Loading…
June 23 - 25, 2025
Denver, Colorado
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Mountain Daylight Time (UTC/GMT -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
Company: Advanced clear filter
Monday, June 23
 

1:50pm MDT

A Secure Tekton Task by Using Confidential Containers - Tatsushi Inagaki, IBM
Monday June 23, 2025 1:50pm - 2:10pm MDT
Bluebird Ballroom 3B
Software supply chain attack is an emerging threat for today’s enterprises. An attacker first gets an internal network access of the target enterprise, typically by using social engineering. Next the attacker gets administrator access to a software supply chain of the enterprise. Finally the attacker injects a backdoor into a built artifact and steals confidential information or digital assets from the enterprise, or even worse from customers.

A critical attack surface here is the administrator of the software supply chain. Confidential Containers is an open source project to protect containers from administrators by using trusted execution environments (TEEs). It protects a Kubernetes pod from a cluster administrator by running the pod inside of a TEE and validating the pod by remote attestation.

This talk presents a use case of Confidential Containers to protect a Tekton task. You will understand how Confidential Containers protects a task and artifacts even when the cluster administrator is compromised.
Speakers
avatar for Tatsushi Inagaki

Tatsushi Inagaki

Staff Research Scientist, IBM
Tatsushi is working on research to enhance the security of IBM Z. He contributed to various open source projects. He is recently contributing to Confidential Containers, which is a sandbox project of Cloud Native Computing Foundation.
Monday June 23, 2025 1:50pm - 2:10pm MDT
Bluebird Ballroom 3B
  cdCon

3:35pm MDT

Toward Usable Open-source Remote Attestation for Cloud and Edge - Lily Sturmann & Michael Peters, Red Hat
Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2F
The ability to quickly observe and respond to security threats on remote machines is critically important for business and infrastructure, yet gaps still exist when applying cryptographic attestation solutions in real-world scenarios. Accessible policy generation, clear ways to understand attestation results, and methods for handling system updates need to be available to make remote attestation feasible. Adapting attestation best practices and tools to environments like edge and IoT, with vast scale requirements and limited network connectivity, can pose challenges as well.

Using the speakers’ experience working on open source projects Keylime (remote attestation) and flightctl (edge management), the session will walk through design considerations and challenges in bringing these tools together to monitor remote fleets of edge, IoT, and cloud-based systems at key points in the devices’ lifecycles. Further, the session will discuss remaining open problems as well as some potential solutions working toward the goal of usable, clear, and accurate attestation of remote systems.
Speakers
avatar for Lily Sturmann

Lily Sturmann

Principal Software Engineer, Red Hat
Lily is a principal software engineer at Red Hat in the Office of the CTO in Emerging Technologies. She has primarily worked remote attestation, confidential computing, and software supply chain security. Her favorite language is Rust.
avatar for Michael Peters

Michael Peters

Red Hat, Red Hat
Michael Peters is a Principal Engineer in Emerging Technologies in Red Hat's Office of the CTO. He is a senior systems engineer and programmer with an emphasis on DevOps, Security, and Operability and is one of the current maintainers of the Keylime project. His experience in both... Read More →
Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2F
  Cloud + Containers

3:35pm MDT

State Persistence Over kexec - Mike Rapoport, Microsoft
Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2E
For long time kexec was a faster way to reboot a machine without incurring delays caused by firmware and bootloaders. However for many applications even a kexec reboot still means significant service degradation, like disruption of the running guests in virtualized environments and the need to rebuild in-memory caches for large databases.

We propose Kexec HandOver (KHO) mechanism that allows serialization and deserialization of kernel data as well as preserving arbitrary memory ranges across kexec.

In addition, KHO keeps physically contiguous memory regions that are guaranteed to not have any memory that KHO would preserve, but still can be used by the system. The kexeced kernel bootstraps itself using those regions and marks all handed over memory as in use. KHO users then can recover their state from the preserved data. This includes memory reservations, where the user can either discard or claim reservations.
Speakers
avatar for Mike Rapoport

Mike Rapoport

Principal Software Engineer, Microsoft
Mike has lots of programming experience in different areas ranging from medical equipment to visual simulation, but most of all he likes hacking on Linux kernel and low level stuff. He started contributing to the Linux kernel while working on ARM and device drivers and then gradually... Read More →
Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2E
  Linux
 
Tuesday, June 24
 

12:15pm MDT

Standardizing CI/CD Observability: Insights From the OpenTelemetry CI/CD SIG - Dotan Horovits, AWS
Tuesday June 24, 2025 12:15pm - 12:35pm MDT
Bluebird Ballroom 3B
We all know that observability is a must-have for operating systems in production. But we often neglect our own backyard - our software release process. As a result, we also lack standardization, and each CI/CD tool invent its own way of reporting about pipeline runs, which causes fragmentation, lock-in and difficulty to leverage existing observability tools.

We've been talking about the need for a common "language" for reporting and observing CI/CD pipelines for years, and finally, we see the first "words" of this language entering the "dictionary" of observability - the OpenTelemetry open specification and semantic conventions. On this talk the OTel CI/CD SIG leads will share the need, and the work of the SIG.

Join us to learn about this new SIG, its role, the milestones achieved and roadmap ahead. The talk will also discuss the alignment with adjacent open source communities such as the CDF's Jenkins and CDEvents and the Eiffel community.
Speakers
avatar for Dotan Horovits

Dotan Horovits

Sr. Developer Advocate, OpenSearch
Horovits is an international speaker and thought leader, as well as a CNCF Ambassador, and host of the popular OpenObservability Talks podcast.
Tuesday June 24, 2025 12:15pm - 12:35pm MDT
Bluebird Ballroom 3B
  cdCon
 
Wednesday, June 25
 

3:05pm MDT

Software Supply Chain for the SDV Future — Logistics, Cybersecurity and Compliance - Hasan Yasar, Software Engineering Institute | Carnegie Mellon University
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2D
The shift towards software-defined vehicles (SDVs) is set to profoundly impact Original Equipment Manufacturers (OEMs) and their supply chains. As vehicles become increasingly defined by software and connectivity, OEMs face a new era of software supply chain logistics that emphasizes agility, cybersecurity, and regulatory compliance. This presentation examines how SDV technology affects each stage of the OEM supply chain, from sourcing and logistics to manufacturing and data-driven optimization. Critical to this transformation is the secure management of software and data flows across the supply chain, with a focus on cybersecurity strategies to counter software-based vulnerabilities. Additionally, the presentation explores how data analytics can be leveraged to streamline logistics and ensure compliance with rapidly evolving regulations
Speakers
avatar for Hasan Yasar

Hasan Yasar

Technical Director, Software Engineering Institute | Carnegie Mellon University
Hasan Yasar is the Technical Director of Continuous Deployment of Capability group in Software Engineering Institute, CMU. Hasan leads an engineering group to enable, accelerate and assure Transformation at the speed of relevance by leveraging, DevSecOps, Agile, Lean AI/ML and other... Read More →
Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2D
  Safety-Critical Software
 
  • Filter By Date
    Jun 22 - 26, 2025
  • Filter By Venue
    Denver, CO, USA
    All
    607 Meeting Room (Level 3 - Street Level)
    712 Meeting Room (Level 3 - Street Level)
    Blue Bear
    Bluebird Ballroom 1C (Level 1 - Terrace Level)
    Bluebird Ballroom 2A
    Bluebird Ballroom 2B
    Bluebird Ballroom 2C
    Bluebird Ballroom 2D
    Bluebird Ballroom 2E
    Bluebird Ballroom 2F
    Bluebird Ballroom 2G
    Bluebird Ballroom 2H
    Bluebird Ballroom 3A
    Bluebird Ballroom 3B
    Bluebird Ballroom 3C
    Bluebird Ballroom 3D
    Bluebird Ballroom 3E
    Bluebird Ballroom 3F
    Bluebird Ballroom 3G
    Bluebird Ballroom 3H
    Bluebird Ballroom Foyer (Level 1 - Terrace Level)
    Bluebird Ballroom Foyer - Space behind the escalators
    Colorado Convention Center
    Go Gourmet Cafe (Level 3 - Street Level)
    Meow Wolf
    Solutions Showcase - Bluebird Ballroom 1AB
    TBA
  • Filter By Type
    Ask the Experts
    cdCon
    Cloud + Containers
    Co-Located Events
    Embedded Linux Conference
    Equity + Inclusion + Accessibility
    Keynote Sessions
    Linux
    Open AI + Data
    Open Source 101
    Open Source Leadership
    OpenGovCon
    Operations Management
    OSPOCon
    Project Mini-Summits
    Safety-Critical Software
    Speaker Office Hours
    Special Events / Exhibits / Breaks
    Standards + Specifications
    Technical Documentation
    Unconference Sessions
    Wildcard
    All
    Open Source Leadership
    Operations Management
    Zephyr
  • Audience Experience Level
    Advanced
    Any
    Beginner
    Intermediate
  • Timezone
Need help? View Support Guides
Event questions? Contact Event Planner
Powered by Sched Event Planning App
©2025 Sched About Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Sunday, June 22
Monday, June 23
Tuesday, June 24
Wednesday, June 25
Thursday, June 26
607 Meeting Room (Level 3 - Street Level)
712 Meeting Room (Level 3 - Street Level)
Blue Bear
Bluebird Ballroom 1C (Level 1 - Terrace Level)
Bluebird Ballroom 2A
Bluebird Ballroom 2B
Bluebird Ballroom 2C
Bluebird Ballroom 2D
Bluebird Ballroom 2E
Bluebird Ballroom 2F
Bluebird Ballroom 2G
Bluebird Ballroom 2H
Bluebird Ballroom 3A
Bluebird Ballroom 3B
Bluebird Ballroom 3C
Bluebird Ballroom 3D
Bluebird Ballroom 3E
Bluebird Ballroom 3F
Bluebird Ballroom 3G
Bluebird Ballroom 3H
Bluebird Ballroom Foyer (Level 1 - Terrace Level)
Bluebird Ballroom Foyer - Space behind the escalators
Colorado Convention Center
Go Gourmet Cafe (Level 3 - Street Level)
Meow Wolf
Solutions Showcase - Bluebird Ballroom 1AB
TBA
  • Ask the Experts
  • cdCon
  • Cloud + Containers
  • Co-Located Events
  • Embedded Linux Conference
  • Equity + Inclusion + Accessibility
  • Keynote Sessions
  • Linux
  • Open AI + Data
  • Open Source 101
  • Open Source Leadership
  • OpenGovCon
  • Operations Management
  • OSPOCon
  • Project Mini-Summits
  • Safety-Critical Software
  • Speaker Office Hours
  • Special Events / Exhibits / Breaks
  • Standards + Specifications
  • Technical Documentation
  • Unconference Sessions
  • Wildcard
  • Zephyr
  • Audience Experience Level
  • Advanced
  • Any
  • Beginner
  • Intermediate