Loading…
June 23 - 25, 2025
Denver, Colorado
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Mountain Daylight Time (UTC/GMT -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
Type: OpenGovCon clear filter
arrow_back View All Dates
Wednesday, June 25
 

11:00am MDT

Implementing Zero Trust in Government Settings: Strategies, Challenges, and Best Practices - Steve Taylor, DeployHub, Inc
Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 3G
With escalating cyber threats and increasing regulatory pressure, government agencies face a critical need to modernize their security strategies. The Zero Trust model—"never trust, always verify"—has emerged as a cornerstone for safeguarding sensitive data and infrastructure. However, implementing Zero Trust in government settings presents unique challenges, including legacy systems, complex compliance requirements, and the need to balance security with operational efficiency. This talk will provide a roadmap for adopting Zero Trust principles in government environments, offering actionable insights to overcome obstacles and ensure mission readiness.
Speakers
avatar for Steve Taylor

Steve Taylor

CTO, DeployHub
Steve Taylor is a visionary and leader in open-source security, DevOps, and securing the software supply chain. Long before “CI/CD” became a buzzword, Steve was designing cutting-edge pipelines for Fortune 1000 companies, redefining how software is built and deployed. His innovative... Read More →
SteveTaylor June25 11AM ZeroinGovernment pdf
Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 3G
  OpenGovCon
  • Audience Experience Level Beginner
  • Session Slides Yes

11:55am MDT

Securing Software Supply Chains for the Public Good - Daniel Moch, Lockheed Martin & William Crum, SpectroCloud
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3G
Drawing from our experiences within the public sector, we discuss software supply chain security as it pertains to public sector organizations, including the unique risks and challenges they face and how we can all work together to improve the security of the open source ecosystem.
Speakers
avatar for Daniel Moch

Daniel Moch

Staff Software Engineer, Lockheed Martin
For over 20 years, Daniel has worked as a software engineer in the Defense and Aerospace industry. His experience ranges from embedded device drivers to large logistics and information systems. In recent years, he has focused on helping legacy programs adopt modern DevOps practices... Read More →
avatar for William Crum

William Crum

Defense Success Engineer, SpectroCloud
Sergeant William Crum is a U.S. Marine Corps Reservist and software engineer at Spectro Cloud. He serves with the Marine Innovation Unit, driving software modernization within the Marine Corps. In his civilian role, he is a Docker Captain and Senior Defense Engineer at Spectro Cloud... Read More →
Securing Software Supply Chains for the Public Good pdf
Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3G
  OpenGovCon

3:05pm MDT

Building Trust Through Proactive Security - Key Parts of the Trusted Software Supply Chain - Przemyslaw Roguski & Ralph Bean, Red Hat
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3G
As security concerns continue to grow in the software industry, customers seek assurance that the software they rely on is built securely. While applying security patches is essential, it is equally important to understand the proactive measures taken throughout the development process to ensure that our software is built securely.

Red Hat follows a comprehensive Secure Software Development Lifecycle (SDLC) framework to improve software security during the entire software lifecycle. We use an open source end-to-end build and release environment, which uses SLSA framework as a guide for reinforcing and gating the build process to secure and fortify your software supply chain against various threats.

This session will include:
- The key difference between proactive and reactive security measures.
- SDLC objectives and how Red Hat achieves them to meet high security standards.
- Overview of how automated testing and open-source solutions enhance SDLC.
- Proactive vulnerability management during the build lifecycle phase.
- Secure software building with attestation data production, including CSAF/VEX and SBOM.
- Future of AI testing within the software supply chain security.
Speakers
avatar for Przemyslaw Roguski

Przemyslaw Roguski

Principal Product Security Engineer, Red Hat
Przemysław “Rogue” Roguski is a Security Architect at Red Hat who specializes in shift-left security initiatives included in build and release processes. He is focused on the security data improvements, especially security data usability in the vulnerability management and production... Read More →
avatar for Ralph Bean

Ralph Bean

Software Engineer, Red Hat
Ralph is an engineer at Red Hat and member of the Konflux Governance Committee. He's happiest when learning new things, the open source way.
OSS NA 2025 Building Trust Through Proactive Security pdf
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3G
  OpenGovCon
  • Audience Experience Level Beginner
  • Session Slides Yes

4:20pm MDT

Trust but Verify: Uncovering the Hidden Risks of Inaccurate SBOMs With JBomAudit - Yue Xiao & Dhilung Kirat, IBM Research
Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 3G
Additional Authors: Jiyong Jang & Douglas Schales, IBM Research

Software supply chain attacks have surged in recent years, posing significant threats to organizations. In response, Software Bill of Materials (SBOMs)—structured inventories that document software components—have been proposed to enhance supply chain transparency, track dependencies, and manage vulnerabilities. Despite increasing adoption, their correctness and completeness in real-world open-source ecosystems remain largely unexamined. Incomplete SBOMs can result in overlooked vulnerabilities while incorrect dependency may waste resources on non-existent issues.

This talk introduces JBomAudit, an open-source tool to automatically verify Java SBOMs by systematically assessing their correctness and completeness against NTIA minimum requirements. We will cover technical details of JBomAudit, demonstrate how it examines missing and incorrect dependencies, and present findings from our large-scale analysis of over 25,000 Java SBOMs, highlighting the prevalence of non-compliant SBOMs and security implications. We will also discuss common pitfalls in SBOM generation, analyze the root causes of non-compliance, and provide actionable recommendations to improve SBOM quality.
Speakers
avatar for Dhilung Kirat

Dhilung Kirat

Senior Research Scientist, IBM Research
Dhilung Kirat is a Research Scientist in the AI Supply Chain Security group of the Security Research department at IBM T.J. Watson Research Center. Dhilung received his PhD in Computer Science from University of California, Santa Barbara in 2015. His research interests revolve around... Read More →
avatar for Yue Xiao

Yue Xiao

Research Scientist, IBM Research
Dr. Yue Xiao is a Research Scientist at IBM Watson Research. She earned her Ph.D. from Indiana University Bloomington, focusing on GenAI security, privacy compliance, vulnerability assessment, and supply chain security. She has published in top venues (CCS, Usenix Security, NDSS... Read More →
OSS NA25 JBomAudit pdf
Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 3G
  OpenGovCon
  • Audience Experience Level Any
  • Session Slides Yes
 
  • Filter By Date
    Jun 22 - 26, 2025
  • Filter By Venue
    Denver, CO, USA
    All
    605 Meeting Room (Meeting Room (Street) Level 3)
    607 Meeting Room (Meeting Room (Street) Level 3)
    712 Meeting Room (Meeting Room (Street) Level 3)
    Blue Bear
    Bluebird Ballroom 1C (Terrace Level 1)
    Bluebird Ballroom 2A
    Bluebird Ballroom 2B
    Bluebird Ballroom 2C
    Bluebird Ballroom 2D
    Bluebird Ballroom 2E
    Bluebird Ballroom 2F
    Bluebird Ballroom 2G
    Bluebird Ballroom 2H
    Bluebird Ballroom 3A
    Bluebird Ballroom 3B
    Bluebird Ballroom 3C
    Bluebird Ballroom 3D
    Bluebird Ballroom 3E
    Bluebird Ballroom 3F
    Bluebird Ballroom 3G
    Bluebird Ballroom 3GH
    Bluebird Ballroom 3H
    Bluebird Ballroom Foyer (Terrace Level 1)
    Bluebird Ballroom Foyer - Space behind the escalators
    Colorado Convention Center
    Go Gourmet Cafe (Meeting Room (Street) Level 3)
    Meow Wolf
    Solutions Showcase - Bluebird Ballroom 1AB (Terrace Level 1)
    Stout Street Social
    The Front Porch, Denver
  • Filter By Type
    Ask the Experts
    cdCon
    Cloud + Containers
    Co-Located Events
    Embedded Linux Conference
    Equity + Inclusion + Accessibility
    Keynote Sessions
    Linux
    Open AI + Data
    Open Source 101
    Open Source Leadership
    OpenGovCon
    Operations Management
    OSPOCon
    Project Mini-Summits
    Safety-Critical Software
    Speaker Office Hours
    Special Events / Exhibits / Breaks
    Standards + Specifications
    Technical Documentation
    Unconference Sessions
    Wildcard
    All
    Open Source Leadership
    Operations Management
    Zephyr
  • Audience Experience Level
    Advanced
    Any
    Beginner
    Intermediate
  • Session Slides
    Yes
  • Timezone

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2025. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning App Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Sunday, June 22
Monday, June 23
Tuesday, June 24
Wednesday, June 25
Thursday, June 26
605 Meeting Room (Meeting Room (Street) Level 3)
607 Meeting Room (Meeting Room (Street) Level 3)
712 Meeting Room (Meeting Room (Street) Level 3)
Blue Bear
Bluebird Ballroom 1C (Terrace Level 1)
Bluebird Ballroom 2A
Bluebird Ballroom 2B
Bluebird Ballroom 2C
Bluebird Ballroom 2D
Bluebird Ballroom 2E
Bluebird Ballroom 2F
Bluebird Ballroom 2G
Bluebird Ballroom 2H
Bluebird Ballroom 3A
Bluebird Ballroom 3B
Bluebird Ballroom 3C
Bluebird Ballroom 3D
Bluebird Ballroom 3E
Bluebird Ballroom 3F
Bluebird Ballroom 3G
Bluebird Ballroom 3GH
Bluebird Ballroom 3H
Bluebird Ballroom Foyer (Terrace Level 1)
Bluebird Ballroom Foyer - Space behind the escalators
Colorado Convention Center
Go Gourmet Cafe (Meeting Room (Street) Level 3)
Meow Wolf
Solutions Showcase - Bluebird Ballroom 1AB (Terrace Level 1)
Stout Street Social
The Front Porch, Denver
  • Ask the Experts
  • cdCon
  • Cloud + Containers
  • Co-Located Events
  • Embedded Linux Conference
  • Equity + Inclusion + Accessibility
  • Keynote Sessions
  • Linux
  • Open AI + Data
  • Open Source 101
  • Open Source Leadership
  • OpenGovCon
  • Operations Management
  • OSPOCon
  • Project Mini-Summits
  • Safety-Critical Software
  • Speaker Office Hours
  • Special Events / Exhibits / Breaks
  • Standards + Specifications
  • Technical Documentation
  • Unconference Sessions
  • Wildcard
  • Zephyr
  • Audience Experience Level
  • Advanced
  • Any
  • Beginner
  • Intermediate
  • Session Slides
  • Yes