Loading…
March 18-20, 2025
Napa, California
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for the event to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to find out more information.

This schedule is automatically displayed in Pacific Daylight Time (UTC/GMT -8). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

or to bookmark your favorites and sync them to your phone or calendar.
arrow_back View All Dates
Wednesday, March 19
 

8:00am PDT

Breakfast
Wednesday March 19, 2025 8:00am - 10:00am PDT
Fairway Deck and Inside Terrace
Wednesday March 19, 2025 8:00am - 10:00am PDT
Fairway Deck and Inside Terrace
  Special Events / Exhibits / Breaks

8:00am PDT

Registration & Badge Pick-Up
Wednesday March 19, 2025 8:00am - 5:00pm PDT
Beaulieu Room (Mansion - Main Level)
Wednesday March 19, 2025 8:00am - 5:00pm PDT
Beaulieu Room (Mansion - Main Level)
  Special Events / Exhibits / Breaks

8:00am PDT

Zen Zone
Wednesday March 19, 2025 8:00am - 5:00pm PDT
Silverado Resort, Napa, CA
Visit the Registration Desk for Location Details & Access
All attendees may feel free to use the Zen Zone as needed for sensory relaxation, meditation and worship. It is a physical space where conversation and interaction are not allowed, where attendees can go if for any reason they can’t interact with other attendees at that time.
Wednesday March 19, 2025 8:00am - 5:00pm PDT
Silverado Resort, Napa, CA 1600 Atlas Peak Rd Napa, CA 94558
  Special Events / Exhibits / Breaks

9:00am PDT

Building New Open Source Standards - A Playbook for 2025 - Shane Coughlan, OpenChain Project
Wednesday March 19, 2025 9:00am - 9:30am PDT
Vintner's Court
The OpenChain Project has built two open source process management standards (ISO/IEC 5230 and ISO/IEC 18974) and deployed them across the open source supply chain. While OpenChain was the first Linux Foundation project in 14 years to produce an ISO standard, it is far from the last. During the 2023~2024 period, we saw growing engagement around Joint Development Foundation and committee discussions around standards or specifications in other LF projects. This talk will consolidate OpenChain's lessons learned in creating, submitting and deploying open source standards. It will help projects at any stage in the development lifecycle of specifications, including those only just considering this option for long-term impact. It will also help people with a specific interest in a more trusted supply chain to get more involved in OpenChain, building on our existing work or participating in new potential standards. Our optics will be on the legal, risk and compliance side due to the nature of the OpenChain Project's mission for a more trusted supply chain, but the core material will be equally applicable to technical, code or other projects working on this topic.
Speakers
avatar for Shane Coughlan

Shane Coughlan

General Manager, OpenChain Project
Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open... Read More →
Wednesday March 19, 2025 9:00am - 9:30am PDT
Vintner's Court
  Legal / Compliance / Policy
  • Audience Experience Level Any

10:00am PDT

Accelerating Open Source Engagement: Insights from the State of Developer Adoption 2025 - Sean Lauer, Instruqt
Wednesday March 19, 2025 10:00am - 10:30am PDT
Silverado West
Open source software is at the heart of innovation, but its complexity often slows developer adoption, limiting impact. Developers need more than great technology—they need intuitive, hands-on experiences that empower them to truly engage.

Sean Lauer, VP of Marketing & Product, will share insights from The State of Developer Adoption 2025, a research report commissioned by Instruqt and conducted by Developer Marketing Alliance, exploring trends in developer enablement. Learn how leaders plan to turn complexity into opportunity—empowering developers, aligning goals, and fostering ecosystems that drive open source innovation.

Key takeaways for attendees:
• Strategic insights into overcoming adoption challenges and engaging developers with open source tools
• How to align open source project goals with organizational enablement strategies for long-term impact
• Emerging trends in developer engagement and the future of open source adoption
Speakers
avatar for Sean Lauer

Sean Lauer

Vice President, Marketing & Product, Instruqt
Sean Lauer, an award-winning marketer with over 16 years of experience, is the VP of Marketing & Product at Instruqt, a company redefining how software companies engage developers and drive adoption. Instruqt’s success reflects a deep understanding of modern computing and a passion... Read More →
Wednesday March 19, 2025 10:00am - 10:30am PDT
Silverado West
  Building and Managing Healthy Open Source Projects
  • Audience Experience Level Any

10:00am PDT

Managing Open Source in an Age of Regulations - Nithya Ruff, Amazon
Wednesday March 19, 2025 10:00am - 10:30am PDT
Vintner's Court
Open Source today lives in an age of great scrutiny and regulations. The use of open source in mission critical applications and critical infrastructure means the bar is higher for security and quality. Governments around the world are putting regulations and policies in place to hold open source software to a higher bar. And OSPOs need to understand these regulations and focus on what they need to do to get the organization ready for them. I will discuss the role of the OSPO and what it can do to prepare their organizations and developers in this age of regulations.
Speakers
avatar for Nithya Ruff

Nithya Ruff

Director, Amazon OSPO, Amazon
Nithya is the Head of Amazon’s Open Source Program Office. Amazon’s customers value open source innovation and the cloud’s role in helping them adopt and run important open source services. She drives open source culture and coordination inside of Amazon and engagement with... Read More →
Wednesday March 19, 2025 10:00am - 10:30am PDT
Vintner's Court
  Legal / Compliance / Policy

10:00am PDT

Transforming App Development With Open Source: How LF EU Is Driving SDK Interoperability in the Mobi - Diego Zuluaga, Futurewei Technologies & Saurabh Goyal, Open Mobile Hub
Wednesday March 19, 2025 10:00am - 10:30am PDT
Silverado East
Discover the power of the Open Mobile Hub Project (OMH), a game-changer in mobile development. Hosted by the Linux Foundation Europe and supported by a global network of industry leaders, OMH is creating an open, collaborative ecosystem for developers, service providers, and users alike.

This session will highlight how OMH’s open-source framework simplifies cross-platform app development, boosts interoperability, and fosters innovation. Learn how OMH is reshaping the mobile landscape and how you can get involved in driving this transformative movement forward.
Speakers
avatar for Saurabh Goyal

Saurabh Goyal

Senior director, Open Mobile Hub
Saurabh Goyal, currently Senior Director at Futurewei, has almost 20 years of experience in the tech industry. He has worked with Amazon and Google in the past in the ecommerce and mobile ads domain. At Amazon, he was involved in the initial development of tech for running Amazon’s... Read More →
avatar for Diego Zuluaga

Diego Zuluaga

Solution Partner Director at OMH, Futurewei Technologies
Diego Zuluaga, Solution Partner Director at OMH (Futurewei), brings extensive experience in software development, developer relations, and solutions engineering. He has driven key initiatives at Google, contributing to Android, Google Assistant, and Google Cloud, with a strong focus... Read More →
Wednesday March 19, 2025 10:00am - 10:30am PDT
Silverado East
  Open Source Project Highlights

10:45am PDT

Developing a Foundation Strategy in an Uncertain World - Rebecca Rumbul, Rust Foundation
Wednesday March 19, 2025 10:45am - 11:15am PDT
Silverado West
This session will examine the importance of developing a strategy for maintenance, growth and development for OSS projects and foundations, and discuss the challenges in doing so. It will consider how to plan strategy development, how to ensure it is inclusive of the community and relevant stakeholders, how to ensure that key organisational and external aspects are considered, and how to track progress meaningfully towards success.
Speakers
avatar for Rebecca Rumbul

Rebecca Rumbul

CEO & Executive Director, Rust Foundation
Rebecca is the Executive Director and CEO of the Rust Foundation. She holds a PhD in Politics and Governance, and has worked as a consultant and researcher with governments, parliaments and development agencies all over the world, advocating for openness and transparency, and developing... Read More →
Wednesday March 19, 2025 10:45am - 11:15am PDT
Silverado West
  Building and Managing Healthy Open Source Projects
  • Audience Experience Level Any

10:45am PDT

Open Collaboration: Sustaining the Path To OSS Innovation in the Face of Rising Patent Threat - Keith Bergelt, Open Invention Network
Wednesday March 19, 2025 10:45am - 11:15am PDT
Vintner's Court
Open source software (OSS) has become a cornerstone of modern technological innovation. By allowing developers to collaborate and share code, OSS enables rapid progress and democratizes access to cutting-edge software. However, the very characteristics that make OSS so powerful—its openness, adaptability, and applicability—also make it a target for patent assertion entities (PAEs). These entities attempt to exploit the widespread adoption of common technologies across industries to extract patent settlements from businesses. The threat continues to grow as district court patent filings from PAEs grew by 14.1% in 2024, and are over half of all patent litigation cases.

Since 2005, Open Invention Network (OIN) has acted to safeguard OSS from patent risk through its patent cross-license in core OSS technologies. This session will provide information on the cross-license and case studies on how it has been used to successfully defend against PAEs.

This presentation will also discuss in detail efforts to protect OSS from PAEs by:
• collecting prior art and providing invalidity claim analyses
• supporting initiatives like the Open Source Zone, which has invalidated 50 NPE patents
Speakers
avatar for Keith Bergelt

Keith Bergelt

CEO, Open Invention Network
Keith Bergelt is the CEO of Open Invention Network (OIN), the largest patent non-aggression community in history, created to support freedom of action in Linux and adjacent open source technologies such as Kubernetes. Funded by Google, IBM/Red Hat, NEC, Philips, Sony, SUSE and Toyota... Read More →
Wednesday March 19, 2025 10:45am - 11:15am PDT
Vintner's Court
  Legal / Compliance / Policy

10:45am PDT

Defining Openness in AI: Real-World Use Cases of MOF-Classified Models - Anni Lai, Generative AI Commons & Futurewei
Wednesday March 19, 2025 10:45am - 11:15am PDT
Silverado East
As AI innovation accelerates, the definition of "openness" in AI models becomes critical for fostering collaboration, transparency, and trust. The Model Openness Framework (MOF) provides a clear and actionable classification for AI models based on their openness:
• Class III: Open Models
• Class II: Open Tooling Models
• Class I: Open Science Models
In this talk, we will introduce MOF and showcase exemplary AI models that qualify for each class, highlighting how they align with MOF criteria. We will explore real-world use cases of these models demonstrating how openness drives tangible value, innovation, and collaboration.
Speakers
avatar for Anni Lai

Anni Lai

Head of Open Source Operations; Chair of Generative AI Commons, LF AI & Data, Futurewei
Anni drives Futurewei’s open source (O.S.) governance, process, compliance, training, project alignment, and ecosystem building. Anni has a long history of serving on various O.S. boards such as OpenStack Foundation, LF CNCF, LF OCI, LF Edge, and is on the LF OMF board and LF Europe... Read More →
Wednesday March 19, 2025 10:45am - 11:15am PDT
Silverado East
  Open Source Project Highlights

11:15am PDT

Coffee Break
Wednesday March 19, 2025 11:15am - 12:00pm PDT
Fairway Deck
Wednesday March 19, 2025 11:15am - 12:00pm PDT
Fairway Deck
  Special Events / Exhibits / Breaks

12:00pm PDT

Show Me What You Got: Turning SBOMs Into Actions - Georg Link, Bitergia & Brittany Istenes, Fannie Mae
Wednesday March 19, 2025 12:00pm - 12:30pm PDT
Vintner's Court
Organizations that use open source software face risks related to licensing, security, and project health. Ensuring the sustainability of the open source ecosystem requires staying informed about compliance developments and achieving comprehensive visibility across activities. As the importance of Software Bill of Materials (SBOM) continues to grow, managing and utilizing this wealth of information effectively is becoming increasingly critical.

The goal is to equip application teams with tools that are both accessible and easy to manage while fostering strategic collaboration with internal risk partners, leadership, open source projects, open source contributions, and even vendors. Achieving scalable, efficient visibility into actual OSS usage is key.

So, how can organizations position themselves as proactive partners in this dynamic landscape? Join Georg Link and Brittany Istenes as they share practical strategies for navigating this complex ecosystem, empowering your organization to confidently and successfully leverage open source software.
Speakers
avatar for Georg Link

Georg Link

Open Source Strategist, Bitergia
Georg Link is an Open Source Strategist. Georg’s mission is to make open source more professional in its use of community metrics and analytics. Georg co-founded the Linux Foundation CHAOSS Project to advance analytics and metrics for open source project health. Georg is an active... Read More →
avatar for Brittany Istenes

Brittany Istenes

OSPO Strategist, Fannie Mae
Brittany Istenes started off her career as an elementary school educator which then led to a path of tech. Brittany has led advisory councils, special interest groups, open source contributions, community building, InnerSource initiatives and all the gray areas in between. At Fannie... Read More →
Wednesday March 19, 2025 12:00pm - 12:30pm PDT
Vintner's Court
  Legal / Compliance / Policy

12:00pm PDT

From PoC To Production - Sergio Gago Huerta, Diego Mastroianni & Louise Hopkins, Moody's
Wednesday March 19, 2025 12:00pm - 12:30pm PDT
Silverado East
Generative AI has plenty of use cases in Finance. From the customer support on the front office, to research, business analysis and optimization of investment cases.
However most companies get stuck at the "Proof of concept" stage.
While it is relatively quick to create a demo with a "Wow effect", building the right pipelines, governance, security and controls and in general get the buy in and approvals from legal and compliance teams is extremely hard.

In this presentation we will show a detailed runbook on how to leverage Generative AI cases at scale in the organization, from the perspective of the first company that delivered a production application in the market.

We will review how to build an open innovation system that promotes collaboration in what we called "The era of the 14.000 innovators" where every employee became a prompt engineer. And how we harnessed that power to put dozens of use cases in production (internal and external) as well as the edge research on agents and beyond.
Speakers
avatar for Sergio Gago Huerta

Sergio Gago Huerta

MD AI and Quantum Computing, Moody's
Sergio Gago is a serial entrepreneur expert in AI and Data Science and Quantum Computing. He joined Moody's with the acquisition of AcquireMedia and now is the Managing Director of AI and Quantum Computing. Prior to that he was CTO at several companies. He is an Engineer with a Postgrad... Read More →
avatar for Diego Mastroianni

Diego Mastroianni

Director - Moody’s Open Source Office, Moody’s
Diego Mastroianni is the Director of the Moody’s Open Source Office, where he helps drive the management of open-source tools and practices across the organization. With a background in computer engineering and a Ph.D. in Management, he has years of experience leading teams, optimizing... Read More →
avatar for Louise Hopkins

Louise Hopkins

Product Director - GenAI, Moody's
Louise leads product for GenAI Innovation at Moody's, including Moody's OpenSource initiatives. An experienced product leader, her passion lies in unlocking the potential of new technologies with high performing teams. She leverages her background in corporate venture building and... Read More →
Wednesday March 19, 2025 12:00pm - 12:30pm PDT
Silverado East
  Open Source Project Highlights

12:00pm PDT

The OSPO Has a New Sibling - AIO - Andrew Wafaa, Arm Ltd.
Wednesday March 19, 2025 12:00pm - 12:30pm PDT
Silverado West
AI is everywhere now whether we like it or not. People want to use it in the workplace, but there are concerns about using this technology. Arm has established an AI Office (AIO) to give employees guidance on how they can use AI in their working lives as the world’s understandings evolve over license and copyright questions. As we stand on the brink of this transformative change, we must ask ourselves: are we ready to embrace the future and unlock the full potential of AI in our professional lives?
Speakers
avatar for Andrew Wafaa

Andrew Wafaa

Sr Director & Fellow, Arm Ltd.
Andrew leads Arm's Open Source Office as well as upstream interactions. He also sits on a number of industry and software bodies/projects including Yocto Project, FreeBSD Foundation, Xen, UXL Foundation, LF Edge & PyTorch Foundation
Wednesday March 19, 2025 12:00pm - 12:30pm PDT
Silverado West
  OS Program Office (OSPO) / TODO Group
  • Audience Experience Level Any

12:30pm PDT

Lunch
Wednesday March 19, 2025 12:30pm - 2:00pm PDT
Fairway Deck and Inside Terrace
Wednesday March 19, 2025 12:30pm - 2:00pm PDT
Fairway Deck and Inside Terrace
  Special Events / Exhibits / Breaks

2:00pm PDT

New Trajectories: Rug Pulls, Relicensing, and Hard Forks in OSS - Dawn Foster, CHAOSS
Wednesday March 19, 2025 2:00pm - 2:30pm PDT
Silverado West
Presented by: Dawn Foster, CHAOSS
Additional author/researcher: Matt Germonprez, University of Nebraska Omaha

Over the past few years, there has been an increase in hard forks that have been the result of corporate decisions made regarding OSS project structures. These so-called rug pulls from companies driving OSS projects can impact contribution and user dynamics, resulting in hard forks. This talk and our research is motivated by the growing trend of relicensing events and other structural changes to OSS projects that are resulting in hard forks originating from contributors and users of the original project.

We’ll explore the impact that these rug pulls have on the trajectories of the projects, individuals, and organizations involved through case studies of 3 relicensed projects and their resultant hard forks. We’ve found that hard forks resulting from relicensing events tend to have more organizational diversity than the original projects, especially when the forks are created under a foundation, rather than by a single company. The talk will dive into the data and implications to help the audience understand the consequences of relicensing both for the company driving the relicense and the risks of disruption to individuals and organizations contributing to and using the projects.
Speakers
avatar for Dawn Foster

Dawn Foster

Director of Data Science, CHAOSS
Dr. Dawn Foster works as the Director of Data Science for CHAOSS where she is also a board member / maintainer. She is co-chair of CNCF TAG Contributor Strategy and an OpenUK board member. She has 20+ years of experience at companies like VMware and Intel with expertise in community... Read More →
Wednesday March 19, 2025 2:00pm - 2:30pm PDT
Silverado West
  Building and Managing Healthy Open Source Projects

2:00pm PDT

How To Use Linux Foundation AI Frameworks for Regulation Compliance - Karen Bennet, Responsible AI Solutions
Wednesday March 19, 2025 2:00pm - 2:30pm PDT
Vintner's Court
In the rapidly evolving landscape of AI regulations, ensuring compliance with standards such as the EU AI Act, CRA (Cyber Resilience Act), ISO, and IEEE is paramount for organizations. The Linux Foundation's has a number of AI frameworks, such as the Model Openness Framework (MOF), Supply-chain Levels for Software Artifacts (SLSA), Responsible Generative AI Framework (RGAIF) and SPDX and Software Package Data Exchange (SPDX), which together provide a comprehensive approach to meeting
the needs of regulatory requirements. This talk demonstrates how these frameworks can be used to provide evidence of compliance,to enhance transparency, and ensure the security and integrity of AI systems.

By using these approaches, organizations can streamline their compliance processes, mitigate risks, and foster innovation. MOF ensures the openness and transparency of AI models, SLSA secures the software supply chain, RGAF guides organizations to embrace the ethical and intentional design, development and deployment of GAI solutions. Together, these tools offer a robust solution for navigating the complexities of AI regulations and standards.
Speakers
avatar for Karen Bennet

Karen Bennet

IEEE and ISO Officer, Responsible AI Solutions
Executive Director, Responsible AI Solutions, former executive of IBM, Red Hat and multiple AI startups, Co-Lead of Linux Foundation's SPDX AI and Dataset Profile Group, IEEE Vice Chair Technology and Society on AI Committee, officer on many ISO and IEEE AI Working groups, , Canadian... Read More →
Wednesday March 19, 2025 2:00pm - 2:30pm PDT
Vintner's Court
  Legal / Compliance / Policy

2:00pm PDT

Deploying Linux as Firmware at Global Scale: Update - Ronald Minnich, Hewlett Packard
Wednesday March 19, 2025 2:00pm - 2:30pm PDT
Silverado East
In 2017, I gave a talk, "Replace your exploit-ridden firmware with a Linux kernel", describing the NERF project we had started at Google. NERF (Non-Extensible Reduced Firmware) replaced much of the proprietary, buggy, exploit-friendly UEFI firmware with a Linux kernel and user programs, written in Go, from the u-root project (u-root.org).

A lot has happened since that talk!

We renamed NERF to LinuxBoot, and set up a Linux Foundation project of that name. Google, Bytedance, and others have deployed LinuxBoot at global scale; it is no exaggeration to say that LinuxBoot is deployed on the better part of 10 million servers. The Go code in u-root continues to grow in capability, even as the Go compilers have gotten better, producing higher performance, higher quality, smaller code. We can also use Google's Go compiler or the TinyGo compiler, which uses an LLVM backend. The TinyGo compiler has been shown to produce code that is comparable in speed, footprint, and jitter to the best binary that Rust generates.

In this talk, I will review the core ideas of the LinuxBoot project; why we designed it that way; our deployment experience; and where we go from here.
Speakers
avatar for Ronald Minnich

Ronald Minnich

Senior Distinguished Technologist, Hewlett Packard
Dr. Minnich has been writing firmware for 40 years, starting with the z80 and 6800. He’s also a long time contributor in the Unix, BSD, Plan 9, and Linux communities. He started the LinuxBIOS project in 1999, which was renamed to coreboot in 2008 and is now used in tens of millions... Read More →
Wednesday March 19, 2025 2:00pm - 2:30pm PDT
Silverado East
  Open Source Project Highlights

2:45pm PDT

Take Control Over Your Project's CVE Entries Before Someone Else Does - Greg Kroah-Hartman, Linux Foundation
Wednesday March 19, 2025 2:45pm - 3:15pm PDT
Silverado West
Unless your project explicitly becomes a Certification Numbering Authority (CNA), it is possible for almost anyone else to create a random CVE entry against your project. With the upcoming responsibility that projects have due to laws like the CRA in Europe, it is getting more and more important for all open source projects to handle the tracking of security bugs and identifiers themselves, instead of assuming others will do it for them.

cve.org now allows all open source projects to be their own CNA, so there is no excuse not to take ownership of this for your project. Groups like curl, the Linux Kernel, Kubernetes, and Python have all done this already, and OpenSSF has produced information explaining how you too can do it.

This talk will go into why you want to become a CNA, the steps involved, and tips learned from the Linux kernel CVE team in handling their 8 CVEs issued a day, alone with other information about other country's numbering authorities which will be coming online in the next few years.
Speakers
avatar for Greg Kroah-Hartman

Greg Kroah-Hartman

Fellow, Linux Foundation
Greg Kroah-Hartman is a Fellow at the Linux Foundation. He is currently responsible for the stable Linux kernel releases, and a member of the Linux kernel CVE team. He is also a maintainer of the USB, TTY, and driver core subsystems in the kernel as well as other portions of the codebase... Read More →
Wednesday March 19, 2025 2:45pm - 3:15pm PDT
Silverado West
  Building and Managing Healthy Open Source Projects
  • Audience Experience Level Any

2:45pm PDT

Defining Open Source AI: Can the “Judgement of Solomon” Help the Open Source Community Find Success? - Jeffrey Borek, IBM Corporation
Wednesday March 19, 2025 2:45pm - 3:15pm PDT
Vintner's Court
When faced with a difficult challenge sometimes it helps to look back at lessons from ancient history to guide your thinking. The Open Source Initiative (OSI) is working to create a definition for Open Source AI (OSAID), aiming to apply open source principles to artificial intelligence development, but clearly the 1.0 version is a work-in-progress. Can it find success? How may policy-makers react? Join this session to hear about the latest efforts to define open source AI and what's likely in store for 2025.
Speakers
avatar for Jeffrey Borek

Jeffrey Borek

WW Sr. Program Director, IBM Corporation
Working across IBM Research to build a scalable and consistent AI software supply chain security framework, while continuing to lead the consumption compliance Open Source Program Office (OSPO), including policy, execution and guidance. Working with IBM Government & Regulatory Affairs... Read More →
Wednesday March 19, 2025 2:45pm - 3:15pm PDT
Vintner's Court
  Legal / Compliance / Policy

2:45pm PDT

Panel Discussion: Consumption Complacency: Bridging the Gap Between Discovery and Remediation - Brian Fox, Sonatype; Christopher Robinson, OpenSSF; Madison Oliver, GitHub
Wednesday March 19, 2025 2:45pm - 3:15pm PDT
Silverado East
Despite the availability of fixes for well-known vulnerabilities, open source software remains a significant target for attackers. In fact, three years after the infamous Log4j vulnerability, 13% of its downloads are still vulnerable. Even more concerning, 95% of vulnerable components downloaded today have a fixed version available.

In this session, Brian Fox (Sonatype), Christopher Robinson (OpenSSF), and Madison Oliver (GitHub) will explore these stark realities of open source vulnerabilities. The speakers will discuss why these vulnerabilities persist and how outdated or vulnerable components can slip through the cracks. Drawing from years of industry expertise, they will outline real-world remediation strategies and actionable best practices for mitigating open source risks.

Attendees will learn how to accelerate the adoption of secure components, integrate automated tools, and foster collaboration in the open source community to protect their software supply chain. Whether you’re a developer, security professional, or business leader, this session will equip you with the insights needed to secure your open source dependencies and strengthen your organization's resilience.
Speakers
avatar for Christopher

Christopher "CRob" Robinson

Security Lorax, OpenSSF
Christopher Robinson (aka CRob) is the Chief Security Architect for the Open Source Security Foundation. With over 25 years of Enterprise-class engineering, architectural, operational and leadership experience, CRob has worked at several Fortune 500 companies with experience in the... Read More →
avatar for Brian Fox

Brian Fox

Co-founder and CTO, Sonatype
Co-founder and CTO, Brian Fox is an OpenSSF Governing Board member, a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin, he has over... Read More →
avatar for Madison Oliver

Madison Oliver

Senior Security Manager, Advisory Database Curation, GitHub
Madison Oliver, vulnerability transparency advocate and senior security manager at GitHub, leads the advisory database team. Passionate about vulnerability reporting, response and disclosure, she co-chairs the relevant OpenSSF working group and serves on the CVE Program Board. Previously... Read More →
Wednesday March 19, 2025 2:45pm - 3:15pm PDT
Silverado East
  Security & Trust & Ethics in Open Source
  • Audience Experience Level Any

3:15pm PDT

Coffee Break
Wednesday March 19, 2025 3:15pm - 3:45pm PDT
Fairway Deck
Wednesday March 19, 2025 3:15pm - 3:45pm PDT
Fairway Deck
  Special Events / Exhibits / Breaks

3:45pm PDT

Catalyzing Open Source Projects at Academic Medical Centers: How and Why We Built the MGB License - Marvin Barksdale, Mass General Brigham - Innovation
Wednesday March 19, 2025 3:45pm - 4:15pm PDT
Vintner's Court
The modern Academic Medical Center ("AMC") has evolved beyond research & patient care to perform traditional commercial IP functions such as administration, licensing, and development, all in support of their central mission of the advancement of science and medicine. Aligned with this central mission is the proliferation of open-science research and open source innovation at AMCs, who have received millions of dollars from the US government in hopes of creating a flourishing ecosystem of collaboration. Unfortunately, at Mass General Brigham ("MGB") and other AMCs, open science and open source projects struggle to find fit in both licensing compliance and policy. Particularly for MGB, the largest recipient of NIH Open Science funding in the country, its commercial evolution and conservative licensing polices have combined to cause an open source licensing log jam. This session will review the competing AMC policy concerns that have caused MGB to disavow the use of most if not all osi approved licenses, and eventually lead to the development of their own permissive "open source" license.
Speakers
avatar for Marvin Barksdale

Marvin Barksdale

Associate Director, Business Development and Digital Health, Mass General Brigham - Innovation
Marvin Barksdale supports a range of system-wide business development activities at Mass General Brigham, focusing primarily on the commercialization of key and emerging discoveries, innovations, and other digital health technology. Leading the drafting, structuring, and negotiation... Read More →
Wednesday March 19, 2025 3:45pm - 4:15pm PDT
Vintner's Court
  Legal / Compliance / Policy

3:45pm PDT

Facilitated Discussion: Linux Foundation Initiatives Supporting the Implementation of the EU Cyber Resilience Act - Mirko Boehm & Hilary Carter, The Linux Foundation; Christopher Robinson, OpenSSF
Wednesday March 19, 2025 3:45pm - 5:00pm PDT
Silverado West
The EU Cyber Resilience Act (CRA) has been adopted, and the new obligations for manufacturers and open source software stewards will come into effect in 2026 and 2027. This joint session between Linux Foundation Europe, LF Research, and the OpenSSF will describe how the Linux Foundation is seizing the opportunity for an improved state of the union in cybersecurity that the CRA offers, and is steering necessary adaptations for the benefit of our members, projects, and contributors.

Specifically, this session will describe CRA implementation progress, commencing with the Linux Foundation's stewards and manufacturers workshop in December 2024, new working groups at the OpenSSF, and research projects, to provide guidance and raise awareness within our ecosystem. It will end with an interactive panel discussion where questions about the impact of the CRA on our collaborative development efforts will be addressed.
Speakers
avatar for Mirko Boehm

Mirko Boehm

Community Development, Linux Foundation Europe, The Linux Foundation
Mirko Boehm is a free and open source software contributor, community manager, licensing expert and researcher, with contributions to major open source projects like the KDE Desktop, the Open Invention Network, the Open Source Initiative and others. He is a visiting lecturer and researcher... Read More →
avatar for Christopher

Christopher "CRob" Robinson

Security Lorax, OpenSSF
Christopher Robinson (aka CRob) is the Chief Security Architect for the Open Source Security Foundation. With over 25 years of Enterprise-class engineering, architectural, operational and leadership experience, CRob has worked at several Fortune 500 companies with experience in the... Read More →
avatar for Hilary Carter

Hilary Carter

SVP Research, Linux Foundation
Hilary Carter is a writer, researcher, and team leader, producing engaging, decision-useful insights that broaden the understanding of open source and emerging technologies and their impact on business, government, and society. She has contributed to books and numerous research reports... Read More →
Wednesday March 19, 2025 3:45pm - 5:00pm PDT
Silverado West
  Building and Managing Healthy Open Source Projects

4:30pm PDT

Mission Possible: 24 Hours To Security Compliance - Philippe Ombredanne, AboutCode
Wednesday March 19, 2025 4:30pm - 5:00pm PDT
Vintner's Court
CRA is coming. And this European regulation will impact software development worldwide. And your operations will be impacted.

You will have 24 hours to discover and disclose any relevant, critical vulnerabilities and notify security agencies.

Join Philippe Ombredanne to review which people, what processes, and technologies you will need to deploy by September 2026 to avoid large fines. We will share the latest development of the regulation implementation and how to work out minimalist and practical plans for compliance.
Speakers
avatar for Philippe Ombredanne

Philippe Ombredanne

Lead maintainer, AboutCode
Philippe Ombredanne is a FOSS hacker passionate about enabling easier and safer reuse of open source code. He is the lead maintainer of the AboutCode stack of open source tools for Software Composition Analysis and license and security compliance, including the industry-leading ScanCode... Read More →
Wednesday March 19, 2025 4:30pm - 5:00pm PDT
Vintner's Court
  Legal / Compliance / Policy
  • Audience Experience Level Any

5:00pm PDT

Evening Happy Hour
Wednesday March 19, 2025 5:00pm - 6:00pm PDT
Fairway Deck
Wind down after a day of sessions with fellow attendees at our lively happy hours. Enjoy refreshing drinks and light bites while building meaningful connections in a relaxed atmosphere.
Wednesday March 19, 2025 5:00pm - 6:00pm PDT
Fairway Deck
  Special Events / Exhibits / Breaks

6:00pm PDT

Evening Shuttle Services to Downtown Napa
Wednesday March 19, 2025 6:00pm - 9:30pm PDT
Silverado Resort, Napa, CA
Continue your evening at the vibrant Oxbow Public Market, your drop-off destination in Downtown Napa! Explore an array of local food vendors and wine bars at the Market, or take a short stroll to discover Downtown Napa’s restaurants and tasting rooms. Buses depart from the Silverado Resort following the evening happy hours, with final pickup from Oxbow Market at 9:30 PM.
Wednesday March 19, 2025 6:00pm - 9:30pm PDT
Silverado Resort, Napa, CA 1600 Atlas Peak Rd Napa, CA 94558
  Special Events / Exhibits / Breaks
 
  • Filter By Date
    Mar 17 - 20, 2025
  • Filter By Venue
    Napa, CA, USA
    All
    Beaulieu Room (Mansion - Main Level)
    CIA Copia
    Fairway Deck
    Fairway Deck and Inside Terrace
    Silverado East
    Silverado East/West
    Silverado Resort, Napa, CA
    Silverado West
    Vintner's Court
  • Filter By Type
    Building and Managing Healthy Open Source Projects
    Global Collaboration and Diversity
    Keynote Sessions
    Legal / Compliance / Policy
    Open Source Project Highlights
    OS in the Public Sector and Society
    OS Program Office (OSPO) / TODO Group
    Security & Trust & Ethics in Open Source
    Special Events / Exhibits / Breaks
    Sustainability and Innovation in Open Source
    Unconference Sessions
  • Audience Experience Level
    Any
    Beginner
    Intermediate
  • Timezone
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Monday, March 17
Tuesday, March 18
Wednesday, March 19
Thursday, March 20
Beaulieu Room (Mansion - Main Level)
CIA Copia
Fairway Deck
Fairway Deck and Inside Terrace
Silverado East
Silverado East/West
Silverado Resort, Napa, CA
Silverado West
Vintner's Court
  • Building and Managing Healthy Open Source Projects
  • Global Collaboration and Diversity
  • Keynote Sessions
  • Legal / Compliance / Policy
  • Open Source Project Highlights
  • OS in the Public Sector and Society
  • OS Program Office (OSPO) / TODO Group
  • Security & Trust & Ethics in Open Source
  • Special Events / Exhibits / Breaks
  • Sustainability and Innovation in Open Source
  • Unconference Sessions
  • Audience Experience Level
  • Any
  • Beginner
  • Intermediate