Open Source Summit North America 2025

As eBPF continues to revolutionize Linux observability and networking, the complexity of its program loading mechanism has evolved significantly.

This technical deep dive unravels the sophisticated machinery behind eBPF program loading, exploring the intricate interplay between userspace loader and Linux kernel verifier. We'll dissect the eBPF program relocation mechanisms, examine the role of BTF (BPF Type Format) in enabling strong typing and verification capabilities, and analyze the complex choreography of bpf() syscalls that bridge userspace and kernel operations. Finally, we will also discuss the security implications and program signing challenges in the loading pipeline.

MoonRay is DreamWorks Animation's open-source production rendering engine, used to create memorable imagery from movies such as How to Train Your Dragon: The Hidden World, Puss in Boots: The Last Wish, The Wild Robot, the upcoming Bad Guys 2 and future titles.

We’ll talk about MoonRay’s origins as an experiment and its foundation for rendering-as-a-service in animated and non-animated content, stylized and photoreal, to its current use as the core production renderer for the feature film studio pipeline at DreamWorks Animation.

After diving into MoonRay’s use at the studio, we’ll present our path to open-sourcing MoonRay, the goals and challenges to launch that, the experiences gained since launch, what it means for DreamWorks, and where we see the potential for the open source community to embrace it and its future in animation, vfx, simulation, visualization, and more.

Travel retail, shopping and booking stays, activities, or trips, is ripe for disruption using open source. The travel industry was a pioneer in worldwide interconnectivity between suppliers and sellers starting in the 1970s. Fifty years on the process of shopping and purchasing travel products has been computerized exposed online but works largely the same as it always did. Even as some legacy components have been replaced, their limitations are still present embodied in workflows and policy. Stateful, transactional, processing is still the order of the day. It all needs to be overhauled to move into a stateless, cloud based, digital world. Unaffordable in the current bespoke, siloed world of reservation systems, distributors and channels. Open Source is the obvious answer. As a community make one investment to create the needed foundational capabilities such as offer/order management, security, identity management, event management, rules processing and much more. Noncompetitive functions everyone needs to create traveler solutions such as end to end trip solions and management via an AI powered app. This session will explain how it works.

For the past three years, LF Education has partnered with LF Research to produce a yearly State of Tech Talent report surveying hiring and training managers to capture trends in the IT talent market. The 2025 study, which will go live at Open Source Summit North America, explores AI’s impact on organizational operations and developers; the fastest-growing areas of job responsibility; and compliance shifts from policies like the Cyber Resilience Act. In this session, the LF Research team will host a discussion of this year’s study findings, with panelists from LF Education and OpenSSF sharing their expertise on hiring and training to address cybersecurity concerns, regulatory compliance, AI, and more. In discussing the findings of the study, this session will describe how the community is grappling with resourcing amidst the new and shifting priorities in this landscape, from AI to Cybersecurity to platform engineering. The session will deliver insight on how the open source community can take the findings of the study to fortify its organizations and people for the market in 2025 and beyond and maintain relevance among economic, regulatory, and technological changes.

When building an application, we often start with simple requirements: “Just make sure only the admin can see this page.” Fast forward a few months, and the requirements have grown into a tangled web of roles, attributes, exceptions, and edge cases. Sound familiar?

In this talk, we’ll follow the journey of a fictional project that begins with no access control, progresses to Role-Based Access Control (RBAC), struggles with Attribute-Based Access Control (ABAC), and ultimately finds its footing with Fine-Grained Authorization (FGA). In this process, you’ll learn how OpenFGA addresses the growing complexity of modern applications with a relationship-based model that’s both flexible and scalable.

The telecom industry constantly evolves to meet the demands of modern communication.
As a supporter of the Linux Foundation Valkey project, this presentation will explore other ways to utilize Valkey compared to many cloud providers, and the benefits this brings to the community and the project itself.

We will discuss the technical aspects of Valkey's use in telecom, drawing from insights for the advantages of public forks managed by foundations, leading to faster and more expansive development.

Our company was one of the founding supporters of Valkey, and Viktor Söderqvist is a core maintainer of Valkey. We will cover how we integrate community engagement and governance, David as a manager and Viktor maintainer and our collaborative efforts together.

We'll highlight our contributions to Valkey, and the discussions that led to our strategic pivot and fork and creation Valkey.

We will also present unique requirements in telecom that has been added to Valkey, and demonstrate how these requirements also benefit the broader project, with features like downgrade mechanisms and key hash improvements for higher performance.

Endor Labs coined the term "Phantom Dependency Problem" to describe dependencies that are bundled into software packages but not represented in the package metadata. This is common in many software package ecosystems, but it is most prevalent in the Python package ecosystem (PyPI) where many packages include compiled C, C++, and Rust dependencies.

Bundled software not being included in package metadata is meaning means that software composition analysis (SCA), SBOM, and vulnerability scanning tools are not able to detect the bundled software. This can cause vulnerabilities to be missed and make.

The Security Developer-in-Residence at the Python Software Foundation, Seth Larson, worked on solving to the Phantom Dependency problem for Python packaging, involving work on standards and tooling.

By the end of this session attendees will understand the Phantom Dependency problem, how it relates to Python and other packaging ecosystems, how SBOM and SCA tools work, and what work was done to make bundled dependencies measurable and what that means for users.

Weaponized open source components are silently infiltrating software supply chains, evading detection, and leaving organizations vulnerable to devastating attacks. Brian Fox, Co-founder and CTO of Sonatype, will pull back the curtain on this invisible threat, diving into the rise of malicious components that proliferate at an unprecedented rate.

Discover the stealthy tactics used to infiltrate networks, masquerading as legitimate software, and understand why traditional security solutions are failing. This session will provide the knowledge and tools to proactively protect software supply chains, blocking malicious components before they wreak havoc, and fortify defenses against this invisible and growing enemy.

As a former FAANG engineering leader who's interviewed 100s of candidates, I've seen brilliant engineers  struggle to communicate system design concepts under pressure. In this session, I'll introduce SDL -   an open source tool that makes distributed systems tangible and interactive.

What We'll Explore Together

- System Modeling
- Watch how architectures like Uber and Bitly actually behave under load
- Interactive Failure Scenarios
- Kill components and see cascading failures in real-time
- Trade-off Analysis
- Adjust consistency/latency sliders and watch system behavior change
- Probability-based Modeling
- Pattern Recognition

Why this matters?

Candidates often fail not from lack of knowledge, but inability to visualize and communicate complex systems under pressure. The market is competitive & rife with layoffs. These tools aren't just about getting hired - they're about ensuring talented engineers find positions where they'll thrive.

Key Takeaways:
- Understand SDL's simple grammar for modeling distributed systems
- See real architectural patterns emerge from constraints
- Learn to reason about system behavior probabilistically
- Build confidence by experimenting safely before interviews
- Looking forward to learn from you all too and collaborating in the future.

This isn't about memorizing answers - it's about building intuition through interactive exploration. Whether  you're preparing for interviews or teaching others, SDL transforms abstract concepts into tangible  experiences.

Open source software is the basis for the tools used to create almost all visual effects and animation used in the motion picture industry today, providing the backbone for creating blockbuster films like The Wild Robot, Moana 2, Dune, Oppenheimer, the Star Wars movies and all of the Marvel Cinematic Universe films.

The most important open source projects that are used on almost every film production today are housed at the Academy Software Foundation (ASWF), which provides a neutral forum for open source software developers in the motion picture and broader media industries to share resources and collaborate on technologies for image creation, visual effects, animation and sound.

The Foundation has flourished since its launch in 2018, hosting 14 projects and supporting a growing ecosystem of open source engineers. During this session, David Morin, Executive Director of the Academy Software Foundation, will share more about the Foundation’s growth over the last six years, including new open source projects, engineering events such as Dev Days, and D&I initiatives including the Summer Learning Program.

In this session, we will examine critical moments in Open Source history, from the early days of the kernel and birth of the Linux Foundation, to Software defined networking, to Containerization and Cloud Native, to Web, to AI; examine what can be distilled as transcendent truths, and what that tells us about our future? How should it inform the ways we build our software strategies? Attendees will leave inspired, curious and wanting to learn more.

The Linux Foundation has hundreds of projects under its auspices all working to gain adoption — especially in the case of forks like OpenBao and Valkey. In this struggle for adoption, projects could be doing more in support of our common goal. This talk proposes a system by which projects can work together, integrate each other, and increase cohesion between projects under a common foundation. This talk will serve as the opening of a discussion meant to engage both the participants and maintainers of projects and Linux Foundation community members.

Registration Cost: $5

This mini-summit will explore how standards and process management are driving the next phase of sustainable, efficient open source use in organizations. We will discuss emerging trends or concerns in areas like AI and SBOM quality, and we will also discuss the future development of our existing standards (ISO/IEC 5230 for license compliance and ISO/IEC 18974 for security assurance). Attendees will come away with increased knowledge of OpenChain activities, more generally of open source business process management, and with the ability to apply that learning to their own companies and projects.

AGENDA:
Current Compliance

• OpenChain Standards for Process Management and Risk Reduction
• Industry Specific and Cross-Industry SBOM Quality Management
• Understand Automation - Open Source Tools for Open Source Compliance

Future Compliance

• AI BOM Compliance in the Supply Chain
• Mitigating Risk for Securing Information in a Post Quantum Computing (PQC) World

How to Register: Pre-registration is required. To register for OpenChain Project - Standards and Process Management Mini Summit, add it to your Open Source Summit North America registration.

Registration Cost: $10

Join us at the LF AI & Data Mini Summit to explore the latest advancements in open-source AI and data technologies. This event will feature expert-led sessions, project showcases, and collaborative discussions on key topics like generative AI, data governance, and interoperability. Don’t miss this opportunity to connect with the community driving innovation in AI and data.

AGENDA:

• 1:30 – 1:35 Welcome / Opening Remarks
  Steven Chin, VP of DevRel at Neo4j and LF AI & Data Content Chair
• 1:35 – 2:00 LF AI & Data State of the Union
  Todd Moore, SVP
• 2:00 – 2:20 OPEA + InfiniEdgeAI Integration
  Tina Tsou, InfiniEdgeAI TSC Chair, and Director, External Tech Influence, TikTok
  Alex Shinz, Intel
• 2:20 – 2:45 Panel: AI Open Source Across the LF
  Ezequiel Lanza, Open Source AI Evangelist, Intel Corporation
  Riccardo - Vini J. (former TAC chair)
• 2:45 – 3:00 BREAK
• 3:00 – 3:20 Orchestrating Guardrails in Generative AI Workflows
  Evaline Ju, Senior Software Engineer, IBM
• 3:20 – 3:40 AI Fairness on the Frontlines: TikTok & ServiceNow
  Jianpeng Mo, TikTok
  Xing Liu, TikTok
  Jim Van Over, ServiceNow
• 3:40 – 4:00 Simplifying Generative AI App Development: Standardization Matters
  Katherine Druckman, Open Source Security Evangelist, Intel Corporation
  Shirley Bailes, Director of Software Ecosystem Strategy, Intel Corporation
• 4:00 – 5:00 PROJECT LIGHTNING TALKS
  • 4:00 – 4:10 OPEA
    Arun Gupta, VP & GM, Developer Programs, Intel Corporation
  • 4:10 – 4:20 GenAI Commons
    Arnaud Le Hors, Senior Technical Staff Member (STSM), Open Technologies, IBM
  • 4:20 – 4:30 Docling
    Peter Starr, Principal Research Staff Member, Master Inventor, Manager of "AI for Knowledge" group, IBM
  • 4:30 – 4:40 BeeAI
    Teryl Taylor, IBM Research
  • 4:40 – 4:50 Data Prep Kit
    Santosh Borse, Senior Engineer, watsonx Data Engineering, IBM Research
  • 4:50 – 5:00 Trustmark
    Oita Coleman, Sr. Advisor, Open Voice Trustmark Initiative

How to Register: Pre-registration is required. To register for the LF AI & Data Mini Summit, add it to your Open Source Summit North America registration.