The Linux Foundation Member Summit 2025

Open Source today lives in an age of great scrutiny and regulations. The use of open source in mission critical applications and critical infrastructure means the bar is higher for security and quality. Governments around the world are putting regulations and policies in place to hold open source software to a higher bar. And OSPOs need to understand these regulations and focus on what they need to do to get the organization ready for them. I will discuss the role of the OSPO and what it can do to prepare their organizations and developers in this age of regulations.

Discover the power of the Open Mobile Hub Project (OMH), a game-changer in mobile development. Hosted by the Linux Foundation Europe and supported by a global network of industry leaders, OMH is creating an open, collaborative ecosystem for developers, service providers, and users alike.

This session will highlight how OMH’s open-source framework simplifies cross-platform app development, boosts interoperability, and fosters innovation. Learn how OMH is reshaping the mobile landscape and how you can get involved in driving this transformative movement forward.

Open source software (OSS) has become a cornerstone of modern technological innovation. By allowing developers to collaborate and share code, OSS enables rapid progress and democratizes access to cutting-edge software. However, the very characteristics that make OSS so powerful—its openness, adaptability, and applicability—also make it a target for patent assertion entities (PAEs). These entities attempt to exploit the widespread adoption of common technologies across industries to extract patent settlements from businesses. The threat continues to grow as district court patent filings from PAEs grew by 14.1% in 2024, and are over half of all patent litigation cases.

Since 2005, Open Invention Network (OIN) has acted to safeguard OSS from patent risk through its patent cross-license in core OSS technologies. This session will provide information on the cross-license and case studies on how it has been used to successfully defend against PAEs.

This presentation will also discuss in detail efforts to protect OSS from PAEs by:
• collecting prior art and providing invalidity claim analyses
• supporting initiatives like the Open Source Zone, which has invalidated 50 NPE patents

Organizations that use open source software face risks related to licensing, security, and project health. Ensuring the sustainability of the open source ecosystem requires staying informed about compliance developments and achieving comprehensive visibility across activities. As the importance of Software Bill of Materials (SBOM) continues to grow, managing and utilizing this wealth of information effectively is becoming increasingly critical.

The goal is to equip application teams with tools that are both accessible and easy to manage while fostering strategic collaboration with internal risk partners, leadership, open source projects, open source contributions, and even vendors. Achieving scalable, efficient visibility into actual OSS usage is key.

So, how can organizations position themselves as proactive partners in this dynamic landscape? Join Georg Link and Brittany Istenes as they share practical strategies for navigating this complex ecosystem, empowering your organization to confidently and successfully leverage open source software.

Generative AI has plenty of use cases in Finance. From the customer support on the front office, to research, business analysis and optimization of investment cases.
However most companies get stuck at the "Proof of concept" stage.
While it is relatively quick to create a demo with a "Wow effect", building the right pipelines, governance, security and controls and in general get the buy in and approvals from legal and compliance teams is extremely hard.

In this presentation we will show a detailed runbook on how to leverage Generative AI cases at scale in the organization, from the perspective of the first company that delivered a production application in the market.

We will review how to build an open innovation system that promotes collaboration in what we called "The era of the 14.000 innovators" where every employee became a prompt engineer. And how we harnessed that power to put dozens of use cases in production (internal and external) as well as the edge research on agents and beyond.

In the rapidly evolving landscape of AI regulations, ensuring compliance with standards such as the EU AI Act, CRA (Cyber Resilience Act), ISO, and IEEE is paramount for organizations. The Linux Foundation's has a number of AI frameworks, such as the Model Openness Framework (MOF), Supply-chain Levels for Software Artifacts (SLSA), Responsible Generative AI Framework (RGAIF) and SPDX and Software Package Data Exchange (SPDX), which together provide a comprehensive approach to meeting
the needs of regulatory requirements. This talk demonstrates how these frameworks can be used to provide evidence of compliance,to enhance transparency, and ensure the security and integrity of AI systems.

By using these approaches, organizations can streamline their compliance processes, mitigate risks, and foster innovation. MOF ensures the openness and transparency of AI models, SLSA secures the software supply chain, RGAF guides organizations to embrace the ethical and intentional design, development and deployment of GAI solutions. Together, these tools offer a robust solution for navigating the complexities of AI regulations and standards.

When faced with a difficult challenge sometimes it helps to look back at lessons from ancient history to guide your thinking. The Open Source Initiative (OSI) is working to create a definition for Open Source AI (OSAID), aiming to apply open source principles to artificial intelligence development, but clearly the 1.0 version is a work-in-progress. Can it find success? How may policy-makers react? Join this session to hear about the latest efforts to define open source AI and what's likely in store for 2025.

The modern Academic Medical Center ("AMC") has evolved beyond research & patient care to perform traditional commercial IP functions such as administration, licensing, and development, all in support of their central mission of the advancement of science and medicine. Aligned with this central mission is the proliferation of open-science research and open source innovation at AMCs, who have received millions of dollars from the US government in hopes of creating a flourishing ecosystem of collaboration. Unfortunately, at Mass General Brigham ("MGB") and other AMCs, open science and open source projects struggle to find fit in both licensing compliance and policy. Particularly for MGB, the largest recipient of NIH Open Science funding in the country, its commercial evolution and conservative licensing polices have combined to cause an open source licensing log jam. This session will review the competing AMC policy concerns that have caused MGB to disavow the use of most if not all osi approved licenses, and eventually lead to the development of their own permissive "open source" license.

The EU Cyber Resilience Act (CRA) has been adopted, and the new obligations for manufacturers and open source software stewards will come into effect in 2026 and 2027. This joint session between Linux Foundation Europe, LF Research, and the OpenSSF will describe how the Linux Foundation is seizing the opportunity for an improved state of the union in cybersecurity that the CRA offers, and is steering necessary adaptations for the benefit of our members, projects, and contributors.

Specifically, this session will describe CRA implementation progress, commencing with the Linux Foundation's stewards and manufacturers workshop in December 2024, new working groups at the OpenSSF, and research projects, to provide guidance and raise awareness within our ecosystem. It will end with an interactive panel discussion where questions about the impact of the CRA on our collaborative development efforts will be addressed.