks for securing modern software supply chains. SPDX SBOM provides a detailed inventory of software components, dependencies, and metadata, while SLSA ensures these components are built through verifiable, tamper-resistant processes with clear provenance.

This talk will examine the synergies and differences between SLSA and SPDX SBOM, focusing on how SLSA’s provenance and authentication mechanisms can enhance the trustworthiness of SBOMs. We will explore overlapping fields captured by both standards, emphasizing the importance of interoperability and a shared roadmap to reduce duplication while leveraging their respective strengths.

A clear separation of concerns, with SLSA handling provenance and verification, and SPDX SBOM capturing comprehensive component metadata, can reduce redundancy and promote more efficient adoption. This session will outline how aligning these standards can improve software supply chain security and reliability, while fostering collaboration for cohesive evolution within the open-source community.
Speakers
avatar for Gopi Krishnan Rajbahadur

Gopi Krishnan Rajbahadur

Research Fellow, Queen's University
Gopi Krishnan Rajbahadur is a Research Fellow at Queen's University, Canada. He is currently working on SE for Large Language Models and the governance of AI datasets. He is the co-lead for the AI and datasets profile in the ISO/IEC 5692 SPDX standard and co-founder of the open-source... Read More →
avatar for Mihai Maruseac

Mihai Maruseac

Staff SWE, Google
Mihai Maruseac is a member of Google Open Source Security team (GOSST), working on Supply Chain Security, specifically for ML, but also a GUAC maintainer. Before joining GOSST, Mihai created the TensorFlow Security team after joining Google, moving from a startup to incorporate Differential... Read More →
avatar for Elyas Rashno

Elyas Rashno

Research Assistant, Queen’s University
I am a PhD student at Queen’s University with a background in Artificial Intelligence, specializing in transformer-based models and multimodal data fusion. My current work focuses on software engineering and the governance of dataset profiles. Additionally, I contribute to the development... Read More →
avatar for Karen Bennet

Karen Bennet

Executive Director, AI Expert for ISO and IEEE, Responsible AI Solutions
Executive Director, Responsible AI Solutions, former executive of IBM, Yahoo, Red Hat and multiple AI startups, Co-Chair of Linux Foundation SPDX AI and Dataset Groups, IEEE Vice Chair Technology Society Impact Committee, Canadian expert of ISO/IEC JTC 1/SC 42 Participant in US CISA... Read More →
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2F
  Standards + Specifications

4:20pm MDT

SBOMs in the Real World: Practical Guidance for Managing Three Common SBOM Scenarios - Cortez Frazier Jr., FOSSA
Wednesday June 25, 2025 4:20pm - 4:40pm MDT
Bluebird Ballroom 2F
The last 12-18 months have been a landmark period for SBOM (software bill of materials) adoption. Although a fair number of organizations have been producing SBOMs for multiple years (often for specific regulatory compliance purposes), a much larger group has recently implemented broader SBOM management programs that cover a wider range of use cases.

This presentation — “SBOMs in the Real World: Practical Guidance for Three Common SBOM Scenarios” — will focus on three of these emerging areas:

SBOM generation and distribution to meet customer requests and new regulatory requirements
SBOM aggregation from internal teams and product units to facilitate centralized vulnerability management and response
SBOM ingestion from external software supplier networks to facilitate first- and third-party vulnerability management and response

Each section of this talk — which is based on extensive firsthand experience directly supporting numerous SBOM programs (from organizations in multiple regions, industries, and stages of maturity) — will include specific guidance to help attendees understand how SBOM programs within their organizations can more effectively manage these scenarios.

Speakers
avatar for Cortez Frazier Jr.

Cortez Frazier Jr.

Principal Product Manager, FOSSA
Cortez Frazier Jr. is the product lead for FOSSA. FOSSA is a developer software composition analysis tool for managing open source license compliance and security vulnerabilities. Before joining FOSSA, Cortez served as product lead for all of Puppet’s SaaS-based products Earlier... Read More →
Wednesday June 25, 2025 4:20pm - 4:40pm MDT
Bluebird Ballroom 2F
  Standards + Specifications

4:20pm MDT

Rusty OP-TEE Trusted Applications - Sumit Garg, Qualcomm Inc.
Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 2A
OP-TEE is an open source Trusted Execution Environment (TEE) designed as a companion to the rich Linux operating system environment. Memory safety is critical to OP-TEE because its applications provide secure interfaces that can be used by the (potentially compromised) rich OS to manipulate user's/system credentials, keys and confidential data. In particular Rust's memory-safety guarantees can be a huge step forward to harden the OP-TEE environment against any memory based exploits.

This session will focus on the evolution of Rust within the OP-TEE ecosystem, the story to make Rust a first class citizen for writing OP-TEE Trusted Applications (TAs) and how we can build Rust TAs at performance parity with their C counterparts. As well as reviewing the work to date, we'll also look at some options for leveraging Rust's memory- and thread-safety features within OP-TEE core itself: should we start with enabling pseudo trusted applications to be written in Rust?
Speakers
avatar for Sumit Garg

Sumit Garg

Senior Staff Engineer, Qualcomm Inc.
Sumit works as a Senior Staff Engineer in Qualcomm Inc. He has contributed to various FOSS projects like Linux (maintainer/reviewer for different sub-systems/drivers), U-Boot, OP-TEE, Trusted Firmware (TF-A) and more. Sumit's other areas of interest includes toolchains and embedded... Read More →
Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 2A
  Embedded Linux Conference

4:20pm MDT

Scalable and Efficient LLM Serving With the VLLM Production Stack - Junchen Jiang, University of Chicago & Yue Zhu, IBM Research
Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 3E
Large Language Models (LLMs) are reshaping how we build applications; however, efficiently serving them at scale remains a major challenge.

The vLLM serving engine, historically focused on single-node deployments, is now being extended into a full-stack inference system through our open-source project, **vLLM Production Stack**. This extension enables any organization to deploy vLLM at scale with high reliability, high throughput, and low latency.
Code: https://github.com/vllm-project/production-stack

At a high level, the vLLM Production Stack project allows users to easily deploy to their Kubernetes cluster through a single command. vLLM Production Stack's optimizations include KV cache sharing to speed up inference (https://github.com/LMCache/LMCache), prefix-aware routing that directs inference queries to vLLM instances holding the corresponding KV caches, and robust observability features for monitoring engine status and autoscaling.

Attendees will discover best practices and see real-time demonstrations of how these optimizations work together to enhance LLM inference performance.
Speakers
avatar for Junchen Jiang

Junchen Jiang

Assistant Professor, University of Chicago
Junchen Jiang is an Assistant Professor of CS at the University of Chicago. His research pioneers new approaches to LLM inference systems (https://github.com/vllm-project/production-stack and https://github.com/LMCache/LMCache). He received his Ph.D. from CMU in 2017 and his bachelor’s... Read More →
avatar for Yue Zhu

Yue Zhu

Staff Research Scientist, IBM Research
Yue Zhu is a Staff Research Scientist specializing in foundation model systems and distributed storage systems. Yue obtained a Ph.D. in Computer Science from Florida State University in 2021 and has consistently contribute to sustainability for foundation models and scalable and efficient... Read More →
Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 3E
  Open AI + Data

4:20pm MDT

Continuous Compliance in Open Source: Safety Assurance Through SBOM-Driven Traceability in ELISA - Rinat Shagisultanov & Troy Sabin, InfoMagnus, LLC
Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 2D
As open-source adoption expands into safety-critical domains, ensuring continuous compliance is a growing challenge. This session, grounded in the ELISA (Enabling Linux in Safety Applications) project, explores how SBOM-driven traceability can bridge the gap between open-source development and regulatory safety requirements. We’ll cover how SPDX 3.x, automated CI/CD workflows, and tools like ELISA’s BASIL enable traceability between compliance requirements, validation tests, and software components. Attendees will gain insights into best practices for managing SBOM evolution, mitigating risks in change impact analysis, and integrating compliance automation into modern DevOps pipelines. Whether you’re in open-source governance or safety-critical software engineering, this session provides actionable strategies to align compliance with innovation.
Speakers
avatar for Rinat Shagisultanov

Rinat Shagisultanov

VP of Technology, InfoMagnus
Creative and Innovative technology strategy advisor with 25+ years of experience envisioning, implementing, and communicating products, services and processes to business and IT stakeholders while leading, inspiring and building trust. Rinat is holding degrees in MS Computer Science... Read More →
avatar for Troy Sabin

Troy Sabin

Chief Architect, InfoMagnus, LLC
Troy is a digital strategist and software architect focused on building innovative products with web, mobile, cloud, and AI technologies. He works at the intersection of business, tech, and design—helping cross-functional teams turn ideas into real-world solutions. Troy has launched... Read More →
Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 2D
  Safety-Critical Software

4:40pm MDT

Expanding the OpenChain Standards Portfolio - More Sister Standards? - Shane Coughlan, The Linux Foundation
Wednesday June 25, 2025 4:40pm - 5:00pm MDT
Bluebird Ballroom 2F
A discussion has opened inside the OpenChain community regarding what future standards may join the existing portfolio of ISO/IEC 5230 for license compliance and ISO/IEC 18974 for security assurance.

The focus of the OpenChain Project is on building trust in the supply chain, and on doing this from the perspective of compliance matters. In the last year, the project has begun to prepare guides for SBOM Quality Management and AI Bill of Material Compliance in the Supply Chain. Both of these read against the project charter and mission.

This talk will explore how these two guides could potentially grown into future ISO standards via the existing practices of the OpenChain Project and lessons learned in making ISO/IEC 18974 in the 2023/2024 period. Rather than announcing new standards, the talk is sharing the processes involved in consideration, to illustrated how open projects address ideas and proposals from all parties in a genuinely inclusive manner.
Speakers
avatar for Shane Coughlan

Shane Coughlan

OpenChain General Manager, The Linux Foundation
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open... Read More →
Wednesday June 25, 2025 4:40pm - 5:00pm MDT
Bluebird Ballroom 2F
  Standards + Specifications
 
  • Filter By Date
    Jun 22 - 26, 2025
  • Filter By Venue
    Denver, CO, USA
    All
    607 Meeting Room (Level 3 - Street Level)
    712 Meeting Room (Level 3 - Street Level)
    Blue Bear
    Bluebird Ballroom 1C (Level 1 - Terrace Level)
    Bluebird Ballroom 2A
    Bluebird Ballroom 2B
    Bluebird Ballroom 2C
    Bluebird Ballroom 2D
    Bluebird Ballroom 2E
    Bluebird Ballroom 2F
    Bluebird Ballroom 2G
    Bluebird Ballroom 2H
    Bluebird Ballroom 3A
    Bluebird Ballroom 3B
    Bluebird Ballroom 3C
    Bluebird Ballroom 3D
    Bluebird Ballroom 3E
    Bluebird Ballroom 3F
    Bluebird Ballroom 3G
    Bluebird Ballroom 3H
    Bluebird Ballroom Foyer (Level 1 - Terrace Level)
    Bluebird Ballroom Foyer - Space behind the escalators
    Colorado Convention Center
    Go Gourmet Cafe (Level 3 - Street Level)
    Meow Wolf
    Solutions Showcase - Bluebird Ballroom 1AB
  • Filter By Type
    cdCon
    Cloud + Containers
    Co-Located Events
    Embedded Linux Conference
    Equity + Inclusion + Accessibility
    Keynote Sessions
    Linux
    Open AI + Data
    Open Source 101
    Open Source Leadership
    OpenGovCon
    Operations Management
    OSPOCon
    Project Mini-Summits
    Safety-Critical Software
    Special Events / Exhibits / Breaks
    Standards + Specifications
    Technical Documentation
    Unconference Sessions
    Wildcard
    All
    Open Source Leadership
    Operations Management
    Zephyr
  • Audience Experience Level
    Advanced
    Any
    Beginner
    Intermediate
  • Timezone
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Sunday, June 22
Monday, June 23
Tuesday, June 24
Wednesday, June 25
Thursday, June 26
607 Meeting Room (Level 3 - Street Level)
712 Meeting Room (Level 3 - Street Level)
Blue Bear
Bluebird Ballroom 1C (Level 1 - Terrace Level)
Bluebird Ballroom 2A
Bluebird Ballroom 2B
Bluebird Ballroom 2C
Bluebird Ballroom 2D
Bluebird Ballroom 2E
Bluebird Ballroom 2F
Bluebird Ballroom 2G
Bluebird Ballroom 2H
Bluebird Ballroom 3A
Bluebird Ballroom 3B
Bluebird Ballroom 3C
Bluebird Ballroom 3D
Bluebird Ballroom 3E
Bluebird Ballroom 3F
Bluebird Ballroom 3G
Bluebird Ballroom 3H
Bluebird Ballroom Foyer (Level 1 - Terrace Level)
Bluebird Ballroom Foyer - Space behind the escalators
Colorado Convention Center
Go Gourmet Cafe (Level 3 - Street Level)
Meow Wolf
Solutions Showcase - Bluebird Ballroom 1AB
  • cdCon
  • Cloud + Containers
  • Co-Located Events
  • Embedded Linux Conference
  • Equity + Inclusion + Accessibility
  • Keynote Sessions
  • Linux
  • Open AI + Data
  • Open Source 101
  • Open Source Leadership
  • OpenGovCon
  • Operations Management
  • OSPOCon
  • Project Mini-Summits
  • Safety-Critical Software
  • Special Events / Exhibits / Breaks
  • Standards + Specifications
  • Technical Documentation
  • Unconference Sessions
  • Wildcard
  • Zephyr
  • Audience Experience Level
  • Advanced
  • Any
  • Beginner
  • Intermediate