Open Source Summit North America 2025

Graphics Processing Units (GPUs) have become key to modern computing, enabling high-performance parallel processing beyond their original role in gaming. Today, they are critical for solving complex computational challenges effectively. To achieve high levels of parallelism, OpenCL is commonly used to break tasks into kernels, which are executed by multiple threads. Optimizing OpenCL performance on GPUs remains a persistent challenge, as it involves fine-tuning both software (OpenCL code, kernels) and hardware. One of the critical factors influencing GPU performance is the effective use of workgroups. The size of workgroups significantly impacts parallelism and efficiency.
This session focuses on key software optimizations in OpenCL, such as efficient memory management, kernel fusion and optimal workgroup sizing in improving GPU performance. We will demonstrate, how optimized OpenCL code can significantly enhance parallel execution and efficiency. This talk also addresses challenges faced by automotive GPUs, including power and thermal constraints with strategies to overcome these. Best practices for writing efficient OpenCL code tailored for automotive GPUs will also be outlined.

This presentation explores how to create a multi-threaded version of Valkey by employing userspace Read-Copy-Update (RCU) to achieve high performance. With fewer than 2,000 lines of code modifications, we introduce a coordinator-worker pattern, enabling key-value stores like Valkey and Redis to handle tasks concurrently across multiple threads while using a per-thread event loop for I/O operations. Userspace RCU facilitates lock-free data sharing between a writer thread and multiple reader threads, dramatically improving read performance.

Our experiments show that the multi-threaded Valkey can achieve over one million operations per second on a standard server.

For long time kexec was a faster way to reboot a machine without incurring delays caused by firmware and bootloaders. However for many applications even a kexec reboot still means significant service degradation, like disruption of the running guests in virtualized environments and the need to rebuild in-memory caches for large databases.

We propose Kexec HandOver (KHO) mechanism that allows serialization and deserialization of kernel data as well as preserving arbitrary memory ranges across kexec.

In addition, KHO keeps physically contiguous memory regions that are guaranteed to not have any memory that KHO would preserve, but still can be used by the system. The kexeced kernel bootstraps itself using those regions and marks all handed over memory as in use. KHO users then can recover their state from the preserved data. This includes memory reservations, where the user can either discard or claim reservations.

As eBPF continues to revolutionize Linux observability and networking, the complexity of its program loading mechanism has evolved significantly.

This technical deep dive unravels the sophisticated machinery behind eBPF program loading, exploring the intricate interplay between userspace loader and Linux kernel verifier. We'll dissect the eBPF program relocation mechanisms, examine the role of BTF (BPF Type Format) in enabling strong typing and verification capabilities, and analyze the complex choreography of bpf() syscalls that bridge userspace and kernel operations. Finally, we will also discuss the security implications and program signing challenges in the loading pipeline.

For the past three years, LF Education has partnered with LF Research to produce a yearly State of Tech Talent report surveying hiring and training managers to capture trends in the IT talent market. The 2025 study, which will go live at Open Source Summit North America, explores AI’s impact on organizational operations and developers; the fastest-growing areas of job responsibility; and compliance shifts from policies like the Cyber Resilience Act. In this session, the LF Research team will host a discussion of this year’s study findings, with panelists from LF Education and OpenSSF sharing their expertise on hiring and training to address cybersecurity concerns, regulatory compliance, AI, and more. In discussing the findings of the study, this session will describe how the community is grappling with resourcing amidst the new and shifting priorities in this landscape, from AI to Cybersecurity to platform engineering. The session will deliver insight on how the open source community can take the findings of the study to fortify its organizations and people for the market in 2025 and beyond and maintain relevance among economic, regulatory, and technological changes.

When building an application, we often start with simple requirements: “Just make sure only the admin can see this page.” Fast forward a few months, and the requirements have grown into a tangled web of roles, attributes, exceptions, and edge cases. Sound familiar?

In this talk, we’ll follow the journey of a fictional project that begins with no access control, progresses to Role-Based Access Control (RBAC), struggles with Attribute-Based Access Control (ABAC), and ultimately finds its footing with Fine-Grained Authorization (FGA). In this process, you’ll learn how OpenFGA addresses the growing complexity of modern applications with a relationship-based model that’s both flexible and scalable.

The telecom industry constantly evolves to meet the demands of modern communication.
As a supporter of the Linux Foundation Valkey project, this presentation will explore other ways to utilize Valkey compared to many cloud providers, and the benefits this brings to the community and the project itself.

We will discuss the technical aspects of Valkey's use in telecom, drawing from insights for the advantages of public forks managed by foundations, leading to faster and more expansive development.

Our company was one of the founding supporters of Valkey, and Viktor Söderqvist is a core maintainer of Valkey. We will cover how we integrate community engagement and governance, David as a manager and Viktor maintainer and our collaborative efforts together.

We'll highlight our contributions to Valkey, and the discussions that led to our strategic pivot and fork and creation Valkey.

We will also present unique requirements in telecom that has been added to Valkey, and demonstrate how these requirements also benefit the broader project, with features like downgrade mechanisms and key hash improvements for higher performance.

Endor Labs coined the term "Phantom Dependency Problem" to describe dependencies that are bundled into software packages but not represented in the package metadata. This is common in many software package ecosystems, but it is most prevalent in the Python package ecosystem (PyPI) where many packages include compiled C, C++, and Rust dependencies.

Bundled software not being included in package metadata is meaning means that software composition analysis (SCA), SBOM, and vulnerability scanning tools are not able to detect the bundled software. This can cause vulnerabilities to be missed and make.

The Security Developer-in-Residence at the Python Software Foundation, Seth Larson, worked on solving to the Phantom Dependency problem for Python packaging, involving work on standards and tooling.

By the end of this session attendees will understand the Phantom Dependency problem, how it relates to Python and other packaging ecosystems, how SBOM and SCA tools work, and what work was done to make bundled dependencies measurable and what that means for users.

Weaponized open source components are silently infiltrating software supply chains, evading detection, and leaving organizations vulnerable to devastating attacks. Brian Fox, Co-founder and CTO of Sonatype, will pull back the curtain on this invisible threat, diving into the rise of malicious components that proliferate at an unprecedented rate.

Discover the stealthy tactics used to infiltrate networks, masquerading as legitimate software, and understand why traditional security solutions are failing. This session will provide the knowledge and tools to proactively protect software supply chains, blocking malicious components before they wreak havoc, and fortify defenses against this invisible and growing enemy.

As a former FAANG engineering leader who's interviewed 100s of candidates, I've seen brilliant engineers crumble under the pressure of system design interviews. In this hands-on workshop, we'll build tools I wish every candidate (including myself) had before walking into interview rooms.

Together, we'll create:

* A system design scenario generator based on real FAANG questions
* Interactive simulators showing how architectures perform under load
* Visual tools demonstrating distributed systems concepts (CAP theorem, consistency models)
* Performance comparison tools for evaluating architectural trade-offs
* Failure scenario simulators revealing resilience thinking

Candidates often fail not from lack of knowledge, but inability to visualize and communicate complex systems under pressure. The market is competitive & rife with layoffs. These tools aren't just about getting hired - they're about ensuring talented engineers find positions where they'll thrive.

We'll use OSS (ONLY) to make abstract concepts concrete, giving you both valuable tools and insider perspective on what FAANG interviewers are really seeking when they ask you to design a system from scratch.

Open source software is the basis for the tools used to create almost all visual effects and animation used in the motion picture industry today, providing the backbone for creating blockbuster films like The Wild Robot, Moana 2, Dune, Oppenheimer, the Star Wars movies and all of the Marvel Cinematic Universe films.

The most important open source projects that are used on almost every film production today are housed at the Academy Software Foundation (ASWF), which provides a neutral forum for open source software developers in the motion picture and broader media industries to share resources and collaborate on technologies for image creation, visual effects, animation and sound.

The Foundation has flourished since its launch in 2018, hosting 14 projects and supporting a growing ecosystem of open source engineers. During this session, David Morin, Executive Director of the Academy Software Foundation, will share more about the Foundation’s growth over the last six years, including new open source projects, engineering events such as Dev Days, and D&I initiatives including the Summer Learning Program.

Open source contribution is often portrayed as a straightforward journey starting with "good first issues," but the reality is far more nuanced and personal. In this heartfelt talk, I'll share my transformative journey from an overwhelmed beginner to a purposeful contributor, highlighting how I discovered sustainable joy in open source development. Through personal stories and lessons learned, I'll discuss navigating common pitfalls like contributor fatigue, the "what's in it for me" mindset, and the good-first-issue trap. I'll share how local meet-ups, in-person conferences, and finding my passion in accessibility—particularly through my work with the Deaf and hard-of-hearing working group—helped me carve a meaningful path. This talk will provide practical insights for contributors seeking to build a fulfilling, long-term relationship with open source while maintaining their well-being and making a genuine impact on the community.

Note: I'm deaf and this talk reflects my own journey in open source. I'm okay to present this as lightning talk as well.

The Linux Foundation has hundreds of projects under its auspices all working to gain adoption — especially in the case of forks like OpenBao and Valkey. In this struggle for adoption, projects could be doing more in support of our common goal. This talk proposes a system by which projects can work together, integrate each other, and increase cohesion between projects under a common foundation. This talk will serve as the opening of a discussion meant to engage both the participants and maintainers of projects and Linux Foundation community members.

In this session, we will examine critical moments in Open Source history, from the early days of the kernel and birth of the Linux Foundation, to Software defined networking, to Containerization and Cloud Native, to Web, to AI; examine what can be distilled as transcendent truths, and what that tells us about our future? How should it inform the ways we build our software strategies? Attendees will leave inspired, curious and wanting to learn more.