Open Source Summit North America 2025: Full Schedule

June 23 - 25, 2025
Denver, Colorado
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Mountain Daylight Time (UTC/GMT -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

11:20am MDT

U-Boot's New Standard Boot and What's Next - Simon Glass, Canonical

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2A

U-Boot provides a fairly new feature called Standard Boot, which replaces the scripts and masses of environment variables previously used. Standard boot can boot your device automatically and quickly.

This session dives into how embedded devices boot, how Standard Boot works under the hood, the benefits of adopting Standard Boot and how to write your own bootmeth and bootdev drivers. By way of example, some existing drivers are covered, including UEFI, extlinux, Android and ChromeOS.

It also provides a general update on U-Boot and what the future might hold.

Speakers

Simon Glass

Fellow Software Engineer, Canonical

Simon Glass has worked in embedded systems for many years, at ARM, Bluewater Systems (which he founded) and Google. In ChromeOS, Simon is responsible for driving adoption of Open Source firmware components in the industry ecosystem. He is a primary contributor to U-Boot and custodian... Read More →

U Boot Standard Boot and What's Next pdf

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Any
Session Slides Yes

11:20am MDT

EdgeLake-FL: An Automated Federated Learning Platform for the Edge - Ori Shadmon & Moshe Shadmon, AnyLog

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3E

Edge AI today relies on centralizing data from edge devices to the cloud, but this is impractical due to costs and privacy constraints. Federated Learning (FL) is a viable alternative: edge nodes collaboratively train a ML model without transferring or exposing proprietary data. Instead, only model weights are shared, allowing each entity to develop a model that outperforms what it could train independently. Despite its potential, FL is largely academic due to the complexity of integrating expertise across the technology stack. Additionally, decentralized data can be heterogeneous, requiring non-generalizable, application-specific solutions. EdgeLake-FL is a hardware-agnostic framework leveraging EdgeLake, an LF Edge project, to automate the continuous learning FL workflow. With EdgeLake as the data management layer, decentralized data appears centralized and data heterogeneity is resolved. Using EdgeLake-FL, an ML engineer publishes a training application, and Edge nodes with relevant data autonomously train, share, and aggregate models. Each node can then leverage the aggregated models for inference directly at the Edge. In this talk, I will demo EdgeLake-FL in a real use case.

Speakers

Ori Shadmon

Product Manager, AnyLog

Moshe Shadmon

CEO, AnyLog

Moshe Shadmon, CEO at Anylog. AnyLog’s Virtual Edge Data Network is a Plug & Play software, deployed at the edge, allowing real-time insight without centralizing the data. AnyLog enables deployment of applications and AI at the distributed edge. Prior to AnyLog, Moshe was the CEO... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3E

Open AI + Data

Audience Experience Level Any

11:20am MDT

Analyzing The Projects We All Depend On - With LFX Insights - Jonathan Reimer, The Linux Foundation

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3H

Open source software powers the critical infrastructure we depend on daily, yet evaluating the health of open source projects remains challenging.

In this talk, we introduce LFX Insights, a Linux Foundation initiative to surface meaningful, standardized metrics on the world’s most critical open source projects. We’ll walk through how we define project criticality, the multidimensional framework we use to evaluate project health, and the data infrastructure powering it all. By making open source more transparent, LFX Insights aims to support decision-making, highlight where help is needed, and contribute to a more sustainable ecosystem.

Speakers

Jonathan Reimer

VP Developer Products, The Linux Foundation

Analyzing The Projects We All Depend On OSS Summit 2025 pdf

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3H

Open Source Leadership

Audience Experience Level Any
Session Slides Yes

11:20am MDT

Who Will Maintain the Future? Tackling the Graying of Open Source Software - Abigail Cabunoc Mayes, GitHub

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3C

Open source software powers our world, but many of the maintainers keeping it alive are overburdened and aging out. Balancing technical, community, and financial responsibilities has become overwhelming, leading to burnout and project stagnation. This “graying” of open source raises urgent questions: Who will maintain the future?

Drawing from my experience supporting hundreds of maintainers through programs like GitHub Maintainer Programs, Mozilla Open Leaders, and SustainOSS, I’ll share real-world examples of the challenges maintainers face and the systemic barriers preventing new leadership. While emerging tools help reduce workload, sustainable projects need human stewardship. We'll explore practical solutions: lowering barriers to maintainership, strengthening leadership pipelines, and ensuring projects remain healthy for generations.

Maintaining open source isn’t just about code—it’s about people. Whether you’re a contributor, project lead, or company investing in open source, you’ll leave with concrete actions to help sustain the ecosystem. Let’s build a future where maintainers are supported, projects thrive, and open source continues to grow.

Speakers

Abigail Cabunoc Mayes

Open Source Programs, GitHub

Abigail Cabunoc Mayes (@abbycabs) leads GitHub’s open source maintainer programs where she works to help maintainers – and the open source ecosystem – thrive. Before joining GitHub, Abby founded and led Mozilla Open Leaders, an open source mentorship program that worked with... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Any

11:20am MDT

D(ocs)&D(evelopment): Finding the Perfect Party for Your Documentation Campaign - Heds Simons & Kim Nylander, Grafana Labs

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3D

It’s product release time. The code is stable. You’ve got everything EXCEPT the docs.

How do you create meaningful, prioritized content in a short time frame?

Your writer needs to collaborate with a Subject Matter Expert (SME) who understands the technical and user content. At Grafana, this synergy happens between Field Engineers (FE) and Technical Writers (TW). FEs are a three-in-one SME with the understanding of a developer, sales engineer, and technical support.

How does this collaboration benefit both writers and SMEs?
* TW has a single SME for user needs and cross-product technical expertise.
* FEs get accurate, up-to-date content that helps them and Grafana’s OSS community members get up to speed on products.
* OSS Community members get accurate, up-to-date docs.

In this session, you’ll learn how to:
* Identify the right SME
* Establish a collaborative workflow
* Prioritize work that best addresses the user’s needs

We’ll detail how this collaboration started through a shared love of RPGs, the traps we encountered and lessons learnt, and how a bi-weekly session between two colleagues became the foundation for a model now used across Grafana’s telemetry products.

Speakers

Hedley Simons

Senior Principal Field Engineer, Grafana Labs

Heds is a Senior Principal Field Engineer at Grafana Labs, where he builds and maintains internal and external environments, designs advanced workshops, provides input on product use-cases and acts as a SME.Heds comes from a software engineering background, and has written code for... Read More →

Kim Nylander

Principal Technical Writer, Grafana Labs

Professional writer who specializes in explaining complicated concepts in plain English at a level appropriate for the target audience. Over 15 years experience of writing SaaS product content, IT procedures, API documentation, tutorials, online help, FAQs, and specifications... Read More →

D(ocs) & D(evelopment) Finding the Perfect Party for your Documentation Campaign OpenSource Summit pdf

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3D

Technical Documentation

Audience Experience Level Any
Session Slides Yes

1:30pm MDT

COSMIC DE - The First Modular, Composable Desktop Environment - Carl Richell & Jeremy Soller, System76

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 2D

COSMIC DE is a new, full-featured desktop environment (like GNOME and KDE) written from scratch in the Rust programming language. It does not rely on GTK or Qt. Instead COSMIC uses a new Rust GUI toolkit called iced and the system76 developed libcosmic toolkit for building interfaces and applications with advanced theming and customization features.

COSMIC DE includes a suite of first-party applications including a file browser, text editor, application store, settings, and terminal. There is also a growing community of third-party apps. COSMIC includes a custom compositor that features variable refresh rate, Xwayland support, animations, fractional scaling, modern hybrid graphics features, window snapping and auto-tiling.

What makes COSMIC truly unique is that it's the first modular, composable desktop environment. For a user that means they can easily adapt COSMIC to their preferred workflow. Linux distributions can create wholly unique user experiences.
And companies can develop unique products using COSMIC.

Carl will discuss why system76 built COSMIC DE, show its features, and demonstrate how unique experiences can be composed with COSMIC DE.

Speakers

Jeremy Soller

Principle Engineer, System76

Carl Richell

CEO, System76

System76 proudly engineers and manufactures premium Linux computers and keyboards at our factory in Denver, Colorado. Our user-driven products, alongside Pop!_OS and COSMIC DE, give creators, makers, and builders the means to bring forth the future.

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 2D

Linux

Audience Experience Level Any

1:30pm MDT

The Generative AI Commons: Unlocking Potential Through Collaboration and Transparency - Arnaud Le Hors, IBM

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 2C

In the rapidly evolving landscape of Generative AI, it is becoming clearer every day that open strategies are key drivers of innovation and widespread adoption. This session will present the Generative AI Commons, its activities, and deliverables to date, including the Model Openness Framework (MOF) and the Responsible Generative AI Framework,

LF AI & Data initiative dedicated to fostering the democratization, advancement and adoption of efficient, secure, reliable, and ethical Generative AI open source innovations through neutral governance, open and transparent collaboration and education.

Speakers

Arnaud Le Hors

Senior Technical Staff Member Open Technologies, IBM

Arnaud Le Hors is Senior Technical Staff Member of Open Technologies at IBM, primarily focusing on Open Source security and AI. He has been working on standards and open source for over 30 years. Arnaud was editor of several key web specifications including HTML and DOM and was a... Read More →

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 2C

Open AI + Data

Audience Experience Level Any

1:30pm MDT

Alignment of Community Contributions and Business Goals - How Can Your OSPO Help? - Masae Shida, VMware (Broadcom)

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 3G

Today it’s nearly impossible to build software without open source. Some projects are massively popular, and quite often used in multiple products within the same organization. But are we all collaborating on these projects in ways that are aligned across the company? Here your OSPO can help your organization work towards the same goals.
Which open source projects are built into your product portfolio? Who in your organization is contributing to these projects? How do you know your contributions are not impeding each other?
Broader involvement should occur in a coordinated and thoughtful manner across the key projects. Having a united front within open source communities will help your organization drive consistent and effective contributions.
The talk will cover:
● How can your OSPO help coordinate contributions across the organization?
● How can you identify your company’s strategic open source projects?
● How can we ensure these projects will continue to be viable and sustainable?
The audience will learn how an OSPO can enable more efficient and effective contributions to open source projects in ways that are aligned with both their business and community goals.

Speakers

Masae Shida

Staff Technical Program Manager, VMware (Broadcom)

Masae is a Staff Open Source Program Manager leading the company’s open source business and community strategy alignment. Previously she led numerous programs including large-scale DX/IT transformations as part of M&A at Cisco, security/compliance process implementation and consumer... Read More →

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 3G

OSPOCon

Audience Experience Level Any

1:30pm MDT

Lower the Barrier of Entry: Empowering Non-writer Contributions To Docs - Manny Silva, Skyflow

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 3D

Documentation thrives on contributions, but many potential contributors hesitate to edit docs because of uncertainty about style, structure, and quality standards. This talk demonstrates how modern tooling can create a supportive environment that empowers non-writers to confidently contribute to documentation. We'll explore a practical toolkit combining templates for clear structure, AI-powered drafting assistance, automated style checking, format linting, content validation, and quality reviews to guide contributors through the docs process. Through these tools and a streamlined editing workflow, teams can create an environment where developers, product managers, support staff, and other non-writers feel confident contributing while maintaining documentation standards. We'll examine real examples of successful implementations and provide practical steps for adding these capabilities to your own docs.

Speakers

Manny Silva

Head of Documentation, Skyflow

Technical writer by day and engineer by night, Manny Silva is Head of Documentation at Skyflow and the creator of Doc Detective. He’s passionate about intuitive and scalable developer experiences and likes diving into the deep end as the 0th user.

Lower the Barrier of Entry pdf

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 3D

Technical Documentation

Audience Experience Level Any
Session Slides Yes

2:25pm MDT

The Role of Package Managers as Partners in License and Attribution Compliance - Damián Vicino, Datadog Inc.

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 3G

Package managers are essential to modern software development, simplifying dependency management but often hiding transitive changes. This has led to large, shifting dependency trees with little oversight.

Despite evolving independently, most package managers follow a similar model: fetching software and metadata. However, the format, quantity, and quality of this metadata vary significantly.

With heterogeneous language stacks on the rise, OSPOs struggle to manage these differences, making compliance an ongoing challenge.

This talk explores different package managers, the compliance data they provide, and highlights good practices from each. Finally, it proposes how the OSPO community can break silos between ecosystems, encouraging convergence on non-language-specific metadata and practices. This, in turn, will streamline compliance work and strengthen the open source ecosystem as a whole.

Speakers

Damián Vicino

Senior Open Source Specialist, Datadog Inc.

Damian Vicino is a Senior Open Source Specialist at Datadog’s OSPO and an Adjunct Research Professor at Carleton University. He began contributing to open source in the early 2000s, leading a local BSD user group and collaborating with a team on five BSDday Argentina events. He... Read More →

OSPOconNA25 The Role of Package Managers as Partners in License and Attribution Compliance pdf

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 3G

OSPOCon

Audience Experience Level Any
Session Slides Yes

3:35pm MDT

Death by (Python) Pickle: "Betrayal ML" - Kadi McKean & Andy Lewis, ReversingLabs

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3A

In the original Matrix movie, Neo learned Kung Fu through an upload. Imagine if your ML could learn the same way. That's what a pickle file does for ML - "I KNOW KUNG FU" or whatever was in the file that was supposed to be "learned" by your ML model.

What if there was a plot twist where Agent Smith tampered with the Kung Fu module so that it included a fun "bonus" lesson that "taught" Neo to call Agent Smith every time he was trying to find an exit?

That's what's happening in Pickle Files, and that's the setup for ML and AI.

This talk will explain the threat, provide some examples, and discuss emerging detection capabilities. When it's over, you will know kung fu.

Speakers

Kadi McKean

Community Manager, ReversingLabs

Kadi is passionate about the DevOps / DevSecOps community since her days of working with COBOL development and Mainframe solutions. At ReversingLabs she collaborates with developers and security researchers to help entities prioritize their open source risk, reduce technical debt... Read More →

Andy Lewis

TMM and Honeybee Wrangler, ReversingLabs

Despite his misguided childhood and checkered past, Andy has become a contributing member of society. A former US Marine, Andy led the cyber team at Dish & a few other organizations before his journey to The Dark Side of pre-sales engineering. He founded the Denver and Boulder OWASP... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3A

Open Source 101

Audience Experience Level Any

3:35pm MDT

Documenting the Design of the Linux Kernel - Chuck Wolber, The Boeing Company; Kate Stewart, The Linux Foundaiton; Gabriele Paoloni, Red Hat

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3D

As part of a broader effort to document the architecture and design of the Linux Kernel, we propose a method to formally describe low level developer intent in the form of testable expectations (i.e. requirements). This will provide a fact based foundation for pass/fail test development, test validation via code coverage tools, support optional traceability to higher level design, and enable tool development for process automation.

This talk is a continuation of the proposal for Linux Kernel Requirements that formally originated at the 2024 Linux Plumbers Safe Systems with Linux Mini-conference, and further updated at the December 2024 ELISA Workshop at Goddard Space Center.

This edition will present the current state of the requirement template design, provide examples of Linux kernel source code instrumented with low level requirements, present technical explanations for template design decisions, and provide an opportunity for feedback from the developer community.

Speakers

Chuck Wolber

Associate Technical Fellow, The Boeing Company

Chuck Wolber is a Boeing Associate Technical Fellow primarily focused on embedded platform engineering. He has developed multiple DO-178C certified Linux platforms currently in service on Boeing production aircraft. Chuck is co-author of the book Linux Toys, he is credited with contributions... Read More →

Kate Stewart

Vice President of Dependable Embedded Systems, The Linux Foundation

Kate Stewart works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. Since joining The Linux Foundation, she has launched the ELISA and Zephyr Projects, as well as supporting other embedded projects... Read More →

Gabriele Paoloni

Sr SW Principal Engineer, Red Hat

Gabriele Paoloni is an Open Source Community Technical Leader at Red Hat.

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3D

Technical Documentation

Audience Experience Level Any

4:30pm MDT

Security Vibe Check: Which Malware Are You? - Elitsa Bankova & Jess Lowe, Google

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3A

Okay, besties, real talk. Your code's dependencies? They're giving… chaotic energy. Like, are you even SBOMing? 💅
We've all seen the drama. log4j? xz utils? Straight-up trauma. But like, where do you land on the security spectrum? Are you accidentally downloading typosquatted packages because you're living your best, most chaotic life? Or are you a security queen, catching backdoors before they even exist? ✨
This talk is basically a giant vibe check for your security habits. We're gonna do a quick, brutal quiz – think 'are you the drama?' but for your code – and find out which iconic supply chain meltdown matches your energy.
We'll spill the tea on real-world attacks, from the 'oops, that’s a backdoor’ to the 'someone’s running Doom on Minecraft servers again' level. And we’ll give some practical advice on how to have good security posture. Stretch, queen!
If your security is giving 'main character energy' (and not in a good way), you need to be here. Let's level up our security game, avoid becoming the next trending security disaster, and maybe even get some clout for actually knowing when lockfiles actually help. 😉

TL;DR: Quiz, memes, securi-tea. 🫖 Don't be a vulnerability.

Speakers

Elitsa Bankova

Software Engineer, Google

Elitsa is a Software engineer at Google, Australia and is working on Open Source security. She has lived in over 4 countries: born in Bulgaria, she graduated from the University of Edinburgh and worked in Google Switzerland before moving down under. Outside of work, you can find her... Read More →

Jess Lowe

Software Engineer, Google

Jess is a Software Engineer in the Google Open Source Security Team working on OSV.dev and OSV-Scanner.

Which malware are you sneak peek pdf

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3A

Open Source 101

Audience Experience Level Any
Session Slides Yes

5:30pm MDT

Lightning Talk: Lessons Learned From 10 Years of Automotive Grade Linux - Walt Miner, The Linux Foundation

Monday June 23, 2025 5:30pm - 5:40pm MDT

Bluebird Ballroom 3C

When software first entered the car, it was all closed source, but at the turn of the twenty-first century the complexity of software in cars exploded. Even so, OEMs and Tier Ones continued to keep their software proprietary, so much so that most Tier Ones only reluctantly gave source code to their OEM customers. With consumers now demanding the same app based experience their car that they have on their mobile phones and tablets OEMs have turned to open source software to close the gap. How did the ultra-competitive world of car manufacturers come to together to embrace Automotive Grade Linux and grow a community where Tier One suppliers, OEMs, and hobbyists can come together and build software for your next car? Walt reviews the challenges that were overcome, where we stand today, and what needs to be done to continue to grow the open source automotive community.

Speakers

Walt Miner

Senior Director, AGL Community and Project Manager, The Linux Foundation

Walt Miner is the Senior Director of Community at The Linux Foundation and has served as Community Manager for Automotive Grade Linux since 2014. Walt has spoken at numerous conferences throughout the worlds and brings over 30 years of embedded software development and management... Read More →

Monday June 23, 2025 5:30pm - 5:40pm MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Any

5:30pm MDT

Panel Discussion: Why the Time Has Come To Disrupt Mobile Application Development - Hilary Carter, The Linux Foundation; Saurabh Goyal & Diego Zuluaga, Open Mobile Hub; Richard Sikang Bian, Ant Group; Hyo Chan Jang, Cross-Platform Korea & Daniel Goldschei

Monday June 23, 2025 5:30pm - 6:10pm MDT

Bluebird Ballroom 3D

Open Mobile Hub and LF Research partnered this year to explore the state of mobile application development in the face of a fragmented market with growing numbers of new devices to integrate. In this session, a panel of research team members from the Linux Foundation and Open Mobile Hub will discuss the preliminary findings of their research, examining the insights generated from interviews with mobile application experts across the community. Discussion topics will include hindrances to market entry, current pain points from integration with diverse services, and the APIs that developers care most about. Panelists will deliberate on, from a cross-platform perspective, the preferred frameworks to build mobile applications and the importance of open source in this context. An important use case in this discussion will be the development of services such as wallets and payments capabilities. Grounded in the findings from this study, audience members will shift their thinking to a more open, streamlined, and standardized application ecosystem as the device landscape continually shifts.

Speakers

Hilary Carter

SVP of Research, The Linux Foundation

Hilary Carter is SVP of Research at the Linux Foundation, supporting the development of open source research projects and publications at the Linux Foundation. As a writer, researcher, and program leader, Hilary produces engaging, decision-useful insights that broaden the understanding... Read More →

Richard Sikang Bian

Head of Open Source , Ant Group

Richard Bian (Chinese: 边思康) led Ant Group Open Source initiative from day 1 and developed the initiative from a single person effort to a cross-functional Open Source Program Office (OSPO) team covering governance, strategy, developer experience, product development, growth... Read More →

Saurabh Goyal

Senior director, Open Mobile Hub

Saurabh Goyal, currently Senior Director at Futurewei, has almost 20 years of experience in the tech industry. He has worked with Amazon and Google in the past in the ecommerce and mobile ads domain. At Amazon, he was involved in the initial development of tech for running Amazon’s... Read More →

Diego Zuluaga

Solution Partner Director at OMH, Open Mobile Hub

Diego Zuluaga, Solution Partner Director at OMH (Futurewei), brings extensive experience in software development, developer relations, and solutions engineering. He has driven key initiatives at Google, contributing to Android, Google Assistant, and Google Cloud, with a strong focus... Read More →

Hyo Chan Jang

Founder, Cross-Platform Korea

Hyo Chan Jang is a South-Korean software engineer and open-source maintainer focused on cross-platform mobile development. He created and maintains widely-used React Native modules such as react-native-iap and react-native-audio-recorder-player, and has published several Flutter plugins... Read More →

Daniel Goldscheider

Founder, OpenWallet Foundation

Daniel Goldscheider is the founder of the OpenWallet Foundation which is hosted at the Linux Foundation and co-founded the OpenWallet Forum with the International Telecommunication Union. He serves as Vice Chair of the Supervisory Board of Valamar Riviera, Croatia’s largest tourism... Read More →

Monday June 23, 2025 5:30pm - 6:10pm MDT
Bluebird Ballroom 3D

Open Source Leadership

Audience Experience Level Any

9:00am MDT

Debugging USB Type-C Power Delivery: Beauty and the Beast - Marcel Ziswiler, Codethink Ltd.

Tuesday June 24, 2025 9:00am - 9:40am MDT

Bluebird Ballroom 2A

While working with the RADXA ROCK 5B, a low-cost/high-performance RK3588 aarch64-based development board, we discovered that it is picky concerning the used USB Type-C power source. What was rather strange is that while it worked on our upstream Linux kernel (at the time of writing v6.13.1) based Embedded Linux system, it just boot-looped running RADXA's Debian (using a Rockchip downstream v6.1 based kernel). At the same time, my colleagues were working on the Testing in a Box version 2 (TIABv2) integrating USB Type-C power delivery which we plan to use in our board farm once ready. Of course, as soon as they had prototypes I gave it a try and it also showed the problem. By chance, both sides are using the exact same onsemi FUSB302B programmable USB Type-C controller with power delivery. The TIABv2 one is configured as a power source and the ROCK 5B one is configured as a power sink. This talk introduces the USB Type-C power delivery topic and then discusses how we joined forces and debugged both sides, at times giving the ball to the TIABv2 firmware, at other times to the Linux kernel fusb302 driver and back and forth again.

Speakers

Marcel Ziswiler

Senior Software Engineer, Codethink

In 2024 Marcel Ziswiler joined Codethink. Before, he spearheaded Toradex' Embedded Linux adoption. His intro of an upstream first policy led to being a top 10 U-Boot as well as Linux kernel Arm SoC contributor. He has broad experience in designing real-time and mobile applications... Read More →

Debugging USB Type C Power Delivery Beauty and the Beast Marcel Ziswiler, Codethink pdf

Tuesday June 24, 2025 9:00am - 9:40am MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Any

9:00am MDT

Efficient On-Device Core Dump Processing for IoT: A Rusty Implementation - Blake Hildebrand, Memfault

Tuesday June 24, 2025 9:00am - 9:40am MDT

Bluebird Ballroom 2B

Embedded Linux devices operate in constrained environments with limited storage, bandwidth, and connectivity. Traditional core dumps can be quite large, making it impractical for some of the more constrained embedded systems. Over the past year, we’ve tackled this challenge head-on—optimizing Linux core dumps directly on the device to reduce size, protect privacy, and enable better debugging for IoT developers.

What We’ll Cover:
Inside ELF Core Dumps – A look at the ELF structure and how it applies to core dumps.

On-Device Optimization – How we reduced core dump size by capturing only the first N bytes of each stack, minimizing storage and bandwidth impact.

Privacy-Preserving Debugging – How our custom built (in Rust!) on-device stack unwinder hooks into the core handler, and reduces a coredump to a set of PCs per frame to save space and prevent potential PII from leaking.

Scaling to Millions of Coredumps – Lessons learned from parsing an unprecedented volume of core dumps with Rust.

Speakers

Blake Hildebrand

Software Engineer, Memfault

Blake has been using Linux since installing Ubuntu Breezy on his dad’s old office PC. Since then, he’s worked on everything from smartwatches to large-scale web services. As a Software Engineer at Memfault, he focuses on improving device reliability and performance. Previously... Read More →

blake hildebrand on device coredump pdf

Tuesday June 24, 2025 9:00am - 9:40am MDT
Bluebird Ballroom 2B

Embedded Linux Conference

Audience Experience Level Any
Session Slides Yes

11:00am MDT

Improving Linux Boot Time for Automotive Use Cases - Brian Masney & Eric Chanudet, Red Hat

Tuesday June 24, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 2B

We will describe in this session a variety of strategies and
techniques that were used to optimize the boot up time of the Linux kernel, initramfs, and systemd for Red Hat In Vehicle Operating System. The unreported time before the kernel timer is initialized will be described, and how to measure this on an aarch64 system. Some of the techniques include changes that are specific to the realtime (RT) kernel, such as temporarily tuning RCU on boot up. We’ll also cover how a new project called autoinit was used in the initramfs with systemd to replace udev. Some kernel patch sets that have been merged upstream that help the overall kernel boot speed will also be described.

Speakers

Brian Masney

Principal Software Engineer, Red Hat

Brian Masney has been a contributor and user of Linux and open source projects since 1996. He has 25 years of commercial experience, and has worked professionally on large distributed backend systems in userspace, automated large infrastructure in the cloud and data center, and is... Read More →

Eric Chanudet

Principal Software Engineer, Red Hat, Inc

I joined the Red Hat Automotive Kernel team in 2021 and worked on improving boot time to match the requirement of the Red Hat In Vehicle OS kernel as well as helped enable and support arm64 platforms for it.

2025 ELC Masney Chanudet Boot Time pdf

Tuesday June 24, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2B

Embedded Linux Conference

Audience Experience Level Any
Session Slides Yes

11:00am MDT

Recipe for Discovery: Building the UC Open Source Repository Browser From Scratch - Juanita Gomez, University of California, Santa Cruz

Tuesday June 24, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 3F

The University of California’s network of Open Source Program Offices (OSPOs) launched last year, bringing together six campuses (UC Santa Cruz, Berkeley, Davis, Los Angeles, Santa Barbara, and San Diego) to support open source research, promote sustainability, and establish best practices within academic environments.
A key challenge in this effort is identifying and connecting open source projects across the system. Despite UC’s significant contributions to open source, there is no centralized way to track these efforts, making it difficult for researchers to find relevant projects, for institutions to assess impact, and for the broader community to engage with UC’s open source work.
To address this, the UC OSPO Network is developing the UC Open Source Repository Browser (UC ORB), a discovery tool designed to map and classify UC’s open source projects.
This talk will explore the process of building the UC ORB, from leveraging the GitHub API for data collection to integrating automated discovery with targeted outreach to the academic community. We will discuss the challenges of repository identification, compare similar approaches, and share lessons learned throughout the process.

Speakers

Juanita Gomez

PhD Student, University of California, Santa Cruz

Juanita Gomez is a Ph.D. candidate in Computer Science at UC Santa Cruz, where her research focuses on improving the security of scientific open source software in collaboration with the Open Source Program Office (OSPO) at UCSC. She is a passionate programmer, mathematician, and... Read More →

Tuesday June 24, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 3F

OSPOCon

Audience Experience Level Any

11:00am MDT

Panel Discussion: The Technical Talent Market in 2025: Fortifying for AI, Cybersecurity, and Regulatory Compliance - Anna Hermansen, Clyde Seepersad & Adrienn Lawson, The Linux Foundation & Christopher Robinson, OpenSSF

Tuesday June 24, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 2E

For the past three years, LF Education has partnered with LF Research to produce a yearly State of Tech Talent report surveying hiring and training managers to capture trends in the IT talent market. The 2025 study, which will go live at Open Source Summit North America, explores AI’s impact on organizational operations and developers; the fastest-growing areas of job responsibility; and compliance shifts from policies like the Cyber Resilience Act. In this session, the LF Research team will host a discussion of this year’s study findings, with panelists from LF Education and OpenSSF sharing their expertise on hiring and training to address cybersecurity concerns, regulatory compliance, AI, and more. In discussing the findings of the study, this session will describe how the community is grappling with resourcing amidst the new and shifting priorities in this landscape, from AI to Cybersecurity to platform engineering. The session will deliver insight on how the open source community can take the findings of the study to fortify its organizations and people for the market in 2025 and beyond and maintain relevance among economic, regulatory, and technological changes.

Speakers

Adrienn Lawson

Director of Quantitative Research, Linux Foundation

ADRIENN LAWSON serves as Director of Quantitative Research at the Linux Foundation, where she leads data-driven initiatives to understand open source ecosystems. With expertise in social data science from the University of Oxford and a background spanning academic and governmental... Read More →

Christopher Robinson

Security Lorax, OpenSSF

Christopher Robinson (aka CRob) is the Chief Security Architect for the Open Source Security Foundation. With over 25 years of Enterprise-class engineering, architectural, operational and leadership experience, CRob has worked at several Fortune 500 companies with experience in the... Read More →

Anna Hermansen

Researcher and Ecosystem Manager, The Linux Foundation

Anna is the Ecosystem Manager for LF Research where she supports end-to-end management of the department's research projects. She has conducted qualitative and systematic review research on the integration of technologies to better support health data sharing. Her interests lie at... Read More →

Clyde Seepersad

SVP, The Linux Foundation

LF exec in leading the education team

Tuesday June 24, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2E

Wildcard, Open Source Leadership

Audience Experience Level Any

11:55am MDT

Empowering Asian Contributions: The Rise of Regional User Groups in Open Source Communities - Naomichi Shima & Norio Kobota, Sony Group Corporation

Tuesday June 24, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 3G

In the vast landscape of the global Open Source community, Asia, despite its significant population, has historically seen limited contributions.
This session will delve into the recent surge in the establishment of regional user group in Japan and their ripple effects across Asia. We will explore the inception and growth of the OpenChain Project's Japan Chapter since 2017, which has catalyzed the expansion of regional communities in China, Korea, and beyond.
We will discuss the motivations driving individuals in these regional communities and highlight the unique characteristics of the OpenChain Japan community. Furthermore, we will examine the collaborative efforts between the Japanese community and other open source communities like the TODO Group, showcasing how these partnerships have amplified their impact.
Through our experiences, we will share insights on the essential elements for fostering successful regional communities in Japan. Additionally, we will introduce messages from the managers of OpenChain and the TODO Group, emphasizing the importance of integrating regional activities with the global open source ecosystem.

Speakers

Naomichi Shima

Alliance Manager, Sony Group Corporation

Naomichi Shima is OSPO and Alliance Manager in Sony Group Corporation. He chairs the Sony Group Corporation's Open Source Promotion Committee and works to promote open source compliance within the company. He leads the FAQ subgroup of the OpenChain Japan Work Group. He is an English-Japanese... Read More →

Norio Kobota

Senior Open Source Strategist, Sony Group Corporation

Norio Kobota is a Senior Open Source Strategist in Sony Group Corporation. He is the chair of Open Source Software License Committee in Sony and works to improve OSS compliance and relationships with OSS communities. He represents Sony as a board member of OpenChain Project. And... Read More →

Empowering Asian Contributions OSSNA2025 pdf

Tuesday June 24, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3G

Equity + Inclusion + Accessibility

Audience Experience Level Any
Session Slides Yes

2:10pm MDT

Your Deployments Are Lying. AI Knows - Seema Saharan, Autodesk & Aditya Soni, Forrester Research

Tuesday June 24, 2025 2:10pm - 2:30pm MDT

Bluebird Ballroom 3B

Is your CI/CD pipeline giving you a green light when, in reality, something's lurking in the shadows? Traditional monitoring tools often miss the subtle failures that could silently impact your users. While your pipeline may say all systems go, AI sees the truth behind the curtain.
In this talk, we’ll unveil how AI can catch those hidden deployment issues that your traditional monitoring tools overlook, providing real-time, actionable insights into your Kubernetes environments.

Here’s what we’ll cover:
1. Identify deployment issues missed by traditional monitoring tools with insights from AI
2. Leverage AI to analyze logs, metrics, and traces for early problem detection.
3. Watch how AI automatically correlates data to resolve issues in real time.
By the end of this talk, you’ll gain the knowledge to integrate AI-powered observability into your CI/CD pipelines, enabling you to catch hidden problems early and deploy with confidence.

Speakers

Seema Saharan

Site Reliability Engineer, CNCF Ambassador, Autodesk

Meet Seema, the tech whiz at Autodesk. She's not just about fixing things – she loves sharing what she knows! Whether speaking at cool events like GitLab Commit, and GitHub Universe or breaking down tech on her YouTube channel, Seema makes the complicated stuff easy and fun. Join... Read More →

Aditya Soni

CNCF Ambassador, SRE, Forrester

Aditya Soni is a DevOps/SRE tech professional He worked with Product and Service based companies including Red Hat, Searce, and is currently positioned at Forrester Research as a DevOps Engineer II. He holds AWS, GCP, Azure, RedHat, and Kubernetes Certifications.He is a CNCF Ambassador... Read More →

Tuesday June 24, 2025 2:10pm - 2:30pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Any

2:10pm MDT

Whoops! I Accidentally Leaked My Cloud Keys - Eve Martin-Jones & Hayden Blauzvern, Google

Tuesday June 24, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 2F

Leaked credentials aren't a new problem, but the primacy and complexity of Cloud environments means that leaked credentials are more likely than ever to be your problem. Not only that, but recent research has shown that it may only be a matter of seconds between a leak and an exploit. As the systems for developing, building, publishing and deploying applications become more sophisticated, the types of leaks developers need to guard against also change.

In this talk, we will present new research by the Google Open Source Security Team into when and how developers leak credentials in modern software applications. We'll discuss some of the common ways leaks occur for developers of open source artifacts like containers and software packages. We'll also provide practical insights into scalable credential scanning and ecosystem-level protections for developers and organizations who want to keep their credentials secure to help when every second counts.

Speakers

Eve Martin-Jones

Senior Software Engineer, Google

Eve is an engineer working on open source software security at Google. She lives in Australia, with her cat Mochi, who is surprisingly proficient at JavaScript. Between D&D campaigns, she can be found deciphering the Cargo dependency-resolution algorithm bug-for-bug, advocating for... Read More →

Hayden Blauzvern

Technical Lead Manager, Google

Hayden Blauzvern is a technical lead manager on Google’s Open Source Security Team, focused on making open-source software more secure through code signing and applied transparency. Hayden is a maintainer and the community chair on the Sigstore project.

Whoops! I Accidentally Leaked My Cloud Credentials pdf

Tuesday June 24, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2F

Cloud + Containers

Audience Experience Level Any
Session Slides Yes

2:10pm MDT

“Early Boot and Late Attach” of Remote Processors for Time Critical Applications - Beleswar Prasad Padhi & Vaishnav Mohandas Achath, Texas Instruments

Tuesday June 24, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 2B

Modern Heterogeneous SoCs designed for automotive use cases integrate multiple remote processors (rprocs) for Real-Time Operations, like Cortex-R5F for handling Capture and Display, alongside a general-purpose processor like Cortex-A to run HLOS like Linux. Automotive requirements are Time-Critical, Safety-Oriented and often demand for the Real-Time rprocs to be booted early for use cases like Early Chime, Early Rear View Camera (RVC). This presentation discusses about the “Early Boot + Late Attach” feature in remoteproc framework, where-in the rprocs would be brought up early in the boot flow by bootloader, and later Linux would just “attach” into the pre-running rprocs to establish IPC & suspend/resume. It also explains how developers can adopt this approach and shares debugging lessons. The talk also addresses how the framework handles key challenges with this approach, like identifying a pre-running rproc and allocating the resources required by it (memory carveouts, mappings, trace buffers etc.) by parsing the pre-loaded firmware, rather than re-initializing the core like in normal boot flow. A live case study will be presented on Early RVC application showcasing this feature.

Speakers

Vaishnav Achath

Senior Software Engineer, Texas Instruments

Vaishnav Achath is a Senior Software Engineer with Texas Instruments Inc. working with the Linux Core Product Development team for Jacinto Processors. As part of this role, Vaishnav primarily works on upstream Linux kernel and U-Boot development and also on customer requirements... Read More →

Beleswar Prasad Padhi

Software Engineer, Texas Instruments

Beleswar is a Software Engineer at Texas Instruments India, working on Upstream Linux Kernel and U-Boot, as part of the Linux Core Product Development team for Jacinto Processors. Beleswar is a Free and Open Source Software Enthusiast and has contributed to several Open Source security... Read More →

earlyboot lateattach ppt pdf

Tuesday June 24, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2B

Embedded Linux Conference

Audience Experience Level Any
Session Slides Yes

2:10pm MDT

Rex: Safe and Usable Kernel Extensions in Rust - Jinghao Jia, University of Illinois Urbana-Champaign

Tuesday June 24, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 2D

We present the Rex project (https://github.com/rex-rs/rex). Rex is a Linux kernel extension framework that allows extension programs to be written in safe Rust. Rex offers similar safety guarantees to eBPF. Unlike eBPF-based tools like Aya, Rex extensions are not compiled into eBPF bytecode. Rex eliminates the in-kernel verifier – the safety of Rex extensions is built atop language-based safety plus runtime protection. Specifically, the Rex compiler enforces Rex extensions to be written in a subset of safe Rust, and emits native code directly. Rex implements its kernel crate with a safe interface that wraps existing eBPF interface. Rex also employs a lightweight runtime that implements graceful Rust panic handling with resource cleanups, kernel stack checks, and program termination.

Rex provides a more usable and arguably safer alternative to eBPF. The usability advantage comes from the elimination of in-kernel verifiers that are known to reject safe extension programs with cryptic feedback. We also show that Rex’s runtime protection provides stronger safety than eBPF in a few aspects, e.g., protecting kernel stacks from overflowing.

More details: https://tinyurl.com/y8uj8ypp

Speakers

Jinghao Jia

Ph.D. Student, University of Illinois Urbana-Champaign

Jinghao Jia is a fifth year Ph.D. student at UIUC. His research focus on operating system kernel extensions (e.g. eBPF). Specifically, he works on building safe and reliable kernel extensions as well as the applications of these kernel extensions in practice.

oss rex pdf

Tuesday June 24, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2D

Linux

Audience Experience Level Any
Session Slides Yes

2:10pm MDT

The Power of "AND": A New Template for Open Source Sustainability - Alyssa Wright & Francesca Romano, Bloomberg

Tuesday June 24, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 3C

The traditional view of open source sustainability often frames it as a choice: business value OR public good. We argue that this is a false dichotomy. Bloomberg's Open Source Program Office and Corporate Philanthropy team have partnered to develop a new template – one built on the power of "AND."

This presentation will explore how combining business value AND philanthropic impact creates a transformative approach to open source leadership. We'll share our strategic framework for achieving this "AND," demonstrating how it benefits companies, individuals, open source projects, and the world around us.

Join us to learn how to build similar partnerships within your organization and why corporate engagement in open source sustainability is more important now than ever to ensure the long-term health of the critical digital infrastructure underpinning our modern world.

Speakers

Alyssa Wright

Open Source Program Office, Bloomberg

Alyssa Wright co-leads Bloomberg's Open Source Program Office (OSPO) in the Office of the CTO, where she champions the firm's open source strategy and engagement. Guided by the motto "be curious, solve problems, do good," Alyssa focuses on creating positive impact through open source... Read More →

Francesca Romano

Head of Global Operations, Bloomberg LP

Francesca Romano leads Global Operations for Bloomberg’s Corporate Philanthropy team, where her focus is on delivering solutions that are collaborative, innovative, and effective. She holds a bachelor’s degree in comparative literature from Brown University and an MBA from Columbia... Read More →

[FINAL] Open Source Summit NA pdf

Tuesday June 24, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Any
Session Slides Yes

2:10pm MDT

Valkey in Telecom: Leveraging Open Source for Unique Needs and Greater Community Benefits - David Östman & Viktor Söderqvist, Ericsson Software Technology

Tuesday June 24, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 2E

The telecom industry constantly evolves to meet the demands of modern communication.
As a supporter of the Linux Foundation Valkey project, this presentation will explore other ways to utilize Valkey compared to many cloud providers, and the benefits this brings to the community and the project itself.

We will discuss the technical aspects of Valkey's use in telecom, drawing from insights for the advantages of public forks managed by foundations, leading to faster and more expansive development.

Our company was one of the founding supporters of Valkey, and Viktor Söderqvist is a core maintainer of Valkey. We will cover how we integrate community engagement and governance, David as a manager and Viktor maintainer and our collaborative efforts together.

We'll highlight our contributions to Valkey, and the discussions that led to our strategic pivot and fork and creation Valkey.

We will also present unique requirements in telecom that has been added to Valkey, and demonstrate how these requirements also benefit the broader project, with features like downgrade mechanisms and key hash improvements for higher performance.

Speakers

David Östman

General Manager Ericsson Software Technology Sweden, Ericsson

David is the General Manager of Ericsson Software Technology (EST) Sweden, leading a dedicated team of engineers developing open source software on projects like Linux, Yocto, and Valkey. With over 25 years of experience in the telecommunications industry, David began his career at... Read More →

Viktor Söderqvist

Open source dev, Ericsson Software Technology

Viktor is an open source developer at Ericsson, contributing to several projects. The last few years, he was contributing to Redis, but recently his focus has been on Valkey, the open source fork of Redis, which he together with a few more active contributors forked and now maint... Read More →

Valkey in Telecom pdf

Tuesday June 24, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2E

Wildcard

Audience Experience Level Any
Session Slides Yes

2:10pm MDT

FLOSS Mentorship Unconference: A Community Event to Share, Shape, & Scale Mentoring Efforts in Open Source (Open to All Attendees; No Pre-registration Required)

Tuesday June 24, 2025 2:10pm - 5:00pm MDT

Bluebird Ballroom 3D

FLOSS Mentorship Unconference: A Community Event to Share, Shape, & Scale Mentoring Efforts in Open Source (Open to All Attendees; No Pre-registration Required)

An unconference afternoon for anyone engaged in open source mentorship -- or who would like to be. We’ll build the agenda on-the-spot, then move into focused discussions to share best practices, challenges, and aspirations. Expect to leave with new contacts and a shared action list for better, more sustainable mentoring. Topics crowdsourced day-of – join us just to listen, or to pitch one of your own!

Tuesday June 24, 2025 2:10pm - 5:00pm MDT
Bluebird Ballroom 3D

Special Events / Exhibits / Breaks

Audience Experience Level Any

2:40pm MDT

Lightning Talk: Future-Proofing Compliance: Leveraging Knowledge Graphs and AI in Cybersecurity - Zeyno Dodd, Conjectura R&D

Tuesday June 24, 2025 2:40pm - 2:50pm MDT

Bluebird Ballroom 3E

Traditional approaches to cybersecurity compliance are being redefined in an era marked by rapidly evolving cybersecurity threats and stringent compliance requirements. This session explores the innovative integration of Knowledge Graphs (KG) and Retrieval Augmented Generation (RAG) with Generative AI to address the ever-evolving complexities of cybersecurity frameworks like NIST CSF v2.0, NIST 800-171, and CMMC. I will briefly delve into an open-source proof-of-concept demonstrating how these technologies can automate the discovery of compliance relationships and streamline cross-framework assessments. Join me in discovering how we can significantly enhance cybersecurity measures by harnessing open-source tools and AI, reducing the resource burden, and maintaining timely and robust adherence to evolving standards.

Speakers

Zeyno Dodd

R&D Architect, Conjectura R&D

Cloud Solution Architect and Researcher with 25+ years in software development and research. Committed to leveraging AI to address complex real-world challenges with societal impact. Specializes in applying Graph Neural Networks (GNN) within Cloud/Edge/Hybrid Machine Learning frameworks... Read More →

OSS NA 2025.Future Proofing Compliance.v1.0 pdf

Tuesday June 24, 2025 2:40pm - 2:50pm MDT
Bluebird Ballroom 3E

Open AI + Data

Audience Experience Level Any
Session Slides Yes

3:05pm MDT

Transforming Software Development and Engineering Velocity at EBay With AI/ML in CI/CD - Aravind Kannan, eBay

Tuesday June 24, 2025 3:05pm - 3:25pm MDT

Bluebird Ballroom 3B

In today's digital landscape, rapid and reliable software delivery is crucial. Join us to explore how eBay has integrated AI and ML into its Continuous Integration and Continuous Deployment (CI/CD) processes, revolutionizing software development at scale.

We will share insights from eBay's "Engineering Velocity" initiative, detailing how our AI and ML powered CI/CD platform helped our engineers in achieving a 23% increase in software releases and a 10% reduction in production bugs.

This session will cover:

* The strategic implementation of AI and ML in CI/CD to enhance efficiency and quality.
* Real-world examples of how AI-driven insights and automation have streamlined our software development, review, testing, debugging and delivery process.
* Key challenges and lessons learned in integrating AI and ML technologies into the CI/CD platform.
* Future trends and opportunities in AI and ML for CI/CD.

Whether you're an engineering leader, developer, or DevOps practitioner, gain insights and strategies to leverage AI and ML for faster, more reliable software delivery.

Speakers

Aravind Kannan

Director, Software Engineering, eBay Inc.

Aravind Kannan leads eBay's transformative Engineering Velocity initiative, responsible for driving improvements in software development and delivery platforms and processes across the organization. He is committed to empowering engineers to deliver value to customers faster, easier... Read More →

eBay AI:ML in CI:CD pdf

Tuesday June 24, 2025 3:05pm - 3:25pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Any
Session Slides Yes

3:05pm MDT

Panel Discussion: Scaling Inclusive Open Source: Strategies & Metrics for Building Equitable Communities - Kenyatta Forbes, Independent; Sarah Oyetubo, GitHub; Georg Link, Bitergia; Justin Wheeler, Red Hat

Tuesday June 24, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 3G

This panel will delve into the challenges and opportunities for diversity, equity, inclusion, and accessibility (DEIA) in open source, informed by GitHub's latest Open Source Survey. Through a series of research spotlights, panelists will share data-backed strategies and real-world case studies for fostering inclusivity at scale. The session will feature an interactive Q&A where panelists address pre-planned questions and engage with audience inquiries. Key topics for discussion include identifying useful DEIA metrics versus "vanity metrics," balancing quantitative data with qualitative feedback, and the impact of mentorship programs on community diversity. Attendees will gain actionable strategies to cultivate more welcoming, sustainable, and diverse open source projects.

Speakers

Sarah Oyetubo

Sr. Program Manager, DI&B, GitHub

Sarah Oyetubo is a Certified Diversity and Inclusion practitioner and Senior Program Manager of Diversity, Inclusion, and Belonging at GitHub. She has a proven track record for leading people through transformational change, as demonstrated in various strategic and highly visible... Read More →

Georg Link

Open Source Strategist and Director of Sales, Bitergia

Georg’s mission is to make open source more professional by using community metrics and analytics. Georg cofounded the CHAOSS Project to advance analytics and metrics for open source project health. Georg is an active contributor to several projects and has often presented on open... Read More →

Justin Wheeler

Fedora Community Architect, Red Hat

Justin is a Free Software activist and Open Source advocate focused on community leadership and digital infrastructure. As the Fedora Community Architect at Red Hat, he designs and maintains the core support structures that enable a global community of contributors to thrive. His... Read More →

Kenyatta Forbes

Open Source Strategist & Advocate

Kenyatta Forbes an Open Source strategist and advocate with a focus on supporting the growth and sustainability of open source communities. With over a decade of experience in technology and program management, she enjoys fostering collaboration between developers, maintainers, and... Read More →

Scaling Inclusive Open Source – OSS NA 2025 @ Denver, CO US pdf

Tuesday June 24, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3G

Equity + Inclusion + Accessibility

Audience Experience Level Any

3:05pm MDT

Agents in Action: Advancing Open Source AI Missions - Hema Veeradhi, Red Hat

Tuesday June 24, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 3E

AI Agents have become a buzzword in the world of generative AI—but what exactly are agents, and how are they advancing open source AI? Agents are autonomous systems that extend the capabilities of Large Language Models (LLMs) by leveraging external tools and real-time data to perform dynamic actions for solving complex, multi-step tasks. They are at the forefront of transforming open source AI by enabling adaptability, automation and more intelligent decision-making.
In this talk, we’ll explore popular open source agent frameworks like LangChain and Haystack, which are driving rapid development and community-powered innovation in AI agents. Using real-world examples and a live demo, we’ll demonstrate how these frameworks can be leveraged to build a variety of generative AI applications, including RAG, IT operations automation and dynamic, context-aware chatbots.
Attendees will gain a clear insight into why AI agents are at the forefront of innovation and how open source collaboration is driving its evolution. Whether you’re an AI developer, OSPO leader or open source enthusiast, this session will highlight the potential of agents to power the next wave of open source AI missions.

Speakers

Hema Veeradhi

Principal Data Scientist, Red Hat

Hema Veeradhi is a Principal Data Scientist working in the Emerging Technologies team part of the office of the CTO at Red Hat. Her work primarily focuses on implementing innovative open AI and machine learning solutions to help solve business and engineering problems. Hema is a staunch... Read More →

Tuesday June 24, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3E

Open AI + Data

Audience Experience Level Any

4:20pm MDT

Boot-Time BOF - Tim Bird, Sony

Tuesday June 24, 2025 4:20pm - 5:00pm MDT

Bluebird Ballroom 2B

In this BOF, attendees will discuss the current status of Linux Boot, and boot-time reduction efforts for Linux systems. This will be an open discussion about the currently available tools, instrumentation, techniques, patches, documentation and online resources for developers working on Linux boot-time reduction.

If you are working on Linux boot-time, or plan to sometime in the near future, please join this discussion. You can describe your requirements, or tell us about your current Linux boot-time reduction activities or projects.

Speakers

Tim Bird

Principal Software Engineer, Sony Electronics

Tim Bird is a Principal Software Engineer for Sony Corporation, where he helps Sony use Linux and other open source software in their products. Tim is the organizer of the Linux Boot-Time Special Interest Group and is involved with various Linux Foundation projects (including being... Read More →

Boot Time BOF Bird ELC 2025 06 pdf

Tuesday June 24, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 2B

Embedded Linux Conference

Audience Experience Level Any
Session Slides Yes

4:20pm MDT

Unlocking the Full Potential of WPE To Build a Successful Embedded Product - Mario Sanchez-Prada, Igalia

Tuesday June 24, 2025 4:20pm - 5:00pm MDT

Bluebird Ballroom 2A

The Web engine is the most important component of a Web browser, enabling developers to leverage the Web Platform for their applications. And thanks to Open Source Web engines like WPE, it is now possible to build all kinds of products for embedded devices using Web-based technologies, from set-top boxes and smart home appliances to GPS devices and in-flight infotainment systems, to name a few.

Unfortunately, companies usually fall into the trap of applying one-off fixes to meet their immediate needs, accumulating technical debt and struggling to adapt to the evolving nature of the Open Source projects they heavily rely on. On top of that, it makes it difficult to ensure that the stable releases of such projects properly fit the needs of the products they intend to build, leading to spending too much time being reactive to integration-related problems instead of focusing on building a great product.

In this session, we will focus on explaining the best practices to unlock the full power of WPE without falling into such traps, so that you can focus on building a stronger foundation for your future embedded products with WPE, while keeping maintenance costs under control.

Speakers

Mario Sanchez-Prada

Software Engineer and WebKit Team coordinator at Igalia, Igalia

Software engineer and partner at Igalia with 19+ years of experience working on the development of Linux-based Operating Systems, the GNOME platform, Web engines (i.e. WebKit, Blink) and Web browsers (Epiphany, Chromium).Past experience includes work on the Maemo project, Litl OS... Read More →

20250624 UnlockingtheFullPotentialOfWPE pdf

Tuesday June 24, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Any
Session Slides Yes

4:20pm MDT

Your Silent Software Saboteur: Open Source Malware - Brian Fox, Sonatype

Tuesday June 24, 2025 4:20pm - 5:00pm MDT

Bluebird Ballroom 2E

Weaponized open source components are silently infiltrating software supply chains, evading detection, and leaving organizations vulnerable to devastating attacks. Brian Fox, Co-founder and CTO of Sonatype, will pull back the curtain on this invisible threat, diving into the rise of malicious components that proliferate at an unprecedented rate.

Discover the stealthy tactics used to infiltrate networks, masquerading as legitimate software, and understand why traditional security solutions are failing. This session will provide the knowledge and tools to proactively protect software supply chains, blocking malicious components before they wreak havoc, and fortify defenses against this invisible and growing enemy.

Speakers

Brian Fox

CTO, Sonatype

Co-founder and CTO, Brian Fox is an OpenSSF Governing Board member, a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin, he has over... Read More →

Tuesday June 24, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 2E

Wildcard

Audience Experience Level Any

4:20pm MDT

West: Explained in Simple Words - Roy Jamil, AC6

Tuesday June 24, 2025 4:20pm - 5:00pm MDT

Bluebird Ballroom 2C

Engineers coming from traditional RTOS or bare metal backgrounds may initially see Zephyr's meta-tool, West, as an unfamiliar hurdle. While it might seem a bit complex at first, West is actually a simple and effective way to handle multiple repositories, as well as to build, debug, analyze, and more.

In this talk, we’ll break down what West does and how it fits into the Zephyr ecosystem. We'll use plain language and practical examples, showing that West isn’t a barrier at all. Instead, it’s a powerful tool that makes managing your projects easier and more organized. From my experience teaching Zephyr and West, I’ve seen how quickly developers come to appreciate its capabilities once they understand how it fits into their workflow.

We'll also explore why West exists and dive into its range of commands. Plus, we'll highlight the opportunities it offers, including enabling capabilities that were not possible without it.

Finally, we’ll demonstrate how to create custom commands with West and provide examples of how you might tailor these commands to meet the specific needs of your applications.

Speakers

Roy Jamil

Training Engineer, AC6

Roy Jamil, with a PhD in the field of Asymmetric Multiprocessing (AMP) and real-time embedded systems, has over six years of experience as a Training Engineer at Ac6. He trains hundreds of engineers annually. His experience includes programming, Linux, drivers, Yocto, and various... Read More →

West Explained in Simple Words Roy Jamil, AC6 pdf

Tuesday June 24, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 2C

Zephyr

Audience Experience Level Any
Session Slides Yes

11:00am MDT

Test Harness: Continuous Testing on Hardware - Julia Anjanet Pineda, Analog Devices

Wednesday June 25, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 2A

The test harness (aka board farm) was initially designed to enable automated testing of Linux drivers on actual hardware. This ultimately became a way to implement continuous testing on hardware, every commit or PR, a build and test is run, and results are reflected back to the commit. It is designed to cater a wide range of peripheral devices and platforms mainly for Analog Devices' Kuiper Linux distribution which is built with more than 1000 Linux device drivers compatible with Xilinx and Intel FPGAs, Raspberry Pi boards, and several other platforms.

This talk covers the design and implementation of such a fully automated test harness. The implemented architecture leverages the use of readily available components/technologies such as Jenkins, Docker, NetBox, and JFrog Artifactory and, at the same time, includes custom-built tools that can be tailored and extended to support existing or new devices and platform types.

This talk will also cover how the team handled the challenges encountered while implementing and addressing features such as resource queueing to minimize waiting time of running builds and also how we make use of sdcardmux to handle recovery.

Speakers

Julia Anjanet Pineda

Software Quality Assurance Engineer, Analog Devices

I like to run while waiting for build jobs to finish. I would work for hours to automate a task that should only take seconds to do manually. I develop and maintain a fully automated hardware test harness for system-level testing.

Test Harness Continuous Testing on Hardware pptx

Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Any
Session Slides Yes

11:00am MDT

Dynamo: Supporting Next-Generation AI Workloads - Olga Andreeva & Ryan McCormick, NVIDIA

Wednesday June 25, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 3F

As Generative AI unfolds its transformative potential, and enterprise needs have shifted toward large-scale, distributed deployments, the requirements for inference serving have fundamentally changed. To meet these new demands, NVIDIA has introduced Dynamo— a high-throughput low-latency inference framework designed for serving generative AI and reasoning models in multi-node distributed environments.

This session provides a technical overview of Dynamo’s architecture, focusing on how its design addresses the core challenges of large-scale, distributed generative AI inference. We will walk through concrete deployment scenarios—including disaggregated serving and dynamic GPU scheduling—and examine how Dynamo manages resource allocation, request routing, and memory efficiency for high-throughput, low-latency inference.

We will also share practical implementation examples and discuss engineering best practices for optimizing workload performance, scalability, and cost using Dynamo. We’ll outline the steps and considerations for deploying Dynamo, highlighting key architectural differences and compatibility factors. By the end of the session, attendees will have a clear understanding of how to deploy and operate Dynamo in production environments to support advanced AI workloads.

Speakers

Olga Andreeva

Senior Software Engineer, NVIDIA

Olga Andreeva is a senior software engineer, specializing in machine learning inferencing. With a PhD in Computer Science from the University of Massachusetts Boston and experience in both academia and industry, Olga specializes in translating cutting-edge ML research into robust... Read More →

Ryan McCormick

Senior Software Engineer, NVIDIA

Ryan McCormick is a senior software engineer working at the intersection of machine learning, systems software and distributed systems at NVIDIA. He is responsible for developing scalable and performant inference solutions, with a current focus on the Triton Inference Server and Triton... Read More →

OSS Dynamo pdf

Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 3F

Open AI + Data

Audience Experience Level Any
Session Slides Yes

11:00am MDT

The Accidental Maintainer: Sideways Stories Into Open Source Leadership - Divya Mohan, SUSE & Natali Vlatko, Cisco

Wednesday June 25, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 3C

Maintainers are responsible for technical oversight and key decisions in open source projects. Contributor ladders, found in projects like OpenTelemetry and Apache, define the journey from contributorship to maintainership. Divya Mohan and Natali Vlatko exemplify this path, having "accidentally" risen to leadership as co-chairs of the Kubernetes Documentation Special Interest Group (SIG).
But how does one stumble into leadership, and how can we make this process intentional? In their talk, Divya and Natali will share their experiences alongside insights from other leaders in the CNCF ecosystem. They will discuss how contributions—like decision-making, completing essential tasks, and sharing knowledge—cultivate a community that fosters leadership. Discover how elevated permissions can be perceived as leadership roles, how contributors who answer questions become mentors, and recognize if you’re already demonstrating these leadership qualities.
Join along to learn about the leadership tasks Divya and Natali perform as SIG co-chairs and how you can leverage your skills to lead in your project.

Speakers

Divya Mohan

Principal Technology Advocate, SUSE

Divya is a Principal Technology Advocate at SUSE, where she contributes to and advocates for its open source projects. She co-chairs the documentation for the Kubernetes & has previously worked extensively in the systems engineering space during her tenure with HSBC & IGate Global... Read More →

Natali Vlatko

Open Source Lead Architect, Cisco

Natali Vlatko (she/her) is an Open Source Lead Architect at Cisco, specializing in open software, policy, and governance. She is a SIG Docs Co-Chair for Kubernetes and a member of the TODO Group Steering Committee. She plays on the fun computer in her spare time. Her academic background... Read More →

Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Any

11:00am MDT

Finally! A New Trademark Policy - Rebecca Rumbul & Gracie Gregory, The Rust Foundation

Wednesday June 25, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 3D

Refreshing long-standing policies in OSS communities can be a long and difficult process. Last year at OSS Summit NA, we discussed getting to the mid-point in our journey in developing a new trademark policy for the Rust community. Following a lot of further work, consultation, and iteration, and final board approval, we are now able to reflect on the whole process of redeveloping a legal policy with an OSS community, the pitfalls, challenges, and paths to success.

Speakers

Rebecca Rumbul

CEO & Executive Director, Rust Foundation

Rebecca is the Executive Director and CEO of the Rust Foundation. She holds a PhD in Politics and Governance, and has worked as a consultant and researcher with governments, parliaments and development agencies all over the world, advocating for openness and transparency, and developing... Read More →

Gracie Gregory

Director of Communications & Marketing, The Rust Foundation

Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 3D

Operations Management

Audience Experience Level Any

11:00am MDT

Building an Open Source System Design Interview Coach With Interactive Simulations - Sriram Panyam, Independent

Wednesday June 25, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 2E

As a former FAANG engineering leader who's interviewed 100s of candidates, I've seen brilliant engineers struggle to communicate system design concepts under pressure. In this session, I'll introduce SDL - an open source tool that makes distributed systems tangible and interactive.

What We'll Explore Together

- System Modeling
- Watch how architectures like Uber and Bitly actually behave under load
- Interactive Failure Scenarios
- Kill components and see cascading failures in real-time
- Trade-off Analysis
- Adjust consistency/latency sliders and watch system behavior change
- Probability-based Modeling
- Pattern Recognition

Why this matters?

Candidates often fail not from lack of knowledge, but inability to visualize and communicate complex systems under pressure. The market is competitive & rife with layoffs. These tools aren't just about getting hired - they're about ensuring talented engineers find positions where they'll thrive.

Key Takeaways:
- Understand SDL's simple grammar for modeling distributed systems
- See real architectural patterns emerge from constraints
- Learn to reason about system behavior probabilistically
- Build confidence by experimenting safely before interviews
- Looking forward to learn from you all too and collaborating in the future.

This isn't about memorizing answers - it's about building intuition through interactive exploration. Whether you're preparing for interviews or teaching others, SDL transforms abstract concepts into tangible experiences.

Speakers

Sriram Panyam

Chief Architect and Founding Engineer, Independent

As an engineering leader who's conducted 100s of technical interviews, I've seen exceptional talent fail due to the mysterious nature of system design interviews. I've built large-scale distributed systems and mentored engineers through the bewildering interview process at top tech... Read More →

OSSNASummitPresentation pptx

Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2E

Wildcard

Audience Experience Level Any

11:20am MDT

Event Provenance Registry: Continuous Delivery Events for the Electric Sheep - Brett Smith, SAS Institute, Inc.

Wednesday June 25, 2025 11:20am - 11:40am MDT

Bluebird Ballroom 3B

What if you got a second chance to build an Event Driven Provenance service? In this talk I will cover the decision to start over, rewrite, and Open Source the Event Driven system we built in house. In the process of covering the things we changed and the things we kept I tell a few war stories. Add in what needed to be improved and what we left behind. I will talk about our involvement in the CD Foundation and how the new system can leverage CDEvents and help with SBOM storage and retrieval. Demo and Discussion included dependent on time allotment.

Speakers

Brett Smith

Distinguished Software Developer, SAS Institute, Inc.

Software Architect/Engineer/Developer with 25+ years of experience. Specialties: Event Driven Automation, Continuous Integration/Delivery/Testing/Deployment, Supply Chain Security Expertise: Linux, packaging, and tool design. Currently Engineering and Securing the Supply Chain... Read More →

Event Provenance Registry pdf

Wednesday June 25, 2025 11:20am - 11:40am MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Any
Session Slides Yes

11:55am MDT

Navigating Compliance: What Developers Can Learn From Driving - Kadi McKean & Charlie Jones, ReversingLabs

Wednesday June 25, 2025 11:55am - 12:15pm MDT

Bluebird Ballroom 3B

When driving on a highway, you have to follow the rules of the road—some apply to everyone, while others only apply to commercial drivers. Open source maintainers and software publishers face a similar divide regarding regulatory compliance.

While software manufacturers must meet extensive legal and security obligations, open source maintainers often assume these regulations do not apply directly to them—but do they? In this talk, we’ll separate fact from fiction by breaking down what rules like the EU Cyber Resilience Act require from maintainers versus software vendors.

We’ll explore the limited enforceable obligations for open source projects, including secure development policies and vulnerability reporting, and discuss when (if ever) these rules impact maintainers. By understanding these distinctions, open source contributors can make informed decisions about risk, responsibility, and collaboration with commercial software teams—without unnecessary compliance burdens.

Speakers

Kadi McKean

Community Manager, ReversingLabs

Charlie Jones

Director of Product Management, ReversingLabs

Charlie is a Software Assurance Evangelist with 7 years of experience in providing strategy and transformation services for cyber security, third party risk, and IT audit programmes of both Fortune and FTSE 100 companies across all 3 lines of defence. Charlie specializes in helping... Read More →

Wednesday June 25, 2025 11:55am - 12:15pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Any

2:10pm MDT

Contributor Catalyst: New Contributor Perspectives From an HBCU Mentorship Program - Emily Lovell, UC Santa Cruz OSPO & Silas Morgan, Norfolk State University

Wednesday June 25, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 3H

Open source is woven into nearly all modern technology, making it more important than ever to support new contributors – but entering the world of open source contribution can be a daunting experience. There are unspoken norms to understand, new tools and best practices to learn, and a whole lot of code to navigate.

In 2023, the UC Santa Cruz OSPO launched a summer mentorship program to support students from Historically Black Colleges and Universities (HBCUs) contributing to open source. Over the course of eight weeks, each tight-knit cohort learns how to productively contribute to a project of their choosing, while working together both in-person and remotely. Program alumni have returned as peer mentors, spoken at conferences, been interviewed for podcasts, and accepted paid work in open source.

This session will showcase the perspective of both current participants and program alumni, offering insight into how we can all work together to make open source more welcoming and inclusive. Whether you're looking to engage diverse new contributors, or you're just curious about the novice experience, you'll be sure to learn something new!

Speakers

Emily Lovell

Associate Director, UC Santa Cruz OSPO

Dr. Emily Lovell is the Associate Director of the Open Source Program Office at UC Santa Cruz. Her research and teaching use novel domains to invite broader participation in computing, with her recent postdoctoral work focusing on newcomers to open source. Emily previously served... Read More →

Silas Morgan

Graduate Student and Contributor Catalyst Mentor, Norfolk State University

Silas Morgan is a Graduate student and Alumni of Norfolk state university. He's majored in computer science, and participated in UCSC's Contributor Catalyst program both as a learner/participant, and as an alumni mentor helping students become engaged with open source. As a participant... Read More →

Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 3H

Equity + Inclusion + Accessibility

Audience Experience Level Any

2:10pm MDT

The Work No One Notices—Until It’s Missing: Scaling Open Source Community Teams - Elizabeth Barron, CHAOSS

Wednesday June 25, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 3C

Community management in open source is often a catch-all role, with one person juggling contributor engagement, content, events, and growth. But no single individual can—or should—do it all. As projects scale, a structured, team-based approach becomes essential.

This talk introduces a four-part framework for building an effective community team:

- Community Caretakers – Foster an inclusive, welcoming space, ensuring contributors feel heard, valued, and engaged.
- Content Creators – Develop documentation, blogs, and educational materials.
- Growth Drivers – Expand the community through outreach and advocacy.
- Organizers – Handle logistics, events, and data to keep things running smoothly.

We’ll explore why many projects struggle with community management, the pitfalls of prioritizing outreach over engagement, and how a scalable team structure prevents burnout, improves retention, and ensures long-term sustainability.

Whether you're launching or scaling a project, this session provides a practical roadmap for turning fragmented community efforts into a high-impact, sustainable team.

Speakers

Elizabeth Barron

Community Manager, CHAOSS

Elizabeth Barron is a self-employed open source consultant working on projects such as CHAOSS and GitHub's GitSkilled. She is a long-time open source contributor and advocate with over 20 years of experience at companies like GitHub, Pivotal/VMWare, and Sourceforge.She is also an... Read More →

Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Any

2:10pm MDT

If I Could Turn Back Time - What Open Source and Tech History Tells Us About the Future - Shirley Bailes, Intel

Wednesday June 25, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 2E

In this session, we will examine critical moments in Open Source history, from the early days of the kernel and birth of the Linux Foundation, to Software defined networking, to Containerization and Cloud Native, to Web, to AI; examine what can be distilled as transcendent truths, and what that tells us about our future? How should it inform the ways we build our software strategies? Attendees will leave inspired, curious and wanting to learn more.

Speakers

Shirley Bailes

Director of Software Ecosystem Strategy, Intel

Shirley Bailes has been involved in developer communities and building open source programs for over 15 years. She is the Director of Software Ecosystem Strategy in Intel's Office of the CTO, where she leads thought leadership and strategic initiatives to accelerate startup innovation... Read More →

Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2E

Wildcard, Operations Management

Audience Experience Level Any

3:05pm MDT

Enhancing Data Integrity in Linux - Anuj Gupta, Samsung Semiconductor

Wednesday June 25, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 2B

Achieving end-to-end data integrity is essential for modern storage systems, yet Linux still faces challenges in providing full-stack protection. This session explores recent improvements in Linux’s data integrity framework. Specifically this presentation shares detail about:

1. A new io_uring interface that enables applications to attach metadata with I/O requests, ensuring robust data protection.

2. Optimizations to existing integrity mechanisms that improve performance, reduce overhead, and enhance flexibility, all of which have been merged into the mainline kernel.

3. Lastly, we highlight a novel mechanism that allows filesystems to fully utilize device integrity features and helps optimizing host and device resource utilization.

This presentation will deliver in-depth technical insights into these advancements and their role in strengthening Linux storage reliability.

Speakers

Anuj Gupta

Linux kernel developer, Samsung Semiconductor India

Anuj Gupta is a Linux kernel developer in Global Open Source Team at Samsung. His contributions focus on kernel I/O stack improvements across io_uring, block layer, and NVMe driver. Speaker at Open Source Summit and SNIA SDC. He has also published a paper at USENIX FAST. Contributes... Read More →

Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2B

Linux

Audience Experience Level Any

4:20pm MDT

An Investigation of Patch Porting Practices of the Linux Kernel Ecosystem - Xingyu Li, UC Riverside

Wednesday June 25, 2025 4:20pm - 5:00pm MDT

Bluebird Ballroom 2B

The Linux ecosystem—spanning upstream mainline, stable and LTS branches, and downstream distributions like Ubuntu and Android—relies on patch porting to ensure stability and security. However, concerns persist about delayed or incomplete patch propagation. By mining software repositories across 28 Linux branches (e.g., Android,Ubuntu,Debian,OpenSLE and etc) and 584K patches., we uncover diverse patch porting strategies and their trade-offs, measured through patch delay, patch rate, and bug inheritance ratio. We also analyze the factors influcing the patch porting practices and offer actionable insights to enhance patch flow efficiency and strengthen the Linux ecosystem.

Speakers

Xingyu Li

PhD candidate; Research assistant, UC Riverside

I am a final year PhD student in UC Riverside in computer science. I am working on improving Linux kernel security by investigating Linux patch porting strategy, identifying silent serious patches and improving fuzzing efficiency.

Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 2B

Linux

Audience Experience Level Any

4:20pm MDT

Trust but Verify: Uncovering the Hidden Risks of Inaccurate SBOMs With JBomAudit - Yue Xiao & Dhilung Kirat, IBM Research

Wednesday June 25, 2025 4:20pm - 5:00pm MDT

Bluebird Ballroom 3G

Additional Authors: Jiyong Jang & Douglas Schales, IBM Research

Software supply chain attacks have surged in recent years, posing significant threats to organizations. In response, Software Bill of Materials (SBOMs)—structured inventories that document software components—have been proposed to enhance supply chain transparency, track dependencies, and manage vulnerabilities. Despite increasing adoption, their correctness and completeness in real-world open-source ecosystems remain largely unexamined. Incomplete SBOMs can result in overlooked vulnerabilities while incorrect dependency may waste resources on non-existent issues.

This talk introduces JBomAudit, an open-source tool to automatically verify Java SBOMs by systematically assessing their correctness and completeness against NTIA minimum requirements. We will cover technical details of JBomAudit, demonstrate how it examines missing and incorrect dependencies, and present findings from our large-scale analysis of over 25,000 Java SBOMs, highlighting the prevalence of non-compliant SBOMs and security implications. We will also discuss common pitfalls in SBOM generation, analyze the root causes of non-compliance, and provide actionable recommendations to improve SBOM quality.

Speakers

Dhilung Kirat

Senior Research Scientist, IBM Research

Dhilung Kirat is a Research Scientist in the AI Supply Chain Security group of the Security Research department at IBM T.J. Watson Research Center. Dhilung received his PhD in Computer Science from University of California, Santa Barbara in 2015. His research interests revolve around... Read More →

Yue Xiao

Research Scientist, IBM Research

Dr. Yue Xiao is a Research Scientist at IBM Watson Research. She earned her Ph.D. from Indiana University Bloomington, focusing on GenAI security, privacy compliance, vulnerability assessment, and supply chain security. She has published in top venues (CCS, Usenix Security, NDSS... Read More →

OSS NA25 JBomAudit IBM pdf

Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 3G

OpenGovCon

Audience Experience Level Any
Session Slides Yes

11:20am MDT

11:20am MDT

11:20am MDT

11:20am MDT

11:20am MDT

1:30pm MDT

1:30pm MDT

1:30pm MDT

1:30pm MDT

2:25pm MDT

3:35pm MDT

3:35pm MDT

4:30pm MDT

5:30pm MDT

5:30pm MDT

9:00am MDT

9:00am MDT

11:00am MDT

11:00am MDT

11:00am MDT

11:55am MDT

2:10pm MDT

2:10pm MDT

2:10pm MDT

2:10pm MDT

2:10pm MDT

2:10pm MDT

2:10pm MDT

2:40pm MDT

3:05pm MDT

3:05pm MDT

3:05pm MDT

4:20pm MDT

4:20pm MDT

4:20pm MDT

4:20pm MDT

11:00am MDT

11:00am MDT

11:00am MDT

11:00am MDT

11:00am MDT

11:20am MDT

11:55am MDT

2:10pm MDT

2:10pm MDT

2:10pm MDT

3:05pm MDT

4:20pm MDT

4:20pm MDT

Get help with the event