Open Source Summit North America 2025: Full Schedule

June 23 - 25, 2025
Denver, Colorado
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Mountain Daylight Time (UTC/GMT -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

11:20am MDT

Building Trust in ML: Mapping the Model Lifecycle for ML Integrity and Transparency - Marcela Melara, Intel Labs

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2F

Open machine learning (ML) models and datasets are rapidly becoming central to building AI applications. While this trend accelerates innovation and democratizes AI, it exposes applications to security risks like data poisoning and supply chain attacks. Threats like malicious backdoors hidden in pre-trained ML models hosted on major hubs like Hugging Face emphasize the wide reach compromises can have. So, how do we build trust in the ML lifecycle?
This talk presents Atlas, a framework that combines open specifications for data and software supply chain provenance like Coalition for Content Provenance and Authenticity (C2PA) and Supply-chain Levels for Software Artifacts (SLSA) with the integrity features of transparency logs and trusted hardware to run attestable ML pipelines. First, we motivate the need to safeguard all layers of the ML lifecycle. We describe and demonstrate how Atlas’s three core mechanisms enable verification: (1) cryptographic artifact authentication, (2) hardware-based attestation of ML systems, and (3) provenance tracking across ML pipelines. Our Atlas demo integrates several open-source tools to build an end-to-end ML lifecycle transparency system.

Speakers

Marcela Melara

Research Scientist, Intel Labs

Marcela Melara is a research scientist in the Security and Privacy Research group at Intel Labs. Her current work focuses on developing solutions for high-integrity software and AI supply chains. She leads a number of internal, academic and open-source projects on supply chain and... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2F

Cloud + Containers

Audience Experience Level Intermediate

11:20am MDT

The Power of Consolidation: A Unified Stack for Business Intelligence, Security, and Observability - Josh Lee, Altinity, Inc. & Mya Jaye, C8 Labs

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2G

Imagine you’re responding to a production incident, and you’re trying to answer simple questions about it. How many systems do you need to consult when assessing the impact of events at your company? Do you manage different technology stacks for observability, security, and business intelligence?

What if we told you, you could create a unified stack capable of serving all stakeholders simultaneously? In this talk, Mya and Josh explore how open source technologies like ClickHouse, OpenTelemetry, and Grafana enable complex business use cases using modern tooling and practices.

Regardless of your function, you will leave with a deeper understanding of how consolidating these concerns into a unified stack reduces technical complexity and provides a common language for everyone to use - from engineers building new features and product managers evaluating their success, to operators keeping the lights on and C suite’s birds-eye view of the company.

Whether you’re working with a data lake, or more of a data pond, we offer practical architectures and solutions to streamline your operations and bring your stakeholders together, all while using fewer resources.

Speakers

Mya Jaye

Founder, C8 Labs

A brilliant, talented, self-taught, ambivert who loves attending and speaking at conferences. I love tinkering with small board computers like raspberry pis.☕ If you see me around, don't hesitate to come say hi!🏒 Hockey player since I was 7💻 Programming since I was 14... Read More →

Josh Lee

Open Source Developer Advocate, Altinity, Inc.

Whether it’s operators or observability, agile or accessibility, my expertise shines because I’m passionate about all of it. I’ve been building software for more than a decade and I love sharing experiences via public speaking. I’m currently a Developer Advocate for Altinity... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate

11:20am MDT

Leveraging the OPEA Platform and GraphRAG Architectures To Drive Cloud-Native AI Adoption - Stephen Chin, Neo4j & Ezequiel Lanza, Intel

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 2C

In the era of cloud-native technologies, businesses are increasingly looking to integrate advanced AI capabilities into their workflows. This session explores how the Open Platform for Enterprise AI (OPEA) offers a transformative, open-source framework designed to accelerate the adoption of Generative AI (GenAI) across industries. Attendees will learn about the key benefits of adopting an open-source GenAI platform, including flexibility, community-driven improvements, and cost efficiency, as well as the advantages of deploying AI models in a cloud-native environment. We will also dive deep into the emerging GraphRAG (Graph-based Retrieval-Augmented Generation) architecture, demonstrating how it enhances the accuracy and explainability of AI-driven responses. Join us for this session to explore how the open-source OPEA platform and GraphRAG architectures are poised to redefine enterprise AI and to drive smarter, more reliable cloud-native AI applications.

Speakers

Stephen Chin

VP of Developer Relations, Neo4j

Stephen Chin is VP of Developer Relations at Neo4j, conference chair of the LF AI & Data Foundation, and author of numerous titles including the upcoming GraphRAG: The Definitive Guide for O'Reilly. He has given keynotes and main stage talks at innumerable AI and developer conferences... Read More →

Ezequiel Lanza

LF AI & Data TAC Board/Chairperson | Open Source AI Evangelist at Intel, Intel

Passionate about helping people discover the exciting world of artificial intelligence, Ezequiel is a frequent AI conference presenter and the creator of use cases, tutorials, and guides that help developers adopt open source AI tools.

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 2C

Open AI + Data

Audience Experience Level Intermediate

1:30pm MDT

Panel Discussion: Open Source: What's Next - Tony Wasserman, Software Methods and Tools; Stormy Peters, Independent; Rao Lakkakula, Microsoft; Nithya Ruff, Amazon; Chris Aniszczyk, The Linux Foundation

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 3C

This proposed session is a panel discussion covering recent developments and likely future directions for open source software, particularly as it applies to companies that are developing and/or using open source software in their products. The invited panelists all have extensive experience that cover the most significant issues facing open source today, including licensing, security, AI, and OSPOs.

Speakers

Tony Wasserman

Principal, Software Methods and Tools

Tony Wasserman has divided his career between academia and industry. He is currently Principal of Software Methods and Tools, and an Advisor in the UC Berkeley SkyDeck accelerator. He was Professor of Sfw Mgmt at CMU-Silicon Valley from 2005-23. Earlier, he was CEO of Interactive... Read More →

Stormy Peters

Open Source Advocate, Self employed

Stormy Peters is VP of Communities at GitHub. She leads the teams responsible for enabling the online creators and open source communities on GitHub, including GitHub’s community product efforts, developer relations, education, and other strategic programs. Throughout her career... Read More →

Rao Lakkakula

Partner Director, Open Source Ecosystem, Microsoft

Rao Lakkakula is the Director of Open Source Ecosystem at Microsoft. Rao has held various roles in open source, security, engineering, risk management, and business intelligence. His previous experience includes leadership positions in security at JPMorgan Chase, Climate Corp, Amazon... Read More →

Nithya Ruff

Director, Amazon OSPO, Amazon

Nithya is the Head of Amazon’s Open Source Program Office. Amazon’s customers value open source innovation and the cloud’s role in helping them adopt and run important open source services. She drives open source culture and coordination inside of Amazon and engagement with... Read More →

Chris Aniszczyk

CTO, Linux Foundation

Chris Aniszczyk is an open source technologist with a passion for building a better world through open collaboration. He's currently a CTO at the Linux Foundation focused on developer experience and running the Cloud Native Computing Foundation (CNCF). Furthermore, he's a Partner... Read More →

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Intermediate

1:30pm MDT

Zephyr for Open Source Health Devices - Ashwin Whitchurch, Protocentral Electronics

Monday June 23, 2025 1:30pm - 2:10pm MDT

Bluebird Ballroom 2B

This talk would highlight the importance of open source health devices and how we used Zephyr across several hardware platforms to develop these devices. We will draw on experiences from our projects including HealthyPi 5, HealthyPi 6 and the wearable HealthyPi Move, all open source hardware and software. More specifically how Zephyr enabled the use of practically a single codebase across three different microcontroller platforms in different form factors.

l will also talk about the challenges faced during the process of making the system wearable and low power and the solutions that worked for us.

Speakers

Ashwin Whitchurch

CEO, Protocentral Electronics

Ashwin is a part of a company called Protocentral Electronics, which is focused on developing open-source hardware for healthcare applications. He is a software and hardware engineer by education and profession, with Masters degrees in both subjects.

Monday June 23, 2025 1:30pm - 2:10pm MDT
Bluebird Ballroom 2B

Zephyr

Audience Experience Level Intermediate

1:30pm MDT

Tutorial: From Planning To Production-Ready RAG With OPEA - Andreas Kollegger, Neo4j; Ezequiel Lanza & Katherine Druckman, Intel

Monday June 23, 2025 1:30pm - 3:05pm MDT

Bluebird Ballroom 3E

Enterprises struggle to integrate fragmented generative AI (GenAI) technologies. Due to its rapid evolution and diverse implementations, even top LLMs hallucinate when answering Kubernetes-related questions.

The Open Platform for Enterprise AI (OPEA), a Linux Foundation project, accelerates GenAI adoption with an orchestration framework that composes microservices via customizable blueprints to deploy or create GenAI applications.

In this hands-on tutorial, developers will deploy advanced retrieval-augmented generation (RAG) applications using Kubernetes. They’ll explore how OPEA orchestrates AI workloads via a microservices architecture and build a production-ready RAG chatbot. Attendees will go beyond deployment, enhancing vector search with knowledge graphs, customizing OPEA components, and scaling AI solutions efficiently on Kubernetes—all while integrating AI agents for more intelligent automation.

Speakers

Ezequiel Lanza

LF AI & Data TAC Board/Chairperson | Open Source AI Evangelist at Intel, Intel

Katherine Druckman

Open Source Evangelist, Intel

Katherine Druckman is an Open Source Evangelist at Intel, where she enjoys sharing her passion for a variety of open source topics. She currently combines her enthusiasm for software security and emerging AI technology as the OPEA Security Working Group Lead and Co-Chair of the OpenSSF... Read More →

Andreas Kollegger

Senior Developer Advocate, Neo4j

Andreas is a technological humanist. Starting at NASA, Andreas designed systems from scratch to support science missions. Then in Zambia, he built medical informatics systems to apply technology for social good. Now with Neo4j, he is democratizing graph databases to validate and extend... Read More →

Monday June 23, 2025 1:30pm - 3:05pm MDT
Bluebird Ballroom 3E

Open AI + Data

Audience Experience Level Intermediate

1:30pm MDT

Tutorial: Guarding the Gates: Understanding and Mitigating OWASP's Top 10 LLM Security Risks - Neetu Jain & Kimberly Nowell-Berry, JPMorgan Chase

Monday June 23, 2025 1:30pm - 3:05pm MDT

Bluebird Ballroom 3A

As organizations rapidly adopt Large Language Models (LLMs) in production environments, understanding their unique security vulnerabilities becomes crucial. This session provides a deep dive into OWASP's Top 10 LLM risks, examining real-world examples and practical mitigation strategies.

Speakers

Kimberly Nowell-Berry

JPMorgan Chase

Neetu Jain

Executive Director, JPMC

Neetu Jain is the Executive Director at JP Morgan Chase in the Emerging Technology Security division, where she leads initiatives in AI security. With 20 years of experience in the tech industry, Neetu has driven innovation and security across various domains and products, including... Read More →

Monday June 23, 2025 1:30pm - 3:05pm MDT
Bluebird Ballroom 3A

Open Source 101

Audience Experience Level Intermediate

2:25pm MDT

Securing the Software Supply Chain: Integrating OpenSSF Scorecard, Jenkins, and the Ortelius Project - Tracy Ragan, DeployHub, Inc

Monday June 23, 2025 2:25pm - 2:45pm MDT

Bluebird Ballroom 3B

As the number of software vulnerabilities grows, the need for robust, automated security practices in DevOps pipelines is more critical than ever. OpenSSF Scorecard, an initiative by the Open Source Security Foundation (OpenSSF), provides a framework for evaluating the security posture of open-source projects. Ortelius, an open-source platform and dashboard, builds on this foundation by offering continuous vulnerability tracking and management, integrating with tools like OpenSSF Scorecard and OSV.dev.

Adding to this ecosystem, Jenkins plays a pivotal role as a CI/CD powerhouse, making it an ideal candidate for advancing continuous vulnerability management. In this talk, we’ll explore how integrating Ortelius and OpenSSF Scorecard into Jenkins pipelines empowers teams to automate vulnerability scanning, track security metrics, and respond to threats more efficiently. Attendees will learn how to leverage these tools together to create a secure and automated development lifecycle.

Speakers

Tracy Ragan

CEO, DeployHub, Inc.

Tracy is a recognized expert in software supply chain security and DevSecOps, specializing in managing complex, decoupled architectures. She is the CEO of DeployHub, a scalable continuous vulnerability management platform that empowers software to 'self-heal' by automatically applying... Read More →

Tracy Ragan MondayJune23 225PM Integrating OpenSSF Scorecard, Jenkins, and the Ortelius Project pdf

Monday June 23, 2025 2:25pm - 2:45pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

2:25pm MDT

EdgeLake: Extending the Cloud To the Edge – an LF Edge Project - Moshe Shadmon, AnyLog

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2G

As data volumes grow and real-time processing becomes essential, traditional cloud architectures face limitations in cost, latency, and security. The traditional approach moves all edge data to where the queries are executed—in the cloud—leading to inefficiencies and high costs. EdgeLake (https://lfedge.org/projects/edgelake/), an LF Edge project, takes the opposite approach by bringing queries to the source data at the edge, enabling decentralized data management and local AI/ML processing.

In this talk, we’ll explore how EdgeLake eliminates cloud dependencies, optimizes data infrastructure, and reduces operational costs while ensuring real-time decision-making at the edge. We’ll discuss key use cases (and show a live demo) across industrial automation, smart cities, energy, and telecom, demonstrating how organizations can leverage EdgeLake to unlock the full potential of edge computing.

Join us to learn how EdgeLake is reshaping the future of distributed data architectures and making edge intelligence more accessible.

Speakers

Moshe Shadmon

CEO, AnyLog

Moshe Shadmon, CEO at Anylog. AnyLog’s Virtual Edge Data Network is a Plug & Play software, deployed at the edge, allowing real-time insight without centralizing the data. AnyLog enables deployment of applications and AI at the distributed edge. Prior to AnyLog, Moshe was the CEO... Read More →

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate

2:25pm MDT

Through the Looking Glass: Leveraging Overton Window Concepts To Redefine Infrastructure as Code - Ben Somogyi, Lockheed Martin

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2F

The Overton window, a concept originating in politics, refers to the range of policies that are considered acceptable to a broad and diverse audience. In this session, we will share our experiences and recommendations on how to successfully adapt to shifting "Overton Windows", as they pertain to mainstreaming our platform to support a wide range of customer requirements while minimizing non-recurring engineering expenses. At Lockheed Martin, we have developed a modular open system that incorporates Secure Supply Chain and Cloud Native standards, enabling us to rapidly deliver capabilities to customers in highly regulated and diverse environments, while navigating the complexities of evolving requirements and priorities.

Speakers

Ben Somogyi

Senior Staff DevSecOps Engineer, Lockheed Martin

Versatile, hands-on technical leader and software developer who is building cloud native solutions for Lockheed Martin and its customers.

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2F

Cloud + Containers

Audience Experience Level Intermediate

2:25pm MDT

The State of SBoMs in Embedded - Joshua Watt, Garmin

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2A

Software Bill of Materials (SBoMs) are being increasingly called for in all Software ecosystems, to the point of being mandatory for regulatory compliance. The Embedded space is no different in this regard, so being aware of the available options for complying with SBoM is becoming critical for Embedded development.

In this talk, Joshua will outline prominent options for dealing with SBoM requirements across Open Source Embedded-focused projects, and what to look for in SBoMs for embedded projects to maximize their usefulness.

Speakers

Joshua Watt

Software Engineer, Garmin

Joshua has been working as a software engineer for Garmin since 2008, primarily focused on building products using the Yocto Project. He is also involved with the SPDX community and a member of the OpenEmbedded Technical Steering Committee.

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Intermediate

2:25pm MDT

Beaconforge.org, Open Agentic AI for Hallucination Mitigation - Diego Gosmar, Voiceinteroperability.ai, LF AI and Data

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2C

This talk will describe the emerging standard and the Beaconforge.org framework, which is being developed by the Voiceinteroperability.ai Project of the LFAI and Data Foundation, to enable conversational assistants to interact with each other. Beaconforge.org is based on a standardized set of novel agentic inter-assistant messages that utilize NLP (Natural Language Processing) Universal APIs.

We will also explore how Agentic AI frameworks like Beaconforge.org can help mitigate hallucination effects in generative AI agents. This will be demonstrated through an empirical experiment involving hundreds of diverse prompts, a chain of multiple agents, and four novel KPIs used to evaluate hallucination score mitigation.

More information about the project can be found in the following papers:
Diego Gosmar et al., 2025. Hallucination Mitigation using Agentic AI Natural Language-Based Frameworks, https://arxiv.org/abs/2501.13946

Diego Gosmar et al., 2024. Conversational AI Multi-Agent Interoperability, Universal Open APIs for Agentic Natural Language Multimodal Communications, https://arxiv.org/abs/2407.19438

Speakers

Diego Gosmar

Principal AI Advisor, Voiceinteroperability.ai, LF AI and Data

Diego Gosmar serves as Chief AI Officer specializing in Artificial Intelligence, with particular focus on Generative Conversational AI, Natural Language Processing (NLP), AI Agent interoperability, Sustainable and Ethical Conversational AI.Diego is member of the Open Voice Interoperability... Read More →

DG BForge OSS 2025 Official pdf

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2C

Open AI + Data

Audience Experience Level Intermediate

2:25pm MDT

Panel Discussion: Driving Automotive Transformation With Open Source - Philipp Ahmann, Etas GmbH (BOSCH); Kate Stewart, The Linux Foundaiton; Masato Endo, Toyota Motor Corporation; Wolfgang Gehring, Mercedes Benz Tech Innovation

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 3C

Open source software has long been utilized in automotive systems, yet the industry is experiencing a renewed focus on its strategic utilization also sparked by the so called Software Defined Vehicle. The establishment of OSPOs across numerous OEMs and Tier suppliers further signals this shift.

This panel digs into the motivations and implications of this trend. The panelist will explore the historical context of OSS in automotive, contrasting it with the current OSPO-driven approach. Key discussion points include the rationale for OSPO creation, the specific challenges they tackle – particularly in light of global sanctions, increasing connectivity demands, and the imperative for cyber resilience – and the anticipated impact on the automotive software landscape with regulated safety-critical Software Defined Vehicle systems.

Speakers

Philipp Ahmann

Automotive OSS Process Lead, Etas GmbH (BOSCH)

Philipp Ahmann is a Senior OSS Community Manager at ETAS (a Bosch subsidiary), specializing in safety-critical automotive open source software. With 15+ years' experience in Linux automotive platforms, he has held roles from software engineer to project & line manager.

Kate Stewart

VP Dependable Embedded Systems, The Linux Foundation

Kate Stewart works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. Since joining The Linux Foundation, she has launched the ELISA and Zephyr Projects, as well as supporting other embedded projects... Read More →

Masato Endo

Project General Manager/ Manager of TOYOTA OSPO, Toyota Motor Corporation

Masato Endo is a Project General Manager of Value Chain Innovation Project in TOYOTA. He focuses also on promoting Open Source Innovation and he set up TOYOTA OSPO in 2024. Furthermore, he plays the following roles in Open Source Communities.

Wolfgang Gehring

OSPO Lead / FOSS Ambassador, Mercedes Benz Tech Innovation

Dr. Wolfgang Gehring is an Ambassador for Open and Inner Source and has been working on enabling and spreading the idea within Mercedes-Benz. A software engineer by trade, Wolfgang’s goal is to help enable Mercedes-Benz to fully embrace FOSS and become a true Open Source company... Read More →

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Intermediate

2:25pm MDT

Load Testing Is Complicated: A Case Study of NJ Unemployment Insurance - Rob Bayliss, Mighty Acorn Digital

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 3F

In this session we will perform a case study of load testing for a US State’s Unemployment Insurance Modernization initiative. We will talk about the unique requirements and constraints of the project, such as the looming specter of the COVID-19 Unemployment boom. We’ll also review how the testing was done and why we ultimately decided on using browser-based tools such as Artillery with Playwright to build a testing system that could deliver and measure massive amounts of realistic traffic in a way that is quick (30 minutes) and easy to run. Attendees will walk away with an understanding of how one might approach load testing for a system like this, and why using browser based testing might or might not be a good idea.

Speakers

Rob Bayliss

Director, Mighty Acorn Digital

Rob Bayliss is passionate about automation, and has been building fast, reliable systems for state governments since 2017. He is passionate about performance, and once led an initiative to reduce the response times of Mass.gov by 50%, preventing downtime during the pandemic. In 2023... Read More →

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 3F

OpenGovCon

Audience Experience Level Intermediate

2:25pm MDT

FUOTA Using LORAWAN and Zephyr : DFU in the 'Real' World - Sidd Gupta, Demar Inc. (DBA Zylum)

Monday June 23, 2025 2:25pm - 3:05pm MDT

Bluebird Ballroom 2B

The FUOTA (Firmware Update Over-The-Air) specification(s) from LoRa Alliance make up the framework that underpins the critical task of firmware updates of end points (typically battery operated sensors and actuators) that communicate using the LoRaWAN protocol.

The fundamental limitation of the FUOTA specification, as it exists today, is that it does not expect Firmware Artifacts to exceed a few hundred KB in size. With the increasing adoption of the Zephyr RTOS, along with more sophisticated capabilities being added to the end device, artifact sizes have quickly grown to 500 kB (and beyond). This limitation quickly starts to have a real impact, especially as the cost of doing so called 'drive by' updates (using BLE or other higher throughput transports) can get prohibitive.

We present a novel solution to this problem, leveraging the existing and well supported Device Firmware Update (DFU) specification.

In our solution, the LORAWAN protocol becomes another type of SMP transport (along with the already supported Shell, Bluetooth and UDP). We have extended the open source smpclient library from intercreate, as well as the open source LBM stack from Semtech to achieve this.

Speakers

Sidd Gupta

Principal, Demar Inc. (DBA Zylum)

I'm a proud software engineering craftsman, with around 30 years of experience, mostly coding, with a few detours into management and startup entrepreneurship. I run Zylum with my collaborator Guinnes Singh - we're your Zero to One (and beyond) guys. I am currently interested in the... Read More →

Monday June 23, 2025 2:25pm - 3:05pm MDT
Bluebird Ballroom 2B

Zephyr

Audience Experience Level Intermediate

2:45pm MDT

Lock the Chef in the Kitchen: Enabling Accurate SBOMs Via Hermetic Builds - Adam Cmiel, Red Hat

Monday June 23, 2025 2:45pm - 3:05pm MDT

Bluebird Ballroom 3B

Imagine your source repository is a kitchen, and the CI task that builds your software is a chef cooking soup. Most attempts to obtain the list of ingredients for the soup will fall into one of two categories.

"Source SBOM" tools gather the list of ingredients by scanning the entire kitchen. There are some recipes and ingredients in the kitchen, but are all of them relevant? Are they correct and complete? What if the chef looks up the recipe online and then orders the missing ingredients?

"Analyzed SBOM" tools try to derive the list of ingredients from the finished soup. This is hard to do well, impossible when the ingredients dissolve completely. And the tool has no chance of knowing where the ingredients came from.

How about we do this: Select the right recipe(s) for the soup. Buy all the ingredients ourselves. Leave them in the kitchen and lock the chef in there until the meal is done. We now have a complete list of ingredients (or a failed soup), and we know where we got them.

Meet Hermeto, a tool that enables your CI pipeline to lock the chef in the kitchen!

Speakers

Adam Cmiel

Senior Software Engineer, Red Hat

I'm a software engineer at Red Hat. I work on Konflux, an open-source CI/CD system focused on supply chain security (that we also use internally at Red Hat to build and release products). I focus on enabling builds to be as secure as possible.

Monday June 23, 2025 2:45pm - 3:05pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

3:35pm MDT

Reducing the Risk of Source Tampering With SLSA - Tom Hennen, Google

Monday June 23, 2025 3:35pm - 3:55pm MDT

Bluebird Ballroom 3B

In 2023 Supply-chain Levels for Software Artifacts (SLSA) was released. It provided a framework for protecting software from tampering within the CI/CD workflow from source to publication. Now it’s nearing completion of the SLSA Source Track which brings a similar level of assurance to the management of source code.

The Source Track addresses the threat of tampering with source code within the repository and allows malicious changes to source to be attributed to the actors that introduced those changes. In addition, it provides a framework for recording additional results about source revisions such as if a code review was performed or if the source was analyzed by SAST tools.

We’ll cover how this track can prevent attacks like the 2021 attack against PHP where malicious commits were added to the PHP repository and how it can be used to ensure additional controls (like code review) are implemented to protect against attacks like the recent one against xz. Finally we'll discuss how the source track can be implemented in existing source control systems by examining a proof-of-concept that enables Source Level 3 without specialized support from the source control platform.

Speakers

Tom Hennen

Senior Staff Software Engineer, Google

Tom is a Senior Staff Software Engineer at Google where he’s a UTL on the Software Supply Chain Integrity program. He’s responsible for securing the internal software supply chain, while limiting toil. His focus is ensuring interoperability, extensibility, and adoption of Google’s... Read More →

Monday June 23, 2025 3:35pm - 3:55pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

3:35pm MDT

A Brief History of Kubernetes Fleet Controllers & Essential Features - Mickael Alliel, Komodor

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2G

Managing a few Kubernetes clusters may be feasible, but scaling up to hundreds or thousands introduces unique challenges. At a 100:1 cluster to engineer ratio, standardization, observability, security, and access control become pressing issues. This is when DevOps must shift from "infrastructure engineers" to "platform engineering," where infrastructure needs are fully automated and self-service.

As K8s adoption grows in large organizations, demand for "massive multi-cluster fleet management" support has intensified. This talk examines essential features for Kubernetes fleet controllers, offering a fast-paced review of five open-source tools: Clusternet, Karmada, Crossplane, ClusterAPI, and Rancher. Each tool's unique strengths in provisioning, management, and application support will be covered, showing how each addresses multi-cluster management challenges.

This approach will provide a replicable framework to evaluate & choose the right tools based on specific organizational needs.

Speakers

Mickael Alliel

Backend Tech Lead, Komodor

Mickael is a self-taught developer turned DevOps, passionate about automation, innovation, and creative problem-solving. Mickael enjoys challenging himself and experimenting with new technologies and methodologies. Currently, he is working on developing the next-gen K8s troubleshooting... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate

3:35pm MDT

Extending Power Over Ethernet to the LTC4266 - Kyle Swenson, Ericsson Software Techology

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2A

Leveraging the recently added Power over Ethernet (PoE) Power Supply Equipment (PSE) support, this talk will go over the current status and the experience implementing support for the LTC4266, the last major PSE chipset on the market. We'll go over the basics of Power over Ethernet, the existing upstream support and in-kernel framework, the user-space interface for controlling PSE, and then dive into the LTC4266 driver specifics.

Speakers

Kyle Swenson

Prinicpal Engineer, Ericsson Software Techology

Kyle maintains the open-source components in the embedded Linux distributions that run on Ericsson's Enterprise Wireless Solution routers, primarily working with the Linux kernel.

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Intermediate

3:35pm MDT

The MODERN Modern Data Stack: Building an Open Distributed Data Warehouse Beyond Data Lakes - David Aronchick, Expanso

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3E

Organizations face a critical challenge: data is growing exponentially across distributed locations, but traditional centralized processing approaches are becoming unsustainable. With the majority of enterprise data going unused, companies struggle with massive transfer costs, compliance issues, and network reliability problems when moving data to centralized infrastructure.

This talk introduces a paradigm shift: bringing compute to where data lives. Using the open-source Bacalhau project, we'll demonstrate how to:

- Deploy distributed processing jobs across clouds, edge devices, and on-premises infrastructure
- Reduce data movement costs while maintaining centralized control
- Ensure compliance by processing sensitive data in place
- Enable real-time analytics at the edge

Through real-world examples, including an energy company managing 15,000 microgrids and cities processing camera feeds, attendees will learn practical patterns for modernizing their data infrastructure. We'll explore architectural patterns, security considerations, and best practices for implementing compute-over-data architectures.

Speakers

David Aronchick

CEO, Expanso

David Aronchick is CEO of Expanso, the distributed computing company built on Bacalhau ([https://bacalhau.org](https://bacalhau.org/)). Previously, he led Compute over Data at Protocol Labs, Open Source Machine Learning Strategy at Azure, was a product management for Kubernetes... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3E

Open AI + Data

Audience Experience Level Intermediate

3:35pm MDT

What’s New in Valkey - Madelyn Olson, Amazon & Ping Xie, Google

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 2C

Valkey is the leading open-source database for building high performance applications that are compatible with the Redis API. It natively integrates with many popular frameworks and is commonly used for a wide range of applications such as caching, session storage, streaming, and more. In this talk, hear from members of the Valkey technical steering committee discuss some of the exciting new functionality that has been released including the new bloom filter data type, vector similarity search, and a new hash table implementation that reduces memory overhead and improves performance. We'll talk about how these functionalities enable next generation use cases and what's coming in upcoming releases.

Speakers

Madelyn Olson

Software Engineer, Amazon

I work primarily on the open source Redis project and evangelize the importance of open source software development.

Ping Xie

Senior Staff Software Engineer, Google

Ping Xie is a maintainer of Valkey and a Senior Staff Software Engineer at Google, working on GCP Memorystore. As an active contributor to Valkey, Ping focuses on core development, community engagement, and ensuring Valkey remains a reliable and adaptable solution for a wide range... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 2C

Open AI + Data

Audience Experience Level Intermediate

3:35pm MDT

Panel Discussion: The Impact of Funding for Sustainable Open Source Projects - Georg Link, Bitergia; Andrew Nesbitt, Ecosyste.ms; Dawn Foster, CHAOSS

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3C

Open source software has become ubiquitous and can be found in almost every codebase, but sustaining those open source projects and communities over the long-term can be a challenge. Much of the critical infrastructure that we all rely on is made up of open source projects that lack the resources to be properly maintained over the long term. Companies, public institutions, and philanthropic organizations are beginning to fill this gap, but measuring the impact of this funding is an ongoing challenge. Funders need to be able to understand the impacts to justify future rounds of funding as well as to optimize funding approaches whilst mitigating ineffective or even harmful approaches.

In this panel, we’ll talk about what we’ve learned from public funding programs in Europe and corporate FOSS funds along with measuring the impact of those funding initiatives. We’ll discuss the challenges that funders have to understand how their funding can have positive or negative impacts on open source projects with different characteristics. The audience will gain an appreciation for funding initiatives for open source projects and how to understand and maximize the impact of those initiatives.

Speakers

Andrew Nesbitt

Software Engineer, Ecosyste.ms

Georg Link

Open Source Strategist and Director of Sales, Bitergia

Georg’s mission is to make open source more professional by using community metrics and analytics. Georg cofounded the CHAOSS Project to advance analytics and metrics for open source project health. Georg is an active contributor to several projects and has often presented on open... Read More →

Dawn Foster

Director of Data Science, CHAOSS

Dr. Dawn Foster works as the Director of Data Science for CHAOSS where she is also a board member / maintainer. She is co-chair of CNCF TAG Contributor Strategy and an OpenUK board member. She has 20+ years of experience at companies like VMware and Intel with expertise in community... Read More →

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Intermediate

3:35pm MDT

Open Source as a Business Imperative: Leveraging PEST Analysis for Strategic Alignment - Kazumi Sato & Masayuki Kuwata, Sony Group Corporation

Monday June 23, 2025 3:35pm - 4:15pm MDT

Bluebird Ballroom 3G

Open source has become a critical component of modern business strategy, yet its importance has often been overlooked in traditional strategic discussions. This presentation demonstrates how PEST analysis can be used to clarify its strategic value.

We validated Sony's history with open source initiatives in electronics, gaming, and film production, this analysis shows how these efforts aligned with favorable external factors. This provides insights into how open source drives innovation and talent acquisition.

Looking forward, this presentation explores how companies can strategically align their open source initiatives with current political, economic, social, and technological trends. This includes understanding the impact of emerging regulations, generative AI, and the evolution of distributed collaboration.

Participants gain valuable insights into the strategic importance of open source and learn how to effectively advocate for open source initiatives within their organizations. This presentation offers practical tips for engaging both management and engineers in open source activities, ensuring that open source becomes a key driver of business success.

Speakers

Kazumi SATO

Chief Software Engineer, Chief Open Source Steragist, Distinguished Engineer, Sony Group Corporation

Kazumi SATO is a Distinguished Engineer in Sony.

Masayuki Kuwata

Senior Manager, Sony Group Corporation

Masayuki Kuwata is the OSPO leader of Sony Group Corporation since April 2022.

Monday June 23, 2025 3:35pm - 4:15pm MDT
Bluebird Ballroom 3G

OSPOCon

Audience Experience Level Intermediate

3:55pm MDT

Securing OIDC Federation in CI/CD Workflows - Billy Lynch, Chainguard

Monday June 23, 2025 3:55pm - 4:15pm MDT

Bluebird Ballroom 3B

OIDC and workload identity are fantastic ways to improve the security of CI/CD workflows. They offer a mechanism to get rid of traditional long lived keys and access tokens, with many APIs offering ways to use these tokens across environments.

However, the security of identity federation is only as strong as the policies that back them. If used incorrectly, it can be exploited to gain access to sensitive resources and potentially compromise your supply chain to use your own CI/CD platform against you.

In this talk we'll do a deep dive on OIDC and identity federation. We'll look at some of the common risks that come while using it, and strategies to help secure your environment and define strong security policies.

Speakers

Billy Lynch

Staff Software Engineer, Chainguard

Billy is a staff software engineer at Chainguard, working on developer tools and securing software supply chains for everyone! He is a contributor and maintainer to the Sigstore, Tekton, and gittuf projects, and is the creator of gitsign. Prior to working at Chainguard, Billy worked... Read More →

Monday June 23, 2025 3:55pm - 4:15pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

4:30pm MDT

How We Progressively Deliver Changes To Kubernetes Using Canary Deployments and Feature Flags - Bob Walker, Octopus Deploy

Monday June 23, 2025 4:30pm - 4:50pm MDT

Bluebird Ballroom 3B

This is the case study of how we changed how we ship software.

With thousands of customers, each in their own Kubernetes container, deploying updates was tough. Off-hours schedules meant it took over 24 hours to push a new version. If something broke, we had to scramble. Canary deployments let us update small groups of customers at a time. We built a tool to stop rollouts fast when issues appeared, limiting the damage.

In the past, new features went to everyone at once. Rolling back wasn't an option. If something failed it'd leave customers stuck in the mess. Now, using OpenFeature, we hide new functionality behind feature flags. We release features to small groups, gather feedback, and test internally for weeks. If things go wrong, we flip the flag off and move on.

This two-pronged approach lets us avoid risky big-bang releases. We went from deploying every 10 days to every 4, with fewer than 1% high-severity defects. Most of these are resolved before customers notice them.

Speakers

Bob Walker

Field CTO, Octopus Deploy

Bob Walker is a Field CTO Octopus Deploy. Bob started as a developer in the early days of .NET when web forms were the hottest new thing, and manual deployments were the norm. After one too many five-hour 2 AM Saturday deployments, he searched for any automation to stop that pain... Read More →

Monday June 23, 2025 4:30pm - 4:50pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

4:30pm MDT

Harnessing Observability for 5G Performance: eBPF and OpenTelemetry Innovations - Fatih E. Nar & Jamie Parker, Red Hat

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2G

This session explores the integration of eBPF and OpenTelemetry (OTel) for achieving unparalleled observability and performance in 5G networks. By leveraging the K8s Operator framework, we demonstrate the Kubernetes-native deployment of advanced observability tools, including the bpfman stack for managing eBPF programs and the OpenTelemetry Operator for scalable telemetry pipelines. Participants will gain actionable insights into optimizing 5G Cloud Native Network Functions (CNFs) through precise observability, robust performance metrics, and real-time diagnostics, while ensuring security and multi-tenancy.

Speakers

Fatih E. Nar

Distinguished Architect, Red Hat

Fatih E. NAR brings extensive experience and influence to Linux, OpenStack, and Kubernetes ecosystems. His contributions drive progressive development and foster a robust TME community. With a background at Google, Verizon Wireless, Canonical Ubuntu, and Ericsson, Fatih's diverse... Read More →

Jamie Parker

Principal Product Manager, Red Hat

Jamie Parker is a Product Manager at Red Hat who specializes in Observability, particularly in the Logging and OpenStack areas. At Red Hat, Jamie works with organizations and customers to learn about their needs within the ever changing Observability landscape, and based on their... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate

4:30pm MDT

Intuit Journey To Unified Observability at Scale: Challenges, Benefits and Lessons Learned - Kalyan Kolachala & Ashwini Dulam, Intuit

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2F

At Intuit we have ~320 Kubernetes clusters running with ~8000 services and ~40 addons in a cluster which generate ~2 billion active time series metrics, 10 million Trace spans/sec and ~ 1.2PB of log data ingested (peak) in a single day. This talk focuses on Intuit’s journey from standalone, siloed, proprietary solutions for logs, metrics and traces to a unified observability solution. This is made possible with a data management architecture that enables seamless navigation and correlation between different observability pillars, usage of AI/ML techniques to quickly detect and isolate problems, UX that brings all the elements of data discovery with an interactive experience and high level features like golden signals, RUM (real user monitoring) and FCI (failed customer interactions). All of this leading to significantly lower MTTD and MTTI. We also discuss the challenges, choices, trade offs, benefits and lessons learned during this journey.

Speakers

Kalyan Kolachala

India SIte head for developer platform, Intuit

Kalyan is a senior engineering leader with experience in delivering world class, enterprise products and platforms involving AI/ML, genAI, SaaS, Kubernetes, Cloud, big data and observability. At the current job at Intuit and previously at Hitachi Vantara, he has been responsible for... Read More →

Ashwini Dulam

Principal Engineer, Intuit

Ashwini is a Principal Software Engineer for the Intuit Observability and Analytics team in Bangalore, India. One of Ashwini’s current day-to-day focus areas is on the various challenges in building scalable, data and AIOps solutions for solving problems in the observability domain... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2F

Cloud + Containers

Audience Experience Level Intermediate

4:30pm MDT

A Deep Dive Into eBPF Program Loader - Cong Wang, Independent

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2E

As eBPF continues to revolutionize Linux observability and networking, the complexity of its program loading mechanism has evolved significantly.

This technical deep dive unravels the sophisticated machinery behind eBPF program loading, exploring the intricate interplay between userspace loader and Linux kernel verifier. We'll dissect the eBPF program relocation mechanisms, examine the role of BTF (BPF Type Format) in enabling strong typing and verification capabilities, and analyze the complex choreography of bpf() syscalls that bridge userspace and kernel operations. Finally, we will also discuss the security implications and program signing challenges in the loading pipeline.

Speakers

Cong Wang

Linux Kernel Engineer, Self Employed

Cong Wang is a professional Linux kernel developer mainly focuses on networking and eBPF, he is also a Linux kernel maintainer for the networking traffic control subsystem. He has contributed over 1000 patches to Linux kernel.

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2E

Linux

Audience Experience Level Intermediate

4:30pm MDT

Generative AI Model Data Pre-Training on Kubernetes: A Use Case Study - Anish Asthana, Red Hat & Mohammad Nassar, IBM

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 2C

Large Language Models (LLM) require preprocessing vast amounts of data, a process that can span days due to its complexity and scale, often involving PetaBytes of data. This talk demonstrates how Kubeflow Pipelines (KFP) simplify LLM data processing with flexibility, repeatability, and scalability. These pipelines are being used daily at IBM Research to build indemnified LLMs tailored for enterprise applications.

Different data preparation toolkits are built on Kubernetes, Rust, Slurm, or Spark. How would you choose one for your own LLM experiments or enterprise use cases and why should you consider Kubernetes and KFP?

This talk describes how open source Data Prep Toolkit leverages KFP and KubeRay for scalable pipeline orchestration, e.g. deduplication, content classification, and tokenization.

We share challenges, lessons, and insights from our experience with KFP, highlighting its applicability for diverse LLM tasks, such as data preprocessing, RAG retrieval, and model fine-tuning.

Speakers

Mohammad Nassar

Research Engineer, IBM

Mohammad Nassar, a Cloud Research Engineer at IBM Haifa, specializes in AI-driven data engineering, automation, and hybrid cloud technologies. With an M.Sc. in Computer Science from Technion, his research focused on coding theory and data systems. His work spans AI-powered data preparation... Read More →

Anish Asthana

Engineering Manager, Red Hat

Anish is an engineering manager at Red Hat in the OpenShift AI organization. He is working on making machine learning easier for the wider community by building a platform out with cloud capabilities at the core. Most recently, his interests have been focused on the Distributed Workloads... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 2C

Open AI + Data

Audience Experience Level Intermediate

4:30pm MDT

Universal AI: Execute Your Models Where Your Data (And Users) Are - David Aronchick, Expanso

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3E

Data is exploding across distributed locations, but centralized processing is increasingly unsustainable. This talk explores "compute over data" architectures that bring ML to your data, unlocking new possibilities through real-world examples.

Speakers

David Aronchick

CEO, Expanso

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3E

Open AI + Data

Audience Experience Level Intermediate

4:30pm MDT

What Do Legislations Have To Do With Tackling Maintainer Burnout? - Ildiko Vancsa, Open Infrastructure Foundation

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3C

Anyone who’s participated in an open source project before likely saw or experienced the challenge of having more requests coming in than people to attend to them, leading to frustrated, tired and burned out people. The latest regulatory efforts around the globe (the forming Securing OSS Act, CRA, and more), as different governments have come to the realization that their digital infrastructure undeniably depends on OSS, will put an increased pressure on the open source ecosystem. But, it doesn’t have to be like this! So, where do we go from here?

In this presentation, Ildiko will focus on two big areas: maintainer burnout and shortage and governments’ approach to open source around the globe, including legislations and regulations. With an overview of the current state of affairs, she will transition into highlighting the roles and responsibilities of the different players in the landscape, including open source foundations, communities, companies and governments, and next steps to take.

Speakers

Ildiko Vancsa

Director of Community, Open Infrastructure Foundation

As Director of Community at the OpenInfra Foundation, Ildikó is the Community Manager for the StarlingX and the Kata Containers projects, and a co-leader of the OpenInfra Edge Computing Group. Ildikó has been contributing to projects like OpenStack, Anuket and State of the Edge... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Intermediate

4:30pm MDT

Enhancing SBOM Generation: Filling the Gaps To Make Actionable SBOMs - Ian Dunbar-Hall, Lockheed Martin & Gary O'Neall, Source Auditor Inc.

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3F

Most developers generating SBOMs use a tool like Syft or Trivy and yell “SHIP IT!” While this might generate an NTIA Minimum Field adherent SBOM, it often lacks information that truly makes it actionable for downstream users.

This talk covers the work of a CISA SBOM Community Tiger Team who created SBOM Generation Reference Implementations for multiple languages and scenarios. We will discuss the distinct phases of SBOM generation and highlighting how each step contributes to a more robust and actionable SBOM. By expanding the SBOM authoring process, organizations can better integrate multiple data sources, enhance metadata accuracy, and customize their workflows to align with evolving security frameworks. This approach enables tool interchangeability while maintaining data integrity and transparency.

Additionally, we will explore implementations, including the integration of SBOM generation into CI/CD pipelines using GitHub and GitLab, supporting multiple programming languages, and ensuring interoperability with both CycloneDX and SPDX formats. We will also discuss ecosystem challenges such as supplier identification, license consistency, and benchmarking completeness.

Speakers

Ian Dunbar-Hall

Open Source Program Office, Lockheed Martin

Ian is a holds the position of Chief Engineer for Lockheed Martin Software Factory and specializes in DevSecOps and full stack engineering. Additionally he is a maintainer on SBOMit and an OpenSSF Governing Board General Member Representative.

Gary O'Neall

Founder and Principal Consultant, Source Auditor Inc.

Gary is a contributor to the Software Package Data Exchange® (SPDX™) - an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. Gary has contributed several open source tools.Gary O’Neall is... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3F

OpenGovCon

Audience Experience Level Intermediate

4:30pm MDT

Docs That Scale: Strategies for Sustainable Documentation in Open Source Projects. - Zainab Daodu, WriteTech Hub

Monday June 23, 2025 4:30pm - 5:10pm MDT

Bluebird Ballroom 3D

When documentation becomes outdated, projects lose contributors, support burdens increase, and adoption slows. Yet, many open-source projects struggle with maintaining accurate docs as the codebase evolves.

This session presents five proven strategies to turn documentation from a pain point into a sustainable asset:

Integrate Docs into Development: Treat docs like code, updating them alongside new features through PR workflows and docs-driven development.

Establish Governance: Assign documentation ownership with roles like a rotating "Docs Steward" and regular audits to maintain quality.

Master Versioning: Align docs with software releases, automating updates for deprecated features or breaking changes

Leverage Automation: Use tools to validate content, detect outdated material, and auto-generate sections like API docs

Build a Documentation Culture: Create a contributor-friendly environment with templates, recognition, and clear entry points for first-time contributors

Instead of theory, you'll get adaptable frameworks and real-world examples that work across any tech stack. Leave with actionable workflows that make documentation maintenance less painful and more impactful.

Speakers

Zainab Daodu

Senior Technical Writer, WriteTech Hub

Zainab Daodu is a Senior Technical Writer with a background in software engineering and DevOps, specializing in turning complex tech into clear, impactful documentation. She has worked with Google, Cisco, Tealium, Jenkins, and Wikimedia Foundation, enhancing developer experiences... Read More →

Monday June 23, 2025 4:30pm - 5:10pm MDT
Bluebird Ballroom 3D

Technical Documentation

Audience Experience Level Intermediate

6:00pm MDT

Lightning Talk: From Fork To Foundation: The OpenSearch Journey To the Linux Foundation - Dotan Horovits, AWS

Monday June 23, 2025 6:00pm - 6:10pm MDT

Bluebird Ballroom 3C

Building and managing a successful open source project is no small feat, especially when it begins as a fork born out of the need to preserve openness. OpenSearch started as a response to the relicensing of Elasticsearch and Kibana, and over the years, it has grown into a vibrant, community-driven ecosystem. This year’s milestone of joining The Linux Foundation highlights the project’s commitment to open governance, collaboration, and long-term sustainability.

In this session, we’ll share the lessons learned from OpenSearch’s journey, exploring the strategies behind building a healthy, scalable, and inclusive open source community. From establishing clear governance models to fostering innovation with features like vector search and AI-powered capabilities, we’ll provide actionable insights for maintaining momentum and trust in open source projects.

Whether you’re starting a new open source initiative or managing an existing one, this talk offers a practical guide to navigating challenges, ensuring community alignment, and achieving long-term impact—just as OpenSearch has done.

Speakers

Dotan Horovits

Sr. Developer Advocate, OpenSearch

Horovits is an international speaker and thought leader, as well as a CNCF Ambassador, and host of the popular OpenObservability Talks podcast.

Monday June 23, 2025 6:00pm - 6:10pm MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Intermediate

9:50am MDT

Regression Testing Boot-time Performance in the Linux Kernel - Tim Bird, Sony

Tuesday June 24, 2025 9:50am - 10:30am MDT

Bluebird Ballroom 2B

There are numerous tools to measure boot-time performance of Linux. However, there is no standard regression test of boot performance for Linux. This is due to a number of factors, including disparities in system performance, different requirements for quickly-needed functionality, and differences in bootloader, kernel and user-space configuration. In this session Tim will present a boot-time regression test that utilizes a collection of reference value data files for different platforms, kernel versions and configurations. A meta-data matching system is used to select an appropriate reference data file. Boot time data (including initcall durations, and the durations of pre-selected boot operations) is compared with reference values, in order to report regressions in boot-time duration for specific elements of the boot sequence. The upstream status of this effort, along with the test and supporting tools, as well as issues found with this approach, will be discussed.

Speakers

Tim Bird

Principal Software Engineer, Sony Electronics

Tim Bird is a Principal Software Engineer for Sony Corporation, where he helps Sony use Linux and other open source software in their products. Tim is the organizer of the Linux Boot-Time Special Interest Group and is involved with various Linux Foundation projects (including being... Read More →

Tuesday June 24, 2025 9:50am - 10:30am MDT
Bluebird Ballroom 2B

Embedded Linux Conference

Audience Experience Level Intermediate

9:50am MDT

Skip the Wait: Maximizing SPI Throughput in the Linux Kernel With SPI Offloading - David Lechner, BayLibre

Tuesday June 24, 2025 9:50am - 10:30am MDT

Bluebird Ballroom 2A

SPI offloading is a new feature slated to land in the 6.15 kernel. Come learn what it is and what it can be used for.

“Offloading” is a generic term that refers to using additional hardware connected to a SPI controller to handle tasks traditionally done in software, like initiating a SPI transfer and handling an interrupt when the transfer is complete. Having these functions offloaded to hardware is useful for applications like high speed data acquisition (think 1 million samples per second for an ADC) or to meet latency requirements (think CAN bus controller).

In this session, we will cover the thought process that went into designing an interface that can handle these varied applications and the solution we arrived at. We will also take a side trip to discuss hardware triggers that can be used as part of the SPI offload functionality and how they could potentially become a standalone subsystem for generic hardware triggers. Then we will take a look at how we put it all together in a real ADC driver to get 2.5 million samples per second. Finally, we will cover other potential use cases for SPI offloading and how one could go about adding support for these.

Speakers

David Lechner

Sr. Software Engineer, BayLibre

David Lechner is an embedded software engineer at BayLibre. He has been working with embedded Linux systems since 2013 and is the kernel maintainer for LEGO MINDSTORMS EV3 among other things. He also has a background in electrical engineering and industrial automation.

Tuesday June 24, 2025 9:50am - 10:30am MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Intermediate

11:00am MDT

Bring the Power of Wireshark To Syscalls and Logs With Stratoshark - Gerald Combs, Sysdig, Wireshark Foundation

Tuesday June 24, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 2F

Stratoshark is a powerful system call and log analyzer built on Wireshark's ubiquitous exploration, drill-down, and analysis capabilities. It is enriched with data sources from the libraries of the open source detection engine Falco, the standard for cloud-native threat detection. Stratoshark enables deep analysis and troubleshooting across Linux servers, Kubernetes clusters, and any system that generates Linux system calls or real-time log events. But fear not, Stratoshark maintains Wireshark’s classic, intuitive interface.

In this talk, Gerald Combs, the creator of Wireshark and co-creator of Stratoshark, will provide an update on the project since its announcement in January and showcase a live demo of Stratoshark, including how it extends the familiar Wireshark user experience to system calls and AWS audit events. Learn how Stratoshark builds on a legacy of open source innovation to broaden and modernize Wireshark’s range of use cases into cloud-native computing.

Speakers

Gerald Combs

Director of Open Source Projects, Sysdig, Wireshark Foundation

Gerald has the great fortune of working with fantastic open source teams as part of Wireshark's leadership and at Sysdig.

Tuesday June 24, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2F

Cloud + Containers

Audience Experience Level Intermediate

11:00am MDT

Towards Confidential AI for the Masses! - Julian Stephen & Michael Le, IBM

Tuesday June 24, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 2G

Confidential AI leveraging GPUs can bring AI to the masses without sacrificing the privacy of end users. Individual open source technologies already exist to configure, deploy, and manage confidential TEEs. However, clobbering a multitude of components into a coherent, secure, and efficient solution is challenging with many pitfalls. For example, depending on use cases and involved parties (cloud/model/service owners), attestation and key management methodology can vary drastically. In addition, for TEEs with confidential GPUs, complexity extends to increased load times, affecting services that serve multiple models.

This talk will go through key components and design decisions needed to enable confidential AI. Specifically: i) implications of different trust models on the solution and (ii) performance tradeoff considerations. To concretize the discussion, we will present a detailed end-to-end 'how to', for deploying an inference service on Nvidia H100 GPUs and AMD-based TEE with a focus on protecting the model and the user input. The audience will be able to appreciate why there can be no one size fit all confidential AI solution and understand what design works for them.

Speakers

Julian James Stephen

Research Scientist, IBM

Julian Stephen is a research scientist in the security group at IBM T. J. Watson Research Center, NY. He is interested in building systems and models that solve real world problems without compromising security and privacy of data. He received his Ph.D. in Computer Science from... Read More →

Michael Le

Security Researcher, IBM

Michael is currently a research staff member at the IBM T. J. Watson Research Center. His general research interest is in systems security with a focus on containers, virtualization, operating systems, and confidential computing. He enjoys long hacks in the kernel.

Tuesday June 24, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate

11:00am MDT

Sensor Data Acquisition With Linux's IIO Subsystem and Libiio - Robin Getz, MathWorks

Tuesday June 24, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 2A

This presentation showcases optimizing sensor data acquisition for embedded systems using the Linux IIO subsystem and libiio, with a special focus on developing algorithms on the host to capture data from remote hardware. The IIO subsystem offers a versatile framework for interfacing with sensors like ADCs, DACs, and IMUs, streamlining the management of diverse data streams. With libiio, developers can capture data from remote devices efficiently, simplifying integration and allowing for sophisticated data processing in user-space applications. We explore the architecture of the IIO subsystem, highlighting its modular design that enhances scalability and adaptability in embedded settings. The paper also covers practical methods for configuring and optimizing IIO drivers to improve performance and reliability. Real-world examples with Raspberry Pi demonstrate how libiio supports the rapid prototyping and deployment of sensor applications, with an emphasis on developing algorithms on the host. Attendees will learn best practices for creating high-performance data acquisition systems that ensure seamless integration and efficient resource use across distributed systems.

Speakers

Robin Getz

Senior Engineering Manager, MathWorks

Director of System Engineering with 20+ years in embedded systems. Skilled in management, product development, and systems architecture. Passionate about sensors, data acquisition, and SOC designs. I focus on innovation, and delivering quality user experiences.

Tuesday June 24, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Intermediate

11:00am MDT

Three Decades in Kernelland - Jonathan Corbet, LWN.net

Tuesday June 24, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 2D

The Linux kernel project has been going for well over 30 years. From its beginnings on floppy diskettes and beige boxes through to its current home in pockets and unseen data centers, the kernel project has been a constant exercise in rapid development and adaptation. I have been present for almost all of the kernel project's history as an observer, contributor, maintainer, and more; all that experience will be boiled down into a fast-moving tour of how the kernel got to where it is, what makes it successful, and what may be coming next.

Speakers

Jonathan Corbet

Executive editor, LWN.net

Jonathan Corbet is the kernel documentation maintainer, co-founder of

Tuesday June 24, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2D

Linux

Audience Experience Level Intermediate

11:00am MDT

Open AI (Two Words): The Only Path Forward for AI - Matt White, Linux Foundation

Tuesday June 24, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 3E

The exponential growth in artificial intelligence capabilities has been fundamentally driven by open science and collaborative research. From the publication of the "Attention Is All You Need" paper that introduced the Transformer architecture to OpenAI's strategic release of GPT-2, openness has repeatedly catalyzed breakthrough innovations while enabling crucial public discourse around AI's implications.

This talk presents a compelling case for why open source development is not just beneficial but essential for the future of safe and equitable AI. We'll examine how the open-source ecosystem has democratized access to AI technology, enabled transparency and innovation, and fostered a global community of researchers working to ensure AI systems are robust and aligned with human values.

Through concrete examples, we'll demonstrate how open-source initiatives have already begun addressing critical challenges in AI development. The Model Openness Framework has established clear standards for transparency, while the pioneering OpenMDW license has created a legal framework for responsible sharing of AI artifacts.

Speakers

Matt White

Executive Director, PyTorch Foundation. GM of AI., Linux Foundation

Matt White is the Executive Director of the PyTorch Foundation and GM of AI at the Linux Foundation. He is also the Director of the Generative AI Commons. Matt has nearly 30 years of experience in applied research and standards in AI and data in telecom, media and gaming industries... Read More →

Tuesday June 24, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 3E

Open AI + Data

Audience Experience Level Intermediate

11:00am MDT

Building InnerSource Community: What Goes Behind the Scenes? - Shanmugapriya Manoharan, IKEA (Ingka Group)

Tuesday June 24, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 3C

InnerSource involves much more than just opening up the codebase for reuse & contribution. So much nuanced, time sensitive work is done by maintainers behind the scenes to nurture a community around an InnerSource project - answering queries from the community in a timely manner, finding & promoting project to right customers (potential contributors), maintaining regular communication & creating a safe space for community to provide feedback, to name a few. These activities require commitment by the maintainers. It may come naturally for those who are familiar with inclusive, open source ways of working. For teams new to InnerSource and/or not familiar with open source development models, there is a need for a mindset shift to open development models. What can prevent teams within the company from reusing and contributing to an InnerSource project? Will inclusivity matter while building an internal community? What factors in an InnerSource project affect this inclusiveness? Is there a difference in community building strategy between InnerSource and open source projects? In this talk, I will share my learnings on what works and what does not, while building internal communities.

Speakers

Shanmugapriya Manoharan

Open Source Engineering Advisor, IKEA IT AB

Shanmugapriya is an Open Source & InnerSource SME, working as Engineering Advisor at OSPO, IKEA IT AB. She has 15+ years of experience in driving initiatives and projects including Open Source and InnerSource projects, while working in organizations like HPE and Dell Technologies... Read More →

Tuesday June 24, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Intermediate

11:00am MDT

Edge AI and MLOPs Practices for Zephyr - Eoin Jordan, Edge Impulse / University of Galway

Tuesday June 24, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 2C

In this presentation, Eoin will introduce a practical approach to Edge MLOps for microcontroller-based systems using the Zephyr RTOS. Edge MLOps unifies DevOps, ML model development, and edge deployment practices to streamline the entire AI lifecycle at the device level—from data collection and processing to model training, deployment, and continuous monitoring.

Attendees will learn how to implement version control for data and models, design automated CI/CD pipelines that handle real-world sensor data, and manage over-the-air (OTA) firmware updates on constrained Zephyr-based devices. We will explore best practices to ensure data integrity, model governance, and security throughout the pipeline, including techniques to mitigate model drift and bias.

Through a demonstration of an end-to-end IoT architecture, participants will see how edge devices can continuously collect new data, trigger remote training in the cloud, and deploy updated ML models back to the field. The talk will also highlight how Git action-based workflows enable seamless version transitions for on-device inference, showing how TFLite Micro or other open-source models —can be integrated platform-agnostic.

Speakers

Eoin Jordan

Developer Relations / PhD Student, Edge Impulse / University of Galway

Eoin Jordan works for Edge Impulse as part of the Developer Relations team, boasting over 14 years of experience in Networking, Cloud, Edge, and IoT technologies. He is passionate about Edge Intelligence, actively pursuing a Ph.D. on the subject, and educating the community on this... Read More →

Tuesday June 24, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2C

Zephyr

Audience Experience Level Intermediate

11:20am MDT

CD Demands Continuous Testing: Why We Built a Testing Platform Layer on ECS Using Spinnaker - Jaime G. O'Byrne, JPMorgan Chase and Co

Tuesday June 24, 2025 11:20am - 11:40am MDT

Bluebird Ballroom 3B

Functional tests are not just an idealist luxury – at JPMorgan, they’re compulsory. Since designating Spinnaker as the strategic deployment tool for all public cloud deployments, users who were able to easily run tests using closures in our firm’s Jenkins offering were now finding themselves without a run-context. Where are your tests supposed to run when your deployment tool is now a distributed system?
From “bring your own environment” to “we will run all the firm’s tests on our infrastructure” - this talk will walk through some of the challenges, design decisions, tradeoffs, and general wrangling of complexity that comes from operating a distributed system like Spinnaker, in a highly regulated environment to support continuous testing on the cloud.

Speakers

Jaime OByrne

Senior Associate Software Engineer, JPMorgan Chase and Co

Salvadoran immigrant, Husband, Father of two. Early-Mid career Software Engineer and enthusiast of all things CD and automation.

Tuesday June 24, 2025 11:20am - 11:40am MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

11:55am MDT

Security, Privacy & Authenticity on the Web - Daniel Appelquist, Samsung

Tuesday June 24, 2025 11:55am - 12:15pm MDT

Bluebird Ballroom 3D

In an era of growing concerns over misinformation, surveillance, and data breaches, building a more secure, private, and authentic web has never been more critical.

In this talk, I'll explore the current state of web security, privacy, and authenticity, focusing on key efforts shaping the future of the open web. You'll hear about the latest work in W3C, including advancements in privacy principles, ethical web guidelines, web developer security guidelines, all aimed at creating a more secure, trustworthy, and user-centric web. You'll also learn about how emerging standards like Content Credentials (C2PA) may revolutionise the way we verify the authenticity of digital content, helping to combat misinformation and ensure transparency in the information we consume online.

Speakers

Daniel Appelquist

Open Source Strategist, Samsung

Dan Appelquist is Open Source Strategist at Samsung Open Source Group. He is a web & mobile industry veteran and long-time participant and leader in open source and open standards. He has been co-chair of the W3C Technical Architecture Group for the last ten years. He also is a member... Read More →

Tuesday June 24, 2025 11:55am - 12:15pm MDT
Bluebird Ballroom 3D

Standards + Specifications

Audience Experience Level Intermediate

11:55am MDT

Cross-cloud App Splitting With WebAssembly Components - Matt Butcher, Fermyon

Tuesday June 24, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 2G

Take one single application compiled to WebAssembly and split it into pieces at deployment time. Run these pieces in different Kubernetes deployments, different clouds, or even split across edge and cloud.

This code-forward talk will show how to write an application using Wasm components and a combination of Rust and TypeScript. We'll show how to use the CNCF project Spin for developing apps, and then use Kubernetes, Helm, SpinKube, and other open source tools to deploy this application in multiple locations.

Conceptually, we'll tie this new development pattern to microservice architecture and distributed systems to show how WebAssembly's Component Model is paving the way for a new class of application.

Speakers

Matt Butcher

CEO, Fermyon

Matt Butcher (CEO) is a founder of Fermyon. He is one of the original creators of Helm, Brigade, CNAB, OAM, Glide, and Krustlet. He has written or co-written many books, including "Learning Helm" and "Go in Practice." He is a co-creator of the "Illustrated Children’s Guide to Kubernetes... Read More →

Tuesday June 24, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate

11:55am MDT

Mock Me If You Can: Using Mocks in Container Applications for Integration Testing - John Coyne, Discover

Tuesday June 24, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 2F

Automated testing needs to offer fast, reliable feedback so that defects can be quickly identified and resolved. In this session, I'll talk about how to use the open-source service virtualization framework, Wiremock, as a sidecar container to mock out the dependent services of an application running in a container platform. This can be used in Narrow Integration testing of an application as part of a CI/CD pipeline to ensure maximum code coverage along with stability of the test suite.

I'll walk attendees through a demo of practical use and share some best practices I've learned when setting up a Wiremock container for testing. Attendees will leave with a better understanding of Wiremock and tips for how to use it in their own testing scenarios.

Speakers

John Coyne

Distinguished Engineer of Application Engineering, Discover

John is a Distinguished Engineer of Application Engineering at Discover with over 20 years of experience building Java applications. His current interests include Observability, CI/CD automation, Kubernetes, and good API design. Outside of work, John enjoys spending time with his... Read More →

Tuesday June 24, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2F

Cloud + Containers

Audience Experience Level Intermediate

11:55am MDT

Early Ethernet With Linux - Keerthy Jagadeesh, Texas Instruments

Tuesday June 24, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 2B

The automotive world is rapidly moving towards software defined vehicles & zonal architecture. Ethernet is the backbone of zonal architecture. The bandwidth and response time requirements of ethernet are higher than ever. The network stack with Linux makes it a compelling choice of OS for Gateway/ADAS SOCs.

With growing number of ECUs in the car, the gateway SOC needs to be ethernet ready very early to support FOTA and telematics applications. All the ECUs sitting behind the gateway need ethernet functionality for communication. With ROM code, boot loader kernel & the user space application taking time to initialize, the goal of early ethernet is a tricky one.

The presentation aims to cover the optimizations done at each phase of the Linux boot to achieve early ethernet. Top level optimizations:

1. Streamlined the boot flow from bootloader to get to Linux kernel faster.
2. Opening the network device early with driver optimization allows the hardware to be initialized early
3. Configuring majority of network using networkd scripts allows the interfaces to be ready early

Although the demonstration is done using TI's DRA821 Gateway SOC, this is applicable to any SOC using Linux.

Speakers

Keerthy Jagadeesh

Software Applications Engineer, Texas Instruments

Keerthy Jagadeesh is an ardent Linux developer team of the Texas Instruments and has been an active Linux contributor for the past 10+ years. He has worked on thermal management for TI SoCs, PMIC drivers, low power modes for AM437x SoCs. Maintains TI THERMAL DRIVER & maintains TI... Read More →

Tuesday June 24, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2B

Embedded Linux Conference

Audience Experience Level Intermediate

11:55am MDT

Virtio for PCI Endpoint Subsystem in Linux Kernel - Manivannan Sadhasivam, Linaro Ltd

Tuesday June 24, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 2A

Traditionally, Virtio is primarily used in virtualized environments to allow the Hypervisor to Guest communication in an agnostic way. But Virtio as a standard can be leveraged outside virtualization for communication between any two entities.

The PCI Endpoint subsystem in the Linux kernel is used to run Linux on tiny PCI endpoint devices such as modems, NIC, GPU, etc... It requires the developers to write function drivers to communicate with the host. On most occasions, these function
drivers also require counterpart drivers on the host systems. This increases the time required for the project's development, as the development needs to happen on both the host and endpoint systems.

This is where Virtio comes in handy for the PCI Endpoint subsystem. With Virtio, developers can focus on developing the back-end drivers on the endpoint side and leverage the existing front-end drivers on host systems (such as virt-net, virt-gpu, etc...).

In this talk, Manivannan Sadhasivam will present the proposals received from the community for adding Virtio backend support to the PCI Endpoint subsystem and elaborate on the one that got a consensus to move forward, along with the future plans.

Speakers

Manivannan Sadhasivam

Senior Engineer, Linaro Ltd

Mani is a Senior Kernel Engineer at the Qualcomm Landing team of Linaro. He maintains the PCI Endpoint Subsystem, Qualcomm MHI bus, and several drivers in the Linux Kernel.

Tuesday June 24, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Intermediate

11:55am MDT

Extending Container Performance Isolation: Regulating Memory Bandwidth & Cache in the Kernel - Jonathan Perry, Unvariance

Tuesday June 24, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 2D

While containers provide isolation for CPU cycles and memory capacity, they offer limited protection against performance interference through shared CPU caches and memory bandwidth. Such contention was shown to increase application response times by 4-13x. The Linux resctrl infrastructure provides monitoring and control mechanisms, but has limitations for controlling real-world applications.

For example, child processes do not inherit their parent's resctrl groups, leaving any application that forks improperly monitored and controlled. Additionally, the current filesystem-based interface makes it difficult to build a controller that can monitor and adjust quickly enough to keep up with frequently changing application memory behavior.

This talk introduces the memory interference problem and presents new kernel mechanisms to address these limitations. A new collector enables effective control by capturing per-container measurements of cache and memory bandwidth usage at millisecond frequencies. We'll cover how the solution combines Intel RDT, AMD QoS, high-resolution timers, perf counters, and cgroups to achieve this. We'll discuss future work and opportunities for collaboration.

Speakers

Jonathan Perry

Founder, Unvariance

I am a maintainer of the OpenTelemetry eBPF network collector, and working on developing tools to detect and mitigate noisy neighbors. I got my PhD in noisy neighbor mitigation (focusing on networking) from MIT, then founded an eBPF-based network observability company, Flowmill, which... Read More →

Tuesday June 24, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2D

Linux

Audience Experience Level Intermediate

11:55am MDT

Making EU CRA (Cyber Resilience Act) Simplified and Non-scary for OSS Contributors - Roman Zhukov, Red Hat

Tuesday June 24, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 3C

The EU Cyber Resilience Act (CRA) aims to safeguard European consumers and at first glance it targets only the EU market. But in fact the entire OSS ecosystem falls under its scope, which could be scary not only for Manufacturers or Stewards, but also is seen harmful for Individual Developers. Let’s debunk some of those myths! To preserve CRA’s positive intention, we as a community work hard to make sure its implementation incentivizes contributors to become good Open-Source citizens.

During this session we will explore how CRA impacts all players in the OSS ecosystem and why Maintainers MUST keep going with their brilliant work and shouldn’t be afraid. We will discuss what we at foundations and various expert groups are doing to help the open-source community navigate the actual requirements, as well as what standards and tools are available right now, followed by useful examples. They will include templates, samples, checklists, good practices and ideas how YOU can leverage: open-source tools like Security Scorecard, GUAC, Trustify, Minder, a few others; frameworks like Security Base Line and C2C2F; standards like OpenVEX; collaborations like Global Cyber Policy WG.

Speakers

Roman Zhukov

Principal Security Community Architect, Red Hat

Practicing Cybersecurity expert, engineer and manager (15+ years), (ISC)2 CC (Certified in Cybersecurity). Currently - Principal Security & Community Architect at Red Hat. Ex. - Head of Product Security & Privacy for Data Center & AI SW at Intel. Roman has broad experience from security... Read More →

Tuesday June 24, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Intermediate

11:55am MDT

Stories From the Trenches: Effective Collaboration Between OSPOs and R&D Organizations - Georg Kunz & David Östman, Ericsson

Tuesday June 24, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 3F

In today's rapidly evolving tech landscape, alignment of open source initiatives and product-focused research & development (R&D) efforts are crucial to achieving strategic business goals. Establishing a dedicated Open Source Program Office (OSPO) plays a critical role in ensuring effective strategy, governance, fostering community engagement, and maximizing the benefits of open source contributions. However, an OSPO must connect these high-level principles with the needs and day-to-day operations of R&D organizations to ensure their effectiveness.

In this presentation, Georg and David will represent the OSPO and R&D at Ericsson. They will share insights into a set of concrete real-world cases and challenges, such as facilitating upstream contributions to the Linux kernel, establishing the Valkey project, and eliminating downstream forks. Based on these examples, they will delve into the intricacies of establishing an effective collaboration between the OSPO and R&D departments, highlighting how to bridge the gap between the needs of product team and the overarching company strategy.

Speakers

Georg Kunz

Open Source Program Manager, Ericsson

Georg is an Open Source advocate and a long-term contributor to a wide range of open source communities and projects, such as OpenStack, LF Networking, and the OpenSSF. He served for multiple terms on the OPNFV and Anuket Technical Steering Committee and currently serves on the Steering... Read More →

David Östman

General Manager Ericsson Software Technology Sweden, Ericsson

David is the General Manager of Ericsson Software Technology (EST) Sweden, leading a dedicated team of engineers developing open source software on projects like Linux, Yocto, and Valkey. With over 25 years of experience in the telecommunications industry, David began his career at... Read More →

Tuesday June 24, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3F

OSPOCon

Audience Experience Level Intermediate

11:55am MDT

Wait, So Now You're Telling Me We Need FGA? - Carla Urrea Stabile, Auth0

Tuesday June 24, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 2E

When building an application, we often start with simple requirements: “Just make sure only the admin can see this page.” Fast forward a few months, and the requirements have grown into a tangled web of roles, attributes, exceptions, and edge cases. Sound familiar?

In this talk, we’ll follow the journey of a fictional project that begins with no access control, progresses to Role-Based Access Control (RBAC), struggles with Attribute-Based Access Control (ABAC), and ultimately finds its footing with Fine-Grained Authorization (FGA). In this process, you’ll learn how OpenFGA addresses the growing complexity of modern applications with a relationship-based model that’s both flexible and scalable.

Speakers

Carla Urrea Stabile

Senior Developer Advocate & Software Engineer, Auth0

Carla is a software engineer and developer advocate at Auth0 by Okta. She’s a language agnostic developer but enjoys working with Ruby and Python. When she’s not working you can find her going on walks with her dogs, hiking or going on a bike ride.

Tuesday June 24, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2E

Wildcard

Audience Experience Level Intermediate

11:55am MDT

IREE: An AI Subsystem for Zephyr? - Peter Kourzanov & Anmol Anmol, IMEC

Tuesday June 24, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 2C

Machine Learning and AI are experiencing explosive growth. The concentration of AI power in the datacenters, as well as the current trends in training and inferencing infrastructure built around power-hungry GPUs and control nodes running interpretive languages on full-fledged monolithic operating systems brings about an evermore greater need for energy. In this talk we will sketch a different future: one where the needs of scaling are addressed in a way of embedding lightweight control software running on energy-efficient hardware into a sea of heterogeneous compute accelerators arranged in an energy-conserving fashion. One where the edge devices, be it small IoT nodes or an intelligence subsystem inside a mobile device can all be included in one global, distributed, cognitive and sustainable network supporting the users.
We intend to cover our recent developments in the way of porting IREE to run on Zephyr's POSIX layer, as well as experiments to see how Zephyr as a lightweight library kernel can support typical inference tasks that were used as workloads to tune an accelerator's micro-architecture (using gem5 simulator) as well as to emulate the design on the FPGA as a scale-up.

Speakers

Peter Kourzanov

Principal member of technical staff, IMEC

Having started my professional career into CS (at TUDelft DBMS) I moved towards RT & streaming systems for CE (architecture & infra group at Philips Research). Dataflow compiler & middleware project got me further into the DSPs and models for radio & radar transceivers - the focus... Read More →

Anmol Anmol

Development Engineer, IMEC, Belgium

Exploring hardware/software codesign, microarchitecture and related research, and engineering problems.

Tuesday June 24, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2C

Zephyr

Audience Experience Level Intermediate

12:15pm MDT

Defining Open Source AI: Can the “Judgement of Solomon” Help the Open Source Community Find Success? - Jeffrey Borek, IBM

Tuesday June 24, 2025 12:15pm - 12:35pm MDT

Bluebird Ballroom 3D

When faced with a difficult challenge sometimes it helps to look back at lessons from ancient history to guide your thinking. The Open Source Initiative (OSI) is working to create a definition for Open Source AI (OSAID), aiming to apply open source principles to artificial intelligence development, but clearly the 1.0 version is a work-in-progress. Can it find success? How may policy-makers react? Join this session to hear about the latest efforts to define open source AI and what's likely in store for 2025.

Speakers

Jeff Borek

WW Sr. Program Director, IBM

Working across IBM Research to build a scalable and consistent AI software supply chain security framework, while continuing to lead the consumption compliance Open Source Program Office (OSPO), including policy, execution and guidance. Working with IBM Government & Regulatory Affairs... Read More →

Tuesday June 24, 2025 12:15pm - 12:35pm MDT
Bluebird Ballroom 3D

Standards + Specifications

Audience Experience Level Intermediate

2:10pm MDT

ARM64 Linux Laptops Status Report - Stefan Schmidt, Linaro Ltd.

Tuesday June 24, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 2A

In June last year a bunch of new laptops, based on the Snapdragon X Elite, have been launched. All major laptop vendors launched devices, with over three
dozen to choose from at the time of this writing. Offering a nice alternative to ChromeBooks or MacBooks for Arm enthusiasts. No matter if you are intrigued by the battery life, performance or always wanted an arm64 based system to natively
compile for your embedded targets.

The core question is, how good is the Linux support. Being designed for Windows-on-ARM there is a risk Linux support is rudimentary at best. Does boot with UEFI work out of the box? Is there a device tree description for your specific device? Which hardware features are already supported mainline?
Is the firmware for various drivers available? How is the performance?

In short, is it usable as a daily driver for a developer? Stefan set out to find out, and report here.

In this talk he will provide details on the current state of development of these devices. An in-depth view on the hardware support: what is in mainline, which patches are pending and what is missing completely.
[Target: ELC North America]

Speakers

Stefan Schmidt

Tech Lead / Senior Linux Kernel Engineer, Linaro Ltd.

Stefan Schmidt is a FOSS contributor for nearly 20 years now. During this time he worked on different projects and different layers of the Linux ecosystem. From bootloader and Kernel over build systems for embedded to user interfaces. After years as a freelancer, member of the Samsung... Read More →

Tuesday June 24, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Intermediate

2:10pm MDT

Build Zephyr for MicroBlaze-V FPGA Using Yocto Project - Sandeep Gundlupet Raju, AMD

Tuesday June 24, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 2C

The Yocto Project can build for a variety of targets: Linux, Zephyr, baremetal, etc. Using multiconfig one can target a combination of these environments in one single configured build. Zephyr is a real-time operating system (RTOS) that is open source and hosted by the Linux Foundation. It’s an collaborative effort uniting developers and users in building a best-in-class small, scalable, real-time operating system (RTOS) optimized for resource-constrained devices, across multiple architectures.

This talk will discuss how to configure a multiconfig builds for MicroBlaze-V(RISC-V) FPGA using Yocto Project meta-zephyr, with integrated binary components for Zephyr using a System DeviceTree(SDT) processed through the lopper tool to generate Zephyr Kconfig, DTS and Multiconfig Configuration files for MB-V. The resulting configuration files are then used to build and package Zephyr including but not limited to the Zephyr Kernel and peripheral drivers using the Yocto Project.

Speakers

Sandeep Gundlupet Raju

Senior Member of Technical Staff - Yocto Project, AMD

Open Source enthusiast, Contributor to Yocto Project(poky, amd xilinx meta layers, meta-ros, meta-virtualization, meta-jupyter), OpenEmbedded, Lopper, AMD Xilinx Device-tree Generator, PetaLinux, Trusted Firmware-A (ATF), Linux Kernel and U-boot trees. Maintainer of AMD Xilinx Yocto... Read More →

Tuesday June 24, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2C

Zephyr

Audience Experience Level Intermediate

2:25pm MDT

Lightning Talk: Serving Guardrail Detectors on Vllm - Evaline Ju, IBM

Tuesday June 24, 2025 2:25pm - 2:35pm MDT

Bluebird Ballroom 3E

With the increase in generative AI model use, there is a growing concern of how models can divulge information or generate inappropriate content. This concern is leading to the development of technologies to “guardrail” user interactions with models. Some of these guardrails models are simple classification models, while others like IBM’s Granite Guardian or Meta’s Llama Guard are themselves generative models, able to identify multiple risks. As new models appear, a variety of large language model serving solutions are being developed and optimized. An open-sourced example, vllm, has become an increasingly popular serving engine.

In this talk I’ll discuss how we built an open-sourced adapter on top of vllm to serve an API for guardrails models, so that models like Granite Guardian and Llama Guard can be easily applied as guardrails in generative AI workflows.

Speakers

Evaline Ju

Senior Software Engineer, IBM

Evaline is a senior engineer working on the watsonx platform engineering team of IBM Research and based in Denver, Colorado. She currently focuses on building guardrails infrastructure for large language model workflows. Her previous experience includes MLOps for IBM’s cloud ML... Read More →

Tuesday June 24, 2025 2:25pm - 2:35pm MDT
Bluebird Ballroom 3E

Open AI + Data

Audience Experience Level Intermediate

3:05pm MDT

Noisy Neighbor Detection: A New OSS Collector - Jonathan Perry, Unvariance

Tuesday June 24, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 2G

Why do some requests take so much longer than others? A major contributor, memory-related contention between containers, was shown to increase latency by 4-13x. It can be triggered by garbage collection, and existing observability cannot even detect it! Current collectors just show high CPU utilization, and the standard mitigation is to scale out and run at low utilization: expensive, and does not solve the response time problem.

We set out to build a new detector, but found that measuring every few seconds (current practice for collectors) is inadequate. Servers quickly jump between intense resource competition and under-utilization, so averaging over seconds does not show any contention. We needed measurements at millisecond frequency.

This session first examines real-world patterns that trigger interference and surveys methods for detecting memory interference, including findings from Google, Alibaba, and Meta's production environments. We'll then discuss the design of the OSS collector, and how it combines CPU performance counters, eBPF and high-resolution timers to identify noisy neighbors. We close with future directions and opportunities to get involved.

Speakers

Jonathan Perry

Founder, Unvariance

Tuesday June 24, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate

3:05pm MDT

Composite Video Device Abstraction for Libcamera - Karthik Poduval & Kamalanadh (Kamal) Vedantham, Amazon Lab 126

Tuesday June 24, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 2B

In digital imaging, video devices often face limitations that impact output quality and functionality. Post-processors, such as m2m geometric distortion correction, m2m scalers, or m2m JPEG encoders, can be employed to enhance the output of an Image Signal Processor (ISP). Managing multiple post-processors individually can be complex and inefficient. To address this, the concept of a composite device could be used. This abstraction consolidates various functionalities, including a video node and multiple post-processors, under a single abstraction that acts like a composite video device. The composite video device provides an effective abstraction layer for the libcamera pipeline handler. It determines which post-processor to utilize and when, without requiring manual intervention for each operation. Without such an abstraction, designing a pipeline handler would be significantly more complex. In this talk, we go over the design of this abstraction.

Speakers

Karthik Poduval

Principal Software Development Engineer, Amazon Lab126

Karthik Poduval is a Principal Software Development Engineer at Amazon Lab126. In this role, he develops Embedded Linux device drivers and middleware stack for camera/ISP and other imaging devices.

Kamalanadh (Kamal) Vedantham

Senior Software Engineer, Amazon Lab 126

Senior Software Development Engineer at Amazon Lab126. Develops Embedded Linux device drivers and camera/isp pipelines.Previous expertise includes Biometric Sensor / Security TPM / Touch Sensor technlogies.

Tuesday June 24, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2B

Embedded Linux Conference

Audience Experience Level Intermediate

3:05pm MDT

Dynamic VM Memory Resizing daemon (vmrd) - Sudarshan Rajagopalan, Qualcomm

Tuesday June 24, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 2A

We describe about a userspace daemon that integrates with the Linux kernel's Pressure Stall Information (PSI) mechanism to monitor and detect memory pressure events, and requests for adding/removing memory blocks from the host based on real-time memory demands in the system without need for intervention of an admin/host. The virtio-mem interface is used for communicating with the host for adding/removing memory blocks.

Detecting increase in memory demand – the daemon registers to certain PSI events and monitors pressure building up when memory allocations occurs. Using these predefined thresholds trigger the daemon to request additional memory from the host when minimal pressure is detected, indicating an active memory-intensive use case is running.

Detecting decrease in memory pressure – the daemon monitors pressure decay and psi averages (avg10, avg60, avg300) along with other memory stats. and makes an educated guess about memory usecases have ended and releases blocks back to host. The process of tracking memory pressure going down and releasing memory back to host is done in a separate thread.

More details on design and logic will be explained in the presentation session.

Speakers

Sudarshan Rajagopalan

Linux Kernel Developer, Qualcomm

Working as Linux Kernel Developer in Qualcomm for the past 7 years. Interests are in Embedded Systems and Firmware, System designs and Computer Architecture.

Tuesday June 24, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Intermediate

3:05pm MDT

Enhancing Scalability of the Vmalloc Mechanism in the Linux Kernel - Adrian Huang, Lenovo & Uladzislau Rezki, Sony

Tuesday June 24, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 2D

The vmalloc mechanism in the Linux kernel provides contiguous virtual memory allocations, even when the underlying physical memory is non-contiguous. However, with increasing adoption and usage, the synchronization of vmalloc data structures poses significant performance challenges, particularly in many-core systems with 256+ cores.

This session will explore the scalability improvements made to the vmalloc mechanism, covering the following key topics:

1. An overview of the legacy vmalloc approach, which relies on a single global lock for data synchronization.

2. Introduction to an enhanced vmap node implementation designed to address the limitations of the legacy approach.

3. Identification and detailed analysis of two remaining performance bottlenecks despite the enhanced vmap node implementation, along with their proposed solutions.

Join us to gain insights into the evolving design of vmalloc and its implications for performance in modern high-core-count systems.

Speakers

Adrian Huang

Senior Engineer, Lenovo

Adrian Huang is a Senior Linux Engineer in the Lenovo Infrastructure Solutions Group (ISG) based in in Taipei, Taiwan. He has experience with Linux kernel IOMMU subsystem, Linux kernel synchronization, Linux kernel interrupt mechanism and memory management.

Uladzislau Rezki

Embedded developer, Sony

My name is Uladzislau Rezki. I am 43 years old. I am married and live with my wife in Sweden, Lund. I graduated from the University in Belarus, since 2011 i moved and work in Sony in Sweden until now. I do some ports, play table tennis, running we both love to walk in the forest... Read More →

Tuesday June 24, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2D

Linux

Audience Experience Level Intermediate

3:05pm MDT

The Open Source Solution That Actually Works - Syed Usman Ahmad, Grafana Labs

Tuesday June 24, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 3A

When you are running an application that contains primary ingredients such as Java, MySQL, Mail Service etc. and all fused up together to be as one, then it is no surprise that you need to rely on more than one monitoring solution. But imagine if there is a one single solution that can bring up the Logs, Metrics, Traces and even Profiling and on top of that, it is completely Open Source? Well, you are in luck, as in this talk we will demonstrate an example on how to monitor your applications by using Grafana and use various integrations and plugins. Later, we will see more advanced features to get key metrics for better observability.

It will be an introduction to the Dashboards, and also an excellent opportunity to learn more about the advanced features, including troubleshooting & debugging.

Join us to learn more about Grafana dashboards, community contributions and share your feedback and suggestions!

Speakers

Syed Usman Ahmad

Staff Developer Advocate, Grafana Labs

Usman is a Staff Developer Advocate at Grafana Labs from Nuremberg, Germany and works with the Open Source community on the community forum, GitHub and Slack.He has over 15 years of experience in IT and Cloud Support where he served multiple customers all over EU, US and Japan.He... Read More →

Tuesday June 24, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3A

Open Source 101

Audience Experience Level Intermediate

3:05pm MDT

Navigating FINTECH’s Regulatory Waters With InnerSource - Brittany Istenes, FINOS Ambassador, ToDo Group Steering Committee & Russell Rutledge, InnerSource Commons

Tuesday June 24, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 3F

The financial industry is navigating an ocean of regulations, where compliance and innovation often feel like opposing forces. But what if there was a way to align them? Enter InnerSource—the open-source-inspired approach that fosters collaboration, accelerates development, and enhances regulatory transparency within financial institutions. Explore how the InnerSource Commons Foundation and the FINOS foundation are partnering to navigate the murky waters of regulation within the concept of openness inside of the FINTECH industry.

In this session, Brittany Istenes (FINOS) and Russ Rutledge (InnerSource Commons) will share how they are using InnerSource principles and guidance as a life preserver to help FINTECH firms navigate regulatory challenges.

Join us to explore real-world success stories and actionable strategies that demonstrate how InnerSource can transform challenges into opportunities for innovation to sail into calmer seas.

Speakers

Brittany Istenes

OSPO Strategist, FINOS Ambassador, ToDo Group Steering Committee Member

Brittany Istenes started off her career as an elementary school educator which then led to a path of tech. Brittany has led advisory councils, special interest groups, open source contributions, community building, InnerSource initiatives and all the gray areas in between. As a FINOS... Read More →

Russell Rutledge

Executive Director, InnerSource Commons

Russ Rutledge is the Senior Director of InnerSource and Collaboration at WellSky, a leading technology company offering a range of software solutions that help organizations across the healthcare continuum. In this role, Russ is leading a transformational change in the company towards... Read More →

Tuesday June 24, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3F

OSPOCon

Audience Experience Level Intermediate

3:05pm MDT

Solving the Phantom Dependency Problem for Python Packages - Seth Larson, Python Software Foundation

Tuesday June 24, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 2E

Endor Labs coined the term "Phantom Dependency Problem" to describe dependencies that are bundled into software packages but not represented in the package metadata. This is common in many software package ecosystems, but it is most prevalent in the Python package ecosystem (PyPI) where many packages include compiled C, C++, and Rust dependencies.

Bundled software not being included in package metadata is meaning means that software composition analysis (SCA), SBOM, and vulnerability scanning tools are not able to detect the bundled software. This can cause vulnerabilities to be missed and make.

The Security Developer-in-Residence at the Python Software Foundation, Seth Larson, worked on solving to the Phantom Dependency problem for Python packaging, involving work on standards and tooling.

By the end of this session attendees will understand the Phantom Dependency problem, how it relates to Python and other packaging ecosystems, how SBOM and SCA tools work, and what work was done to make bundled dependencies measurable and what that means for users.

Speakers

Seth Larson

Security Developer-in-Residence, Python Software Foundation

Seth is the Security Developer-in-Residence at the Python Software Foundation working to improve the security posture of the Python ecosystem. Seth maintains widely used open source Python projects like urllib3, truststore, and Requests.

Tuesday June 24, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2E

Wildcard

Audience Experience Level Intermediate

3:05pm MDT

Simulating Embedded Systems With Zephyr - Mohammed Billoo, MAB Labs Embedded Solutions

Tuesday June 24, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 2C

Hardware availability is among the many challenges embedded software engineers face when working on new designs. In the case of MCU-based applications, embedded software engineers need to wait for the hardware to arrive to validate portions of their application that exercise the underlying hardware. Additionally, if the application is part of a network and the network can contain hundreds or thousands of nodes, engineers may find it difficult to evaluate their design when the network is under load. Fortunately, The Zephyr Project RTOS has the infrastructure to allow embedded software engineers to evaluate as much of their design with access to the necessary hardware. In this talk, I will walk through these tools and how they can be used to evaluate the embedded software design before hardware is ready. The tools covered in this talk will be QEMU, BabbleSim, and Renode. They will be showcased with code, invocations, and results to demonstrate their value.

Speakers

Mohammed Billoo

CEO, MAB Labs Embedded Solutions

Mohammed Billoo is an embedded software consultant with over 15 years of experience. He focuses on The Zephyr Project RTOS, Embedded Linux, and The Yocto Project. He has also developed user interfaces using the Qt framework. He has helped clients across numerous verticals, including... Read More →

Tuesday June 24, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2C

Zephyr

Audience Experience Level Intermediate

4:20pm MDT

The Life of a Kernel Bugfix - Thadeu Lima de Souza Cascardo, Igalia

Tuesday June 24, 2025 4:20pm - 5:00pm MDT

Bluebird Ballroom 2D

Ever wonder how a bug fix lands on the kernel you are running on your system?

Would you like to know how to effectively get such fixes in the hands of most users?

From the time it gets submitted for review until an update is available in a distro, a lot of processes need to be followed and many people are involved.

The talk will go over some of these processes, some of the obstacles that may get in the way and how to make it easier for the people who do the work to get these fixes into the hands of as many people as possible.

Speakers

Thadeu Lima de Souza Cascardo

Kernel developer, Igalia

Cascardo has contributed to the Linux kernel for more than 15 years, initially as a volunteer and as a consultant, and later as part of teams at companies like IBM, Red Hat, Canonical, and now at Igalia. Mostly contributing bug fixes, Cascardo has been one of the top 4.19.x backporters... Read More →

Tuesday June 24, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 2D

Linux

Audience Experience Level Intermediate

4:20pm MDT

Gotta Cache 'em All: Scaling AI Workloads With Model Caching in a Hybrid Cloud - Rituraj Singh & Jin Dong, Bloomberg

Tuesday June 24, 2025 4:20pm - 5:00pm MDT

Bluebird Ballroom 3E

AI models are evolving rapidly, while also growing exponentially in size and complexity. As AI workloads become larger, it is crucial to address the challenges of rapidly scaling inference services during peak hours and how to ensure optimal GPU utilization for fine-tuning workloads. To tackle this, Bloomberg’s Data Science Platform team has implemented a “Model Cache” feature in the open source KServe project for caching large models on GPUs in a multi-cloud and multi-cluster cloud-native environment.

This talk discusses the challenges faced with hosting large models for inference and fine-tuning purposes, and how model caching can help mitigate some of these challenges by reducing load times during auto-scaling of services, improving resource utilization, and boosting data scientists’ productivity. The talk dives into how Bloomberg integrated KServe’s Model Cache into its AI workloads and built an API on top of Karmada to manage cache federation. AI infrastructure engineers will learn about the profound impact of enabling model caching and how teams can adopt this feature in their own AI infrastructure environment.

Speakers

Rituraj Singh

Software Engineer, Bloomberg LP

Rituraj Singh is a software engineer on Bloomberg’s Data Science Platform engineering team, which is focused on enabling large-scale AI model training on GPUs. Rituraj graduated from Carnegie Mellon University with a master's degree in computer engineering.

Jin Dong

Software Engineer, Bloomberg

Jin Dong is a software engineer at Bloomberg. He works on building an inference platform for machine learning with KServe.

Tuesday June 24, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 3E

Open AI + Data

Audience Experience Level Intermediate

11:00am MDT

From CDEvents To Actions: Designing the Workflow Conductor - Dadisi Sanyika & Ben Powell, Apple

Wednesday June 25, 2025 11:00am - 11:20am MDT

Bluebird Ballroom 3B

The CDEvents specification has been around for some time but what are "we" doing with it? This talk peels back the layers of our journey from CDEvents to the engineering design of a "Workflow Conductor". We will examine how specific events can be translated into actionable steps, enabling the Workflow Conductor to manage and coordinate diverse CI/CD tools. The focus will be on how the declaration of intent is tracked across tools, maintaining a consistent and auditable process. Join us to discover the technical underpinnings of this system and learn how it can transform your software delivery pipeline.

Speakers

Dadisi Sanyika

Engineering Manger, Apple, Inc.

I am Board Chair for the Continuous Delivery Foundation (Linux sub-foundation) and lead a team of engineers at Apple dedicated to improving the Continuous Deployment experience for teams and the community. Our contributions are focused on extending scalability and multi-tenant capabilities... Read More →

Ben Powell

Firmware engineer, Trimble

Ben is a software engineer at Apple for the Spinnaker team with previous experience at AWS for the AWS SDK and ECS team. He has contributed to various different tools, services, and proposals through the years, governs the Cloud SIG for Spinnaker, and is an active participant for... Read More →

Wednesday June 25, 2025 11:00am - 11:20am MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

11:00am MDT

The 5 OSS Observability Resource Killers: What You Don't Know Can Cost You! - Amir Jakoby, Sawmills

Wednesday June 25, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 2G

Our cloud native world has become more than just tooling, it's an entire ecosystem with many add-ons, complementary tools, when it comes to K8s CRDs, and services that provide its powerful capabilities and infinite scale...but at what cost?

In this talk, we'll share first of its kind research that will highlight the 5 most common OSS cloud native tools killing your observability costs. We'll start by exploring how different observability tools structure pricing, the complexities that compound cost calculation, and especially which OSS tools in your stack are the most resource-intensive services.

You'll discover how you can know whether it's KEDA or Karpenter, ArgoCD or Kyverno ballooning budgets. But don't panic! We'll wrap up with good practices for configuring popular tools to be more economical, so you can leverage the powerful K8s ecosystem without breaking the bank.

Speakers

Amir Jakoby

CTO & Co-Founder, Sawmills

Amir Jakoby is a seasoned technology executive with over 18 years of experience in software engineering, leadership, & product innovation. He currently serves as Co-Founder and CTO of Sawmills.ai. Previously, as VP of Engineering at New Relic, Amir led a global team of 85 engineers... Read More →

Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate

11:00am MDT

Self-Driving DAMON/S: Controlled and Automated Access-aware Efficient Systems - SeongJae Park, Meta

Wednesday June 25, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 2B

Data access monitoring and access-aware system operations based on it can be very useful and efficient when it is used wisely. Otherwise, it can be useless or even harmful. Hence, users are often required to do time-consuming and repetitive testing and tuning. It is not only data access monitoring's problem but a common issue at system-level operations.

DAMON is a Linux kernel subsystem for efficient data access monitoring and access-aware system operations. It mitigates the tuning problem by embedding a few automation mechanisms that allows users to run it in an automated for best outputs, but still safely controlled way.

This talk introduces the tuning problem and DAMON's automation mechanisms in detail, with usage guidelines and evaluation results. Audiences will be able to understand how they can use DAMON for more efficient system, and get some ideas about how to solve the tuning problems in general.

Speakers

SeongJae Park

Software Engineer, Meta

SeongJae Park is a Linux kernel programmer who maintains the data access monitoring framework of the Linux kernel called DAMON (https://damonitor.github.io/). His interests include operating system kernels, parallel computing, and memory management.

Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2B

Linux

Audience Experience Level Intermediate

11:00am MDT

Guarding the LLM Galaxy: Security, Privacy, and Guardrails in the AI Era - Jigyasa Grover, BORDO AI & Rishabh Misra, Attentive Mobile Inc

Wednesday June 25, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 3E

The widespread adoption of Large Language Models (LLMs) like GPT-4, Claude, and Gemini has introduced unprecedented capabilities and equally unprecedented risks. Organizations are increasingly deploying LLMs to handle sensitive tasks, from processing medical records to analyzing financial documents. This talk examines the evolving landscape of LLM security and privacy, combining theoretical foundations with a walkthrough of example implementations.

Through real-world case studies of both attacks and defenses and practical implementation guidance using popular security tools, we'll explore critical vulnerabilities and proven defensive techniques. Special attention will be given to securing fine-tuned and domain-specific LLMs, with live examples using NVIDIA’s NeMo Guardrails, LangChain's security tools, and Microsoft's guidance library.

Speakers

Jigyasa Grover

AI Lead, Data Scientist & ML Engineer • 10x AI & Open Source Award Winner • Google Developer Expert • 'Sculpting Data for ML' Book Author

Jigyasa Grover, a 10-time AI award winner and author of book, Sculpting Data For ML, has expertise in ML engineering at Twitter, Facebook, and Faire. A Google Developer Expert and Women Techmaker Ambassador, she was featured at at Google I/O 2024 on Gemini 1.5 Pro. As a World Economic... Read More →

Rishabh Misra

Staff Machine Learning Engineer, Attentive

Author of the book "Sculpting Data for ML", I am a Staff ML Engineer & Researcher recognized by the US Government for outstanding contribution to ML research. I have extensively published and reviewed research at top AI conferences in NLP (LLMs / GenAI), Deep Learning, and Applied... Read More →

Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 3E

Open AI + Data

Audience Experience Level Intermediate

11:00am MDT

The Xen Safety Concept, a Major Milestone Toward Certification - Stefano Stabellini, AMD

Wednesday June 25, 2025 11:00am - 11:40am MDT

Bluebird Ballroom 2D

Over the past decade, the Xen community has worked tirelessly to develop key features that now form a top-tier automotive solution. Xen's most important role remains that of an enforcer, ensuring strict isolation between domains so that the execution of one domain remains unaffected by others. As one of the system's most critical components, Xen is well suited for the highest levels of safety certification.

Since 2023, AMD, in collaboration with the Xen community, has been working to make Xen safety-certifiable according to the ISO 26262 and IEC 61508 safety standards. A major milestone was achieved in Q4 2024 when we obtained Safety Concept Approval from the safety assessors. They reviewed Xen and our safety plans and confirmed compliance with the relevant standards. This is a critical milestone on the road to Xen safety, demonstrating that Xen can be safety-certified.

This presentation will provide detailed insights into the Safety Concept, the activities involved in its development, and the review process. Additionally, it will offer an in-depth update on our journey toward achieving Xen safety certification.

Speakers

Stefano Stabellini

Fellow, AMD

Stefano Stabellini is a Fellow at AMD, where he leads system software architecture and the virtualization team. Stefano has been involved in Xen development since 2007. He created libxenlight in November 2009 and started the Xen port to ARM with virtualization extensions in 2011... Read More →

Wednesday June 25, 2025 11:00am - 11:40am MDT
Bluebird Ballroom 2D

Safety-Critical Software

Audience Experience Level Intermediate

11:00am MDT

Tutorial: Take Control of Git: Beyond the Basics - Kim Schlesinger, Contentful & Kyle Coberly, Urban Sky

Wednesday June 25, 2025 11:00am - 12:35pm MDT

Bluebird Ballroom 3A

You can commit, pull, and push—but do you truly understand Git? Does it feel more like a fragile system you tiptoe around than a tool that empowers your workflow? If navigating your repository makes you hesitant, it's time to go beyond the basics and build real confidence.

In this hands-on workshop, you’ll learn to:

1. Navigate with confidence: Jump between commits without fear using Reflog, ensuring you never lose your place
2. Refine your workflow: Embrace the safety of version control with patches, diffs, and resets to commit first and edit later
3. Keep your best work: Shape your commit history with checkout file, cherry-pick, and interactive rebase to express your intent clearly

Version control isn’t just a safety net—it’s a tool that amplifies your impact as an engineer. Equip yourself with the professional’s toolkit and make Git work for you!

Speakers

Kim Schlesinger

Learning Experience Designer, Contentful

Kim Schlesinger is a seasoned tech educator specializing in Kubernetes, containers, and curriculum design. With a passion for making complex technical concepts accessible, she has helped many developers and teams build their skills in cloud-native technologies. Kim is currently a... Read More →

Kyle Coberly

Staff Software Engineer, Urban Sky

Kyle Coberly is a software engineer and coach specializing in web product development, quality, and agility. He’s currently a Staff Software Engineer at Urban Sky and an adjunct professor of Information Technology at the University of Denver. He was formerly the Director of Education... Read More →

Wednesday June 25, 2025 11:00am - 12:35pm MDT
Bluebird Ballroom 3A

Open Source 101

Audience Experience Level Intermediate

11:55am MDT

FoundationDB, the Black Knight - Peter Boros, Tigris Data

Wednesday June 25, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 2G

Monty Python’s Black Knight is the opponent that couldn’t lose. Even after all of his limbs were cut off, he offered a draw: “it’s just a scratch.”

FoundationDB (FDB) is a distributed transactional key-value store that is very difficult to defeat just like the Black Knight. Open-sourced in 2018 after an acquisition by Apple, FDB was designed to be a common layer: almost all databases have a backing key-value store. Many have built on top of it including Snowflake, Adobe, & Datadog.

FDB got it right: transactions, distributed by default, and extreme reliability. Kyle Kingsbury (aphyr) the author of Jepsen series on distributed systems correctness, said: "haven't tested foundation in part because their testing appears to be waaaay more rigorous than mine."

We demo a live FDB cluster and try to disrupt its operations. Our attempts are informed by real world experience supporting a metadata service for billions of objects globally.

When we finally succeed, we show how backups and disaster recovery resurrect FDB. We’ll learn about highly resilient design patterns and operations. We have battle scars, and want to help others!

Speakers

Peter Boros

Founding Engineer, Tigris Data

Peter is a founding engineer at Tigris Data. He has been using and working with open source software from early 2000s. Peter's first and foremost professional interest is performance tuning and large scale automation. Before rejoining Tigris Data, Peter worked on large scale MySQL... Read More →

Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate

11:55am MDT

Virtio-msg: Making Virtio Work Where It Does Not Today - Bill Mills, Linaro

Wednesday June 25, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 2A

Virtio-msg is a new virtio transport that allows Virtio to be used on AMP systems between Linux and Zephyr on a co-processor, between the Linux Kernel and Secure World TEEs like Trusty and OP-TESS, and other places where Virtio-mmio and Virtio-pci do not work.

This session will describe the need for virtio-msg, the progress on Spec, Kernel, QEMU, Rust-VMM, Zephyr and RTOS libraries. Various demos using QEMU and hardware will be described and pointers provided so you can run them yourself.

Speakers

Bill Mills

Principal Technical Consultant, Linaro

Bill Mills has been professionally active in embedded systems for over 39 years. He has been the lead developer on debugger/emulator, RTOS kernel, VoIP, and many other projects. He has been focused on Embedded Linux strategy since 2008. He is a founding member of the Yocto Project... Read More →

Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Intermediate

11:55am MDT

The Big-endian RISC-V Linux Adventure - Ben Dooks, Codethink

Wednesday June 25, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 2B

The latest RISC-V ISA specification allows for runtime configuration of the data endian between little and big. Since no one had done this before, we decided to investigate how difficult it would be to get a prototype Linux implementation running in big endian on an emulated RISC-V system such as under QEMU.

The talk goes from the description of the new ISA feature, our initial analysis and the modifications to software such as the Linux kernel, QEMU and OpenSBI and an overview of the issues that we found and how to fix them. This includes kvm and how that works with mixed endian kvm instances, and the modifications to kvmtool to make this work.

We conclude with how the project went, what we published and a call to arms to continue testing and fixing outstanding issues.

Speakers

Ben Dooks

Senior Engineer, Fellow, Codethink

Senior open source consultant at Codethink and long-time contributor to various projects such as the Linux Kernel.

Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2B

Linux

Audience Experience Level Intermediate

11:55am MDT

Harnessing Event-Driven and Multi-Agent Architectures for Complex Workflows in Generative AI System - Mary Grygleski, Callibrity

Wednesday June 25, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 3F

Generative AI applications, in general, excel in zero-shot and one-shot types of specific tasks. However, we live in a complicated world and we are beginning to see that today’s generative AI systems are simply not well equipped to handle the increased complexity that is found especially in business workflows and transactions. Traditional architectures often fall short in handling the dynamic nature and real-time requirements of these systems. We will also need a way to coordinate multiple components to generate coherent and contextually relevant outputs. Event-driven architectures and multi-agent systems offer a promising solution by enabling real-time processing, decentralized decision-making, and enhanced adaptability.

This presentation proposes an in-depth exploration of how event-driven architectures and multi-agent systems can be leveraged to design and implement complex workflows in generative AI. By combining the real-time responsiveness of event-driven systems with the collaborative intelligence of multi-agent architectures, we can create highly adaptive, efficient, and scalable AI systems. This presentation will delve into the theoretical and practical sides.

Speakers

Mary Grygleski

Director, Emerging Technologies, Callibrity

Mary is a Technical Advocate, Java Champion, and the Director of Emerging Technologies at Callibrity. She started as an engineer in Unix/C, then transitioned to Java around 2000 and has never looked back since then. After 20+ years of being a software engineer and technical architect... Read More →

Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3F

Open AI + Data

Audience Experience Level Intermediate

11:55am MDT

Securing Software Supply Chains for the Public Good - Daniel Moch, Lockheed Martin & William Crum, SpectroCloud

Wednesday June 25, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 3G

Drawing from our experiences within the public sector, we discuss software supply chain security as it pertains to public sector organizations, including the unique risks and challenges they face and how we can all work together to improve the security of the open source ecosystem.

Speakers

Daniel Moch

Staff Software Engineer, Lockheed Martin

For over 20 years, Daniel has worked as a software engineer in the Defense and Aerospace industry. His experience ranges from embedded device drivers to large logistics and information systems. In recent years, he has focused on helping legacy programs adopt modern DevOps practices... Read More →

William Crum

Defense Success Engineer, SpectroCloud

Sergeant William Crum is a U.S. Marine Corps Reservist and software engineer at Spectro Cloud. He serves with the Marine Innovation Unit, driving software modernization within the Marine Corps. In his civilian role, he is a Docker Captain and Senior Defense Engineer at Spectro Cloud... Read More →

Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3G

OpenGovCon

Audience Experience Level Intermediate

11:55am MDT

In From the Cold - Open Source as Part of Mainstream Software Asset Management - Shane Coughlan, The Linux Foundation

Wednesday June 25, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 3D

Software Asset Management (SAM) provides a way to manage software across small, medium and large entities. It is often seen as a way of addressing licensing or for making sure company staff are using permitted software applications and versions.

Open source has traditionally been divorced from SAM, which was focused on proprietary software solutions. Partly this was due to practical matters like different licensing schemes, and partly it was an artifact of separate paths of evolution.

However, in recent years open source has increasingly adopted approaches to licensing, security and other challenges that mirror SAM. Examples include the use of standards like ISO/IEC 5230 for licensing and ISO/IEC 18974 for security, of implementation standards like ISO/IEC 5962 for Software Bill of Materials.

As a consequence, open source is now more closely aligned with SAM. This talk will examine what that means for open source management overhead today, and where it will take us in the future. This talk is intended to equip people in open source strategy, legal and team leadership to navigate changes as smoothly as possible.

Speakers

Shane Coughlan

General Manager, OpenChain

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open... Read More →

Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 3D

Operations Management

Audience Experience Level Intermediate

11:55am MDT

Verifying the Rust Standard Library - Rahul Kumar, Amazon Web Services

Wednesday June 25, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 2D

The Rust programming language is experiencing rapid adoption in critical infrastructure and systems programming, propelled by its memory safety guarantees and developer productivity advantages. Significant technology policies, such as the US National Cyber Strategy, explicitly endorse Rust as a pathway to memory-safe software. Unsafe code blocks, however, can circumvent Rust’s compile-time guarantees. To address this disparity, AWS has collaborated with the Rust Foundation on the Rust Standard Library Verification project, whose objective is to formally verify the safety of the Rust standard library. We are actively integrating automated verification into the Rust Library release process, thereby ensuring continuous safety validation across releases.

Our presentation will elucidate the structural framework and rationale underpinning our verification contest. We will demonstrate our current progress, showcasing successful verification examples and discussing the diverse open-source tools employed in the verification process. We will conclude with our prioritized areas for 2025 and practical ways for the Rust community to actively participate in this pivotal security initiative.

Speakers

Rahul Kumar

Senior Manager Applied Science, Amazon Web Services

Rahul Kumar completed his PhD from Brigham Young University. He has worked on formal verification and static analysis at Microsoft, Microsoft research, NSA JPL. He also worked on combining empirical software engineering and static analysis techniques for creating machine learning... Read More →

Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2D

Safety-Critical Software

Audience Experience Level Intermediate

11:55am MDT

Developing a Community-Driven Standard for Open Source Software Quality - Philipp Ahmann, Etas GmbH (BOSCH) & Gabriele Paoloni, Red Hat

Wednesday June 25, 2025 11:55am - 12:35pm MDT

Bluebird Ballroom 2F

Established quality standards, designed for traditional V-Model ( requirements driven) development, are inadequate for evaluating and supporting code-driven, CI/CD-based nature of modern (open source) software. This hinders OSS adoption in regulated industries, particularly for safety-critical systems. This session introduces a novel standard proposal specifically designed to assess OSS process capabilities by documenting open source best practices and providing a practical assessment guide. It aims to bridge the gap between OSS development practices and the needs of regulated industries, fostering greater trust and enabling wider adoption.

This session outlines the three phases from research to execution for establishing the standard, drawing on relevant academic research and showcasing exemplary open source projects with established best practices. The authors will also explore existing scoring initiatives and some quality metrics. The session concludes with a roadmap for collaborative development of the standard and a call to action for community participation.

Speakers

Philipp Ahmann

Automotive OSS Process Lead, Etas GmbH (BOSCH)

Gabriele Paoloni

Sr SW Principal Engineer, Red Hat

Gabriele Paoloni is an Open Source Community Technical Leader at Red Hat.

Wednesday June 25, 2025 11:55am - 12:35pm MDT
Bluebird Ballroom 2F

Standards + Specifications

Audience Experience Level Intermediate

12:15pm MDT

Lightning Talk: Data, Dude, Where's My Maturity? Unleashing Auto-Measurement for Platforms and Services - Muktesh Mishra, Adobe

Wednesday June 25, 2025 12:15pm - 12:25pm MDT

Bluebird Ballroom 3B

With the evolution of platform engineering, I have never wondered how to measure the maturity of platforms and services. A platform is comprised of multiple services and infrastructure components. Do you need to apply maturity models to improve your business outcomes and goals? How do you start and automatically collect the data, use measurements, analyze, and ultimately improve the goals?
Join us for a fun session to discuss how we solved this problem on a scale. How do we measure, monitor, analyze, and improve platform maturity with gamifications and levels and ultimately move the needle?

In this session, we will discuss how we apply a framework for Services, platforms, and infrastructure to measure different maturity levels and improve different goals. This framework works in an automated fashion, and it also relates to the CNCF maturity model along with CD Events.

Speakers

Muktesh Mishra

Lead Engineer, Adobe

Muktesh is currently working as a Lead Engineer, AI Foundations for Adobe. He is an open-source contributor to 20+ projects and enjoys programming in polyglot. Primarily he contributes to CICD, AI Integrations, and Distributed Systems. He is a conference junkie. and had spoken at... Read More →

Wednesday June 25, 2025 12:15pm - 12:25pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

12:25pm MDT

Lightning Talk: It's Friday! - Alon Nisser, Zencity

Wednesday June 25, 2025 12:25pm - 12:35pm MDT

Bluebird Ballroom 3B

It's Friday afternoon, and you've got plans for this evening. You've just finished the feature. you push to master, and click deploy. OR DO YOU? let's talk about Friday deployments and what they can teach us. A candid talk about CI/CD as an unfinished journey.

Speakers

Alon Nisser

Principal engineer Zencity, Zencity

Software developer. currently in Zencity.io. Writing software as a hobby and as a profession. Strong opinions on things. Open source aficionado. Trying to make a difference.Sometimes software makes we wonder if I'd be better off being a farmer

Wednesday June 25, 2025 12:25pm - 12:35pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

2:10pm MDT

Managing Resources To Lower Costs - Mark Waite, CloudBees & Melissa McKay, JFrog

Wednesday June 25, 2025 2:10pm - 2:30pm MDT

Bluebird Ballroom 3B

Do you have a closet that’s overflowing? In order to accommodate your favorite latest wardrobe styles (and to avoid a closet clutter disaster), you might need to let go of those jeans two sizes too small or… gasp! … prune your conference t-shirt collection to a reasonable number.

In the CI/CD world, cleaning out your closet translates in part to activities like pruning artifact repos and limiting bandwidth usage appropriately. Businesses are incessantly looking for ways to trim the fat for leaner, healthier bottom lines, and DevOps operational infrastructure can be a clutter hotspot when it comes to resource expense.

Learn how the Jenkins project has reduced costs with more effective management of its operational resources. We’ll share techniques that we’ve used to identify costs, reallocate resources to reduce those costs, and adapt to changing environments. The Jenkins closet is looking better than ever!

Speakers

Mark Waite

Manager, CloudBees

Mark is a member of the Jenkins governance board, maintainer of the Jenkins git plugin, and a long-time contributor to continuous integration and continuous delivery topics.

Melissa McKay

Head of Developer Relations, JFrog

Melissa is passionate about Java, DevOps and Continuous Delivery. She is currently Head of Developer Relations for JFrog and a member of the Technical Steering Committee of the Open Platform for Enterprise AI (OPEA). Melissa has been recognized as a Java Champion and a Docker Captain... Read More →

Wednesday June 25, 2025 2:10pm - 2:30pm MDT
Bluebird Ballroom 3B

cdCon

Audience Experience Level Intermediate

2:10pm MDT

Traefik V4: What We’re Cooking for You - Nicolas Mengin & Emile Vauge, Traefik Labs

Wednesday June 25, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 2G

Traefik is one of the most popular open-source projects in the world, with over 3 billion downloads and a top 15 spot on DockerHub. As a powerful Ingress and Gateway Controller, Traefik simplifies exposing, securing, and managing services and APIs dynamically and at scale—whether in simple setups or complex cloud-native environments.

Just one year after the release of Traefik v3, we're already taking things to the next level! In this session, Emile Vauge (Traefik Creator) and Nicolas Mengin (Traefik Maintainer) will unveil the exciting new features coming in Traefik v4, including:
- A new plugin system for even greater extensibility
- Pre-routing operations to optimize traffic handling
- Enhanced TLS certificate management for better security and automation
- Improved configuration management for a smoother experience
- … and much more!

Join us to get a sneak peek at what’s next for Traefik and see how these innovations will make your cloud-native journey even easier.

Speakers

Nicolas Mengin

Head of Development, Traefik Labs

Developer and DevOps - Maintainer of Traefik. Head of Development at Traefik Labs, the company behind Traefik, the popular cloud-native Gateway Controller, and Traefik Hub, a comprehensive API Management solution for Kubernetes. Responsible for overseeing the implementation of... Read More →

Emile Vauge

CTO, Traefik Labs

Emile is a Developer. He created Traefik in 2015 and is now the CTO of Traefik Labs, the company sponsoring the open source project.

Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate

2:10pm MDT

V4L2 Media Controller Request API - Karthik Poduval, Amazon Lab126

Wednesday June 25, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 2A

Media Request API was designed to allow V4L2 devices like memory to memory video processing or codec devices and complex camera pipelines to support per frame settings and per frame metadata. In this talk we will deep dive on the details of this API with example use cases such as memory to memory video processing devices and complex ISP pipelines using this API for per frame settings and per frame metadata.

Speakers

Karthik Poduval

Principal Software Development Engineer, Amazon Lab126

Karthik Poduval is a Principal Software Development Engineer at Amazon Lab126. In this role, he develops Embedded Linux device drivers and middleware stack for camera/ISP and other imaging devices.

Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Intermediate

2:10pm MDT

Can File Systems Survive in Data-centric World? - Viacheslav Dubeyko, IBM

Wednesday June 25, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 2B

The volume of processing data is growing exponentially. AI/ML algorithms, financial transactions, social networks, cloud computing represent modern trends that latency, performance sensitive, and data hungry. File systems represent crucial and fundamental technology that builds foundation of data storage stack. However, pressure of data-centric and data-intensive nature of modern applications revealed significant overhead that file systems introduce in data storage stack. Moreover, massive amount of hardware accelerator and kernel bypassing technologies, dis-aggregated architecture, ultra-fast storage devices create “illusion” or “impression” that file systems could be a redundant item of data storage stack. Can file systems survive in data-centric world?

Speakers

Viacheslav Dubeyko

Linux kernel developer, IBM

Acquired a Ph.D degree in 2002 (X-ray spectroscopy) and served as a researcher in Samsung Electronics, Huawei, HGST, and Western Digital. As a Linux kernel developer contributed in HFS+ and NILFS2 file system drivers and designed a SSDFS open-source file system. Research interests... Read More →

can file systems survive in data centric world 08 04 2025 v.1 pdf

can file systems survive in data centric world 08 04 2025 v.1 pptx

Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2B

Linux

Audience Experience Level Intermediate

2:10pm MDT

Building Your (Local) LLM Second Brain - Olivia Buzek, IBM

Wednesday June 25, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 3E

LLMs are hotter than ever, but most LLM-based solutions available to us require you to use models trained on data with unknown provenance, send your most important data off to corporate-controlled servers, and use prodigious amounts of energy every time you write an email.

What if you could design a “second brain” assistant with OSS technologies, that lives on your laptop?

We’ll walk through the OSS landscape, discussing the nuts and bolts of combining Ollama, LangChain, OpenWebUI, Autogen and Granite models to build a fully local LLM assistant. We’ll also discuss some of the particular complexities involved when your solution involves a local quantized model vs one that’s cloud-hosted.

In this talk, we'll build on the lightning talk to include complexities like:
* how much latency are you dealing with when you're running on a laptop?
* does degradation from working with a 7-8b model reduce effectiveness?
* how do reasoning + multimodal abilities help the assistant task?

Speakers

Olivia Buzek

STSM watsonx.ai - IBM Research, IBM

Olivia has been building machine learning and natural language processing models since before it was cool. She's spent several years at IBM working on opening up Watson tech, around the country and around the world.

Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 3E

Open AI + Data

Audience Experience Level Intermediate

2:10pm MDT

Using SBOMs for Linux Foundation Projects - Jeff Shapiro, The Linux Foundation & Gary O'Neall, Source Auditor Inc.

Wednesday June 25, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 3D

Last year we introduced the LF-SBOM, which we are now generating for many projects. Today we will provide an update on this important effort to provide SBOMs for most critical LF projects. We will review the work done to date, and go into more detail on how to use the LF-SBOM specification. We will give real world concrete examples on how to use our SBOM to generate a Security Vulnerability report, and how to generate a report of open source licenses. We will also discuss how to use our SBOMs to meet new regulations (e.g. US CISA and EU CRA) when delivering software to the government sector, and how to use our SBOM as an example when you create one for your own project.

Speakers

Jeff Shapiro

Director of License Scanning, The Linux Foundation

Jeff Shapiro is the Director of License Scanning for The Linux Foundation. He has 30 years of experience in the software industry, including 10 years in software auditing, open source scanning, and training developers in OSS license compliance.

Gary O'Neall

Founder and Principal Consultant, Source Auditor Inc.

Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 3D

Operations Management

Audience Experience Level Intermediate

2:10pm MDT

Building a Safe and Open Vehicle Core With Open Source - Philipp Ahmann, Etas GmbH (BOSCH)

Wednesday June 25, 2025 2:10pm - 2:50pm MDT

Bluebird Ballroom 2D

Recently the Safe Open Vehicle Core (S-Core) project was started as a collaborative code-first project between automotive OEMs and Tier suppliers developing a safety-certifiable middleware stack for high-performance ECUs in software-defined vehicles. Targeting the non-differentiating core functionality, S-Core middleware software sits between the hardware abstraction layer and the platform API accessed by vehicle function applications. Compatible with POSIX-based OSes like Automotive Grade Linux and complementary to the ELISA project, S-Core focuses on achieving ISO 26262, ASPICE, and ISO 21434 compliance.

This presentation details S-Core's development process, scope, status, and timeline, highlighting its integration within the broader automotive safety and SDV landscape. The author further showcases the project's work towards robust and automated development through a docs-as-code approach utilizing open-source tools such as ReStructuredText, Sphinx-Needs, Bazel, and PlantUML.

Speakers

Philipp Ahmann

Automotive OSS Process Lead, Etas GmbH (BOSCH)

Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 2D

Safety-Critical Software

Audience Experience Level Intermediate

3:05pm MDT

How To Put Swift in a Box: Container Images From Scratch With Swift Container Plugin - Euan Harris, Apple, Inc.

Wednesday June 25, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 2G

Containers have changed how we build and run services. The days of FTPing a binary up to a server are gone, because our platforms expect to run containers. We build container images at every stage of development, whenever we want to test our services, and when we deploy them.

If container images are what we need, could our development tools help us build them? Yes, they can! In this talk, we'll take a container image apart, see what makes it tick, then put it back together again from first principles - all using Swift!

Swift is a high performance, memory-safe language which is ideal for server-side development. We will:

* download a container image, take it apart by hand and explore what’s inside;
* cross-compile a Swift service effortlessly to different Linux distributions, on x86 or ARM, statically or dynamically linked, from development environments on macOS or Linux;
* use Swift's pluggable build system to produce container images efficiently and automatically for every build;
* test the image.

Containers are a universal building block of modern services. Even if you're not yet using Swift, these ideas and principles also underpin your current build and deployment workflow.

Speakers

Euan Harris

Software Engineer, Apple, Inc.

Euan builds cloud services and infrastructure using Swift at Apple. He enjoys working with containers, virtual machines, networks and interesting programming languages. Previously, Euan helped maintain Docker Swarm's overlay networking and HTTP ingress, and contributed to XenServer's... Read More →

Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2G

Cloud + Containers

Audience Experience Level Intermediate

3:05pm MDT

Overlay Images To the Rescue - Frank Vasquez, Packt

Wednesday June 25, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 2A

The Yocto project offers unparalleled flexbility in how you structure your embedded Linux image builds. Yocto's multilayered approach enables us to build different images for different purposes (e.g. development, production, etc). This flexibility extends beyond the image build process out to runtime.

What if you could load debug symbols onto an edge device? Restart your application with gdbserver? Start bpftrace sessions? Connect to a VPN? All at the press of a button? You can through the magic of systemd and overlayfs. systemd-sysext activates and deactivates system extension images merging them together to compose the contents of your /usr/ and /opt/ directories.

By separating your root filesystem into individual layers that each do one thing and one thing only, you can respond to trouble by reconfiguring your system at runtime. I will show you how to leverage system extension images and btrfs subvolumes to build Yocto images that can be reassembled on demand.

Speakers

Frank Vasquez

Technical Author and Independent Consultant, Packt

Frank Vasquez is a software engineer and published author with over a decade of experience designing and building embedded Linux systems. During that time, he has shipped numerous products including a rackmount DSP audio server, a diver-held sonar camcorder, a consumer IoT hotspot... Read More →

Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Intermediate

3:05pm MDT

AI Pipelines With OPEA: Best Practices for Cloud Native ML Operations - Ezequiel Lanza, Intel & Melissa McKay, JFrog

Wednesday June 25, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 3E

The Open Platform for Enterprise AI (OPEA) is an open source project intended to assist organizations with the realities of enterprise-grade deployments of GenAI apps. Beginning from scratch is a costly endeavor, and the ability to quickly iterate on a solution and determine its viability for your organization is essential to ensure you are making the best moves forward.

During this session, Ezequiel and Melissa will introduce you to the OPEA platform and how to empower your team to build, deploy, and manage AI pipelines more effectively. Attendees will gain insights into best practices for handling complex AI/ML workloads, automating dependency management, and integrating Kubernetes for efficient resource utilization. With a focus on real-world applications, this talk not only showcases the transformative potential of these tools but also encourages attendees to explore new ways to contribute, innovate, and collaborate in driving the future of AI adoption in enterprise environments.

Speakers

Ezequiel Lanza

LF AI & Data TAC Board/Chairperson | Open Source AI Evangelist at Intel, Intel

Melissa McKay

Head of Developer Relations, JFrog

Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3E

Open AI + Data

Audience Experience Level Intermediate

3:05pm MDT

Panel Discussion: Build a Great Business on Open Source Without Selling Your Soul - Robert Hodges, Altinity; Ann Schlemmer, Percona; Tatiana Krupenya, DBeaver

Wednesday June 25, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 3C

A profitable business is one of the best protections for commercial open source projects and communities that depend on them. This talk draws on the experience of companies that pulled it off to explain how to do it for your own projects. We’ll discuss commercial models that actually work, giving back to the community, and gracefully collecting money for free software. We'll also touch on topics for larger projects like foundations and taking VC funding. It is possible to balance a strong belief in open source communities with making payroll every two weeks. We've done it and will share our secrets.

Speakers

Ann Schlemmer

CEO, Percona

Ann is a seasoned leader & advocate for open source with over 15 years experience in open source. CEO of Percona, a world-class open source database software firm, she is driven by passion for people & belief in open source's power to create an inclusive tech industry. Her authenticity... Read More →

Tatiana Krupenya

CEO, DBeaver

CEO of DBeaver, universal database management tool

Robert Hodges

CEO, Altinity

Robert Hodges serves as CEO at Altinity, a leading software and services provider for ClickHouse. Robert has more than 30 years of experience with database systems and applications including pre-relational databases such as M204, online SQL transaction processing, Hadoop, and analytics... Read More →

Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3C

Open Source Leadership

Audience Experience Level Intermediate

3:05pm MDT

Let's Play AI Supply Chain Candyland! - Sarah Evans, Dell Technologies & Christopher Robinson, OpenSSF - The Linux Foundation

Wednesday June 25, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 3D

Picture the WHOLE software supply chain, beginning to end; it's a little like that olde tyme classic, "Candyland".

Designed NOT with preschoolers in mind, AI Supply Chain Candy Land is for everyone interested in learning about the software supply chain for AI/ML. Travel through exotic locations like The Peppermint Forest of swirly-twirly dependencies, The Fudgy Swamp of Compliance, and much more!

AI/ML is a fast-moving space within technology. However, everything we've learned in software engineering of the last few decades ALSO applies to this "new" world of AI/ML. We'll apply traditional software supply chain security techniques and, wherever able, tools to help developers and consumers win AI Supply Chain Candyland.

Through an enjoyable and colorful game, with useful examples taken from standards and frameworks, the audience will have a better appreciation and ability to apply supply chain security concepts and tools to the development and support of AI/ML-based solutions.

Speakers

Christopher Robinson

Security Lorax, OpenSSF

Christopher Robinson (aka CRob) is the Chief Security Architect for the Open Source Security Foundation. With over 25 years of Enterprise-class engineering, architectural, operational and leadership experience, CRob has worked at several Fortune 500 companies with experience in the... Read More →

Sarah Evans

Distinguished Engineer, Dell Technologies

Sarah is a security innovation researcher, leveraging diverse experiences as an IT and security practitioner to improve security by design in emerging technologies. Prior to Dell, Sarah has had roles at in the finance, defense, manufacturing and education industries. Sarah also contributes... Read More →

Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3D

Operations Management

Audience Experience Level Intermediate

3:05pm MDT

Panel Discussion: Strengthening Software Supply Chains: Harmonizing SLSA Provenance and SPDX SBOM for Better Adoption - Mihai Maruseac, Google; Kate Stewart, The Linux Foundation with Additional Panelist to be Announced

Wednesday June 25, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 2F

The Software Bill of Materials (SBOM) and Supply-chain Levels for Software Artifacts (SLSA) are key frameworks for securing modern software supply chains. SPDX SBOM provides a detailed inventory of software components, dependencies, and metadata, while SLSA ensures these components are built through verifiable, tamper-resistant processes with clear provenance.

This talk will examine the synergies and differences between SLSA and SPDX SBOM, focusing on how SLSA’s provenance and authentication mechanisms can enhance the trustworthiness of SBOMs. We will explore overlapping fields captured by both standards, emphasizing the importance of interoperability and a shared roadmap to reduce duplication while leveraging their respective strengths.

A clear separation of concerns, with SLSA handling provenance and verification, and SPDX SBOM capturing comprehensive component metadata, can reduce redundancy and promote more efficient adoption. This session will outline how aligning these standards can improve software supply chain security and reliability, while fostering collaboration for cohesive evolution within the open-source community.

Speakers

Kate Stewart

VP Dependable Embedded Systems, The Linux Foundation

Mihai Maruseac

Staff SWE, Google

Mihai Maruseac is a member of Google Open Source Security team (GOSST), working on Supply Chain Security, specifically for ML, but also a GUAC maintainer. Before joining GOSST, Mihai created the TensorFlow Security team after joining Google, moving from a startup to incorporate Differential... Read More →

Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 2F

Standards + Specifications

Audience Experience Level Intermediate

4:20pm MDT

SBOMs in the Real World: Practical Guidance for Managing Three Common SBOM Scenarios - Cortez Frazier Jr., FOSSA

Wednesday June 25, 2025 4:20pm - 4:40pm MDT

Bluebird Ballroom 2F

The last 12-18 months have been a landmark period for SBOM (software bill of materials) adoption. Although a fair number of organizations have been producing SBOMs for multiple years (often for specific regulatory compliance purposes), a much larger group has recently implemented broader SBOM management programs that cover a wider range of use cases.

This presentation — “SBOMs in the Real World: Practical Guidance for Three Common SBOM Scenarios” — will focus on three of these emerging areas:

SBOM generation and distribution to meet customer requests and new regulatory requirements
SBOM aggregation from internal teams and product units to facilitate centralized vulnerability management and response
SBOM ingestion from external software supplier networks to facilitate first- and third-party vulnerability management and response

Each section of this talk — which is based on extensive firsthand experience directly supporting numerous SBOM programs (from organizations in multiple regions, industries, and stages of maturity) — will include specific guidance to help attendees understand how SBOM programs within their organizations can more effectively manage these scenarios.

Speakers

Cortez Frazier Jr.

Principal Product Manager, FOSSA

Cortez Frazier Jr. is the product lead for FOSSA. FOSSA is a developer software composition analysis tool for managing open source license compliance and security vulnerabilities. Before joining FOSSA, Cortez served as product lead for all of Puppet’s SaaS-based products Earlier... Read More →

Wednesday June 25, 2025 4:20pm - 4:40pm MDT
Bluebird Ballroom 2F

Standards + Specifications

Audience Experience Level Intermediate

4:20pm MDT

Rusty OP-TEE Trusted Applications - Sumit Garg, Qualcomm Inc.

Wednesday June 25, 2025 4:20pm - 5:00pm MDT

Bluebird Ballroom 2A

OP-TEE is an open source Trusted Execution Environment (TEE) designed as a companion to the rich Linux operating system environment. Memory safety is critical to OP-TEE because its applications provide secure interfaces that can be used by the (potentially compromised) rich OS to manipulate user's/system credentials, keys and confidential data. In particular Rust's memory-safety guarantees can be a huge step forward to harden the OP-TEE environment against any memory based exploits.

This session will focus on the evolution of Rust within the OP-TEE ecosystem, the story to make Rust a first class citizen for writing OP-TEE Trusted Applications (TAs) and how we can build Rust TAs at performance parity with their C counterparts. As well as reviewing the work to date, we'll also look at some options for leveraging Rust's memory- and thread-safety features within OP-TEE core itself: should we start with enabling pseudo trusted applications to be written in Rust?

Speakers

Sumit Garg

Senior Engineer, Linaro

Sumit works as a Senior Engineer in Linaro. He has contributed to various FOSS projects like Linux (maintainer/reviewer for different sub-systems/drivers), U-Boot, OP-TEE, Trusted Firmware (TF-A) and more. Sumit's other areas of interest includes toolchains and embedded Linux distributions... Read More →

Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 2A

Embedded Linux Conference

Audience Experience Level Intermediate

4:20pm MDT

Scalable and Efficient LLM Serving With the VLLM Production Stack - Junchen Jiang, University of Chicago & Yue Zhu, IBM Research

Wednesday June 25, 2025 4:20pm - 5:00pm MDT

Bluebird Ballroom 3E

Large Language Models (LLMs) are reshaping how we build applications; however, efficiently serving them at scale remains a major challenge.

The vLLM serving engine, historically focused on single-node deployments, is now being extended into a full-stack inference system through our open-source project, **vLLM Production Stack**. This extension enables any organization to deploy vLLM at scale with high reliability, high throughput, and low latency.
Code: https://github.com/vllm-project/production-stack

At a high level, the vLLM Production Stack project allows users to easily deploy to their Kubernetes cluster through a single command. vLLM Production Stack's optimizations include KV cache sharing to speed up inference (https://github.com/LMCache/LMCache), prefix-aware routing that directs inference queries to vLLM instances holding the corresponding KV caches, and robust observability features for monitoring engine status and autoscaling.

Attendees will discover best practices and see real-time demonstrations of how these optimizations work together to enhance LLM inference performance.

Speakers

Junchen Jiang

Assistant Professor, University of Chicago

Junchen Jiang is an Assistant Professor of CS at the University of Chicago. His research pioneers new approaches to LLM inference systems (https://github.com/vllm-project/production-stack and https://github.com/LMCache/LMCache). He received his Ph.D. from CMU in 2017 and his bachelor’s... Read More →

Yue Zhu

Staff Research Scientist, IBM Research

Yue Zhu is a Staff Research Scientist specializing in foundation model systems and distributed storage systems. Yue obtained a Ph.D. in Computer Science from Florida State University in 2021 and has consistently contribute to sustainability for foundation models and scalable and efficient... Read More →

Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 3E

Open AI + Data

Audience Experience Level Intermediate

4:20pm MDT

Continuous Compliance in Open Source: Safety Assurance Through SBOM-Driven Traceability in ELISA - Rinat Shagisultanov & Troy Sabin, InfoMagnus, LLC

Wednesday June 25, 2025 4:20pm - 5:00pm MDT

Bluebird Ballroom 2D

As open-source adoption expands into safety-critical domains, ensuring continuous compliance is a growing challenge. This session, grounded in the ELISA (Enabling Linux in Safety Applications) project, explores how SBOM-driven traceability can bridge the gap between open-source development and regulatory safety requirements. We’ll cover how SPDX 3.x, automated CI/CD workflows, and tools like ELISA’s BASIL enable traceability between compliance requirements, validation tests, and software components. Attendees will gain insights into best practices for managing SBOM evolution, mitigating risks in change impact analysis, and integrating compliance automation into modern DevOps pipelines. Whether you’re in open-source governance or safety-critical software engineering, this session provides actionable strategies to align compliance with innovation.

Speakers

Rinat Shagisultanov

VP of Technology, InfoMagnus

Creative and Innovative technology strategy advisor with 25+ years of experience envisioning, implementing, and communicating products, services and processes to business and IT stakeholders while leading, inspiring and building trust. Rinat is holding degrees in MS Computer Science... Read More →

Troy Sabin

Chief Architect, InfoMagnus, LLC

Troy is a digital strategist and software architect focused on building innovative products with web, mobile, cloud, and AI technologies. He works at the intersection of business, tech, and design—helping cross-functional teams turn ideas into real-world solutions. Troy has launched... Read More →

Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 2D

Safety-Critical Software

Audience Experience Level Intermediate

4:40pm MDT

Expanding the OpenChain Standards Portfolio - More Sister Standards? - Shane Coughlan, The Linux Foundation

Wednesday June 25, 2025 4:40pm - 5:00pm MDT

Bluebird Ballroom 2F

A discussion has opened inside the OpenChain community regarding what future standards may join the existing portfolio of ISO/IEC 5230 for license compliance and ISO/IEC 18974 for security assurance.

The focus of the OpenChain Project is on building trust in the supply chain, and on doing this from the perspective of compliance matters. In the last year, the project has begun to prepare guides for SBOM Quality Management and AI Bill of Material Compliance in the Supply Chain. Both of these read against the project charter and mission.

This talk will explore how these two guides could potentially grown into future ISO standards via the existing practices of the OpenChain Project and lessons learned in making ISO/IEC 18974 in the 2023/2024 period. Rather than announcing new standards, the talk is sharing the processes involved in consideration, to illustrated how open projects address ideas and proposals from all parties in a genuinely inclusive manner.

Speakers

Shane Coughlan

General Manager, OpenChain

Wednesday June 25, 2025 4:40pm - 5:00pm MDT
Bluebird Ballroom 2F

Standards + Specifications

Audience Experience Level Intermediate