Open Source Summit North America 2025

The federal government builds and maintains hundreds of thousands of software systems - and it would be difficult to find a system that doesn't rely on open source software. In fact, the government is likely the single largest consumer of OSS in the world and considering the criticality of the mission, the security of those systems is paramount. There has been limited guidance on how government programs should select, consume, contribute to, and publish open source software, but things are getting better! This session will discuss the current landscape of open source in the federal government and present methods for how we can secure our own systems with tools and processes to vet open source projects, ingest that software securely, and support those projects with substantive contributions.
Attendees from government entities, contractors, and members of the community should attend to learn how the government can tackle the supply chain risks inherent in open source while still capturing the benefits that it has to offer. They'll come away with an understanding of how this might impact their work, and how by working together we can build a better open source ecosystem for everyone.

Most modern software assumes the internet is always available—but what happens when it’s not? Air-gapped environments are more prevalent than you might think. While they are essential in government, they’re also common in finance, healthcare, and manufacturing. Yet, a surprising amount of today’s tooling—from CI/CD pipelines to package managers—relies on network access and fails when that assumption is broken.

Working in these environments means finding new ways to handle familiar problems. In this talk, we’ll look at the challenges teams face when managing dependencies, applying updates, and automating deliveries without internet access. We’ll share practical solutions, real-world examples, and ways to make modern development practices work in restricted environments.

In this session we will perform a case study of load testing for a US State’s Unemployment Insurance Modernization initiative. We will talk about the unique requirements and constraints of the project, such as the looming specter of the COVID-19 Unemployment boom. We’ll also review how the testing was done and why we ultimately decided on using browser-based tools such as Artillery with Playwright to build a testing system that could deliver and measure massive amounts of realistic traffic in a way that is quick (30 minutes) and easy to run. Attendees will walk away with an understanding of how one might approach load testing for a system like this, and why using browser based testing might or might not be a good idea.

As government regulations, such as Executive Order 14028 - Improving the Nation's Cybersecurity, drive organizations to adopt Software Bill of Materials (SBOM) reporting, modern software systems face unique challenges in achieving compliance. Decoupled cloud-native architectures—comprised of microservices, containers, APIs, and distributed dependencies—make it exponentially more difficult to produce accurate, real-time SBOMs. This talk explores the complexities of implementing SBOM practices in distributed environments, the risks of non-compliance, and strategies to streamline compliance efforts.

Most developers generating SBOMs use a tool like Syft or Trivy and yell “SHIP IT!” While this might generate an NTIA Minimum Field adherent SBOM, it often lacks information that truly makes it actionable for downstream users.

This talk covers the work of a CISA SBOM Community Tiger Team who created SBOM Generation Reference Implementations for multiple languages and scenarios. We will discuss the distinct phases of SBOM generation and highlighting how each step contributes to a more robust and actionable SBOM. By expanding the SBOM authoring process, organizations can better integrate multiple data sources, enhance metadata accuracy, and customize their workflows to align with evolving security frameworks. This approach enables tool interchangeability while maintaining data integrity and transparency.

Additionally, we will explore implementations, including the integration of SBOM generation into CI/CD pipelines using GitHub and GitLab, supporting multiple programming languages, and ensuring interoperability with both CycloneDX and SPDX formats. We will also discuss ecosystem challenges such as supplier identification, license consistency, and benchmarking completeness.

The University of California’s network of Open Source Program Offices (OSPOs) launched last year, bringing together six campuses (UC Santa Cruz, Berkeley, Davis, Los Angeles, Santa Barbara, and San Diego) to support open source research, promote sustainability, and establish best practices within academic environments.
A key challenge in this effort is identifying and connecting open source projects across the system. Despite UC’s significant contributions to open source, there is no centralized way to track these efforts, making it difficult for researchers to find relevant projects, for institutions to assess impact, and for the broader community to engage with UC’s open source work.
To address this, the UC OSPO Network is developing the UC Open Source Repository Browser (UC ORB), a discovery tool designed to map and classify UC’s open source projects.
This talk will explore the process of building the UC ORB, from leveraging the GitHub API for data collection to integrating automated discovery with targeted outreach to the academic community. We will discuss the challenges of repository identification, compare similar approaches, and share lessons learned throughout the process.

In today's rapidly evolving tech landscape, alignment of open source initiatives and product-focused research & development (R&D) efforts are crucial to achieving strategic business goals. Establishing a dedicated Open Source Program Office (OSPO) plays a critical role in ensuring effective strategy, governance, fostering community engagement, and maximizing the benefits of open source contributions. However, an OSPO must connect these high-level principles with the needs and day-to-day operations of R&D organizations to ensure their effectiveness.

In this presentation, Georg and David will represent the OSPO and R&D at Ericsson. They will share insights into a set of concrete real-world cases and challenges, such as facilitating upstream contributions to the Linux kernel, establishing the Valkey project, and eliminating downstream forks. Based on these examples, they will delve into the intricacies of establishing an effective collaboration between the OSPO and R&D departments, highlighting how to bridge the gap between the needs of product team and the overarching company strategy.

Open source has become mainstream; but not everyone knows what the term really means or how to succeed with it. New legal regulations such as the Cyber Resilience Act (CRA) in the EU will raise further awareness and require everyone to pay closer attention to open source software. However, there are also equal pressures to streamline and cut costs, often resulting in scaling back open source programs.

This panel brings you speakers in different job roles, including community manager, OSPO program compliance manager, open source maintainer, and standards lead. The panelists will explore their responsibilities, interactions and strategies for success to capture why each of these roles are critical to the success and sustainability of the open source ecosystem, whether we look at open source projects or corporate organizations whose products and services depend on open source.

Join us to learn about how you can build and leverage versatile teams to succeed with open source sustainably!

The financial industry is navigating an ocean of regulations, where compliance and innovation often feel like opposing forces. But what if there was a way to align them? Enter InnerSource—the open-source-inspired approach that fosters collaboration, accelerates development, and enhances regulatory transparency within financial institutions. Explore how the InnerSource Commons Foundation and the FINOS foundation are partnering to navigate the murky waters of regulation within the concept of openness inside of the FINTECH industry.

In this session, Brittany Istenes (FINOS) and Russ Rutledge (InnerSource Commons) will share how they are using InnerSource principles and guidance as a life preserver to help FINTECH firms navigate regulatory challenges.

Join us to explore real-world success stories and actionable strategies that demonstrate how InnerSource can transform challenges into opportunities for innovation to sail into calmer seas.

The rapid pace of innovation is accelerating, and the role of open technologies and methodologies (i.e., open source software, open AI, open data, open collaboration, etc.) have become increasingly critical to enable company competitiveness. Open Source Program Offices (OSPOs) have emerged as a best practice to facilitate company collaboration and innovation with open source software, yet this org pattern is flexible and scalable to other “opens”. Come explore how organizations can adapt their OSPOs to be Open Program Offices (OPOs) and respond to rapid advancements in openness, especially for open community AI.

In particular, we’ll discuss:
- How to optimize the OPO organization for AI – what is different and what is leverageable
- Practical approaches for embedding openness of all kinds into your organization
- Where best to locate an OPO in an organization and the implications of the options
- Extending to open standards and open hardware
- How to drive org alignment and shape your open strategy

Openness is more than a philosophy—it’s a competitive advantage for the future of AI and for community development of any size.

Triton Inference Server has long been a reliable tool for AI model deployment. As Generative AI unfolds its transformative potential, Triton continues to evolve, offering both time-tested features and new capabilities tailored for large language models and more complex agentic workflows.

This session explores how Triton’s core strengths continue to play a crucial role in optimizing generative AI deployments. These include its robust multi-framework support, dynamic batching, concurrent model execution, and the capability to deploy complex inference pipelines through model ensembling and business logic scripting.

We’ll also cover recent enhancements such as OpenAI compatible frontend, allowing easy integration with existing OpenAI-based applications; Python-based backends to standardize the deployment of Python models without writing a custom C++ backend; Triton CLI to simplify model deployment and management; distributed inference enhancements for Data Center scale.

Throughout the presentation, we’ll share practical examples and best practices, equipping our listeners with the knowledge to effectively use Triton Inference Server to optimize AI workloads’ performance and efficiency.

Generative AI applications, in general, excel in zero-shot and one-shot types of specific tasks. However, we live in a complicated world and we are beginning to see that today’s generative AI systems are simply not well equipped to handle the increased complexity that is found especially in business workflows and transactions. Traditional architectures often fall short in handling the dynamic nature and real-time requirements of these systems. We will also need a way to coordinate multiple components to generate coherent and contextually relevant outputs. Event-driven architectures and multi-agent systems offer a promising solution by enabling real-time processing, decentralized decision-making, and enhanced adaptability.

This presentation proposes an in-depth exploration of how event-driven architectures and multi-agent systems can be leveraged to design and implement complex workflows in generative AI. By combining the real-time responsiveness of event-driven systems with the collaborative intelligence of multi-agent architectures, we can create highly adaptive, efficient, and scalable AI systems. This presentation will delve into the theoretical and practical sides.

This session will guide attendees through the process of understanding and mitigating the carbon emissions of machine learning models and AI systems. We'll delve into methods for measuring the environmental impact of these technologies and discuss the pivotal role developers play in pioneering eco-conscious computing. Participants will gain insights into optimizing algorithms, adopting sustainable coding practices, and choosing energy-efficient tools to minimize the carbon footprint of their machine learning projects.

Additionally, we'll examine the environmental considerations of deploying AI systems in the cloud. As cloud computing becomes integral to deploying AI solutions, understanding its ecological impacts is crucial. We'll cover strategies for making environmentally responsible decisions when selecting and utilizing cloud services, aiming to maintain the eco-friendliness of AI applications.

Together, we'll explore how to balance the demands of advanced computational technologies with the urgent need for sustainability.

Join us to discover how Intuit's GenAI framework is reshaping AI development, enabling swift integration of AI functions across varied business units. We'll focus on a robust framework of reusable agents and tools derived from open-source technologies like LangChain/LangGraph, facilitating diverse functionalities from simple data retrieval to complex processes such as query generation, optimization, pipeline creation and debugging. This framework dramatically reduces the time required for data workers to operationalize data pipelines and supports diverse customer interactions through notebooks, no-code approaches, REST integrations, and Python libraries, catering to a wide range of needs including agent developers and teams in pre-production settings. Our meticulous evaluation process ensures that each tool and agent is rigorously tested against high-performance benchmarks to guarantee reliability and consistency before deployment. By centralizing these AI components, Intuit has not only accelerated development timelines but also upheld a high standard of quality, establishing a benchmark for crafting scalable, effective AI solutions in the dynamically evolving tech landscape.