The Linux Foundation Member Summit 2025

Discover the power of the Open Mobile Hub Project (OMH), a game-changer in mobile development. Hosted by the Linux Foundation Europe and supported by a global network of industry leaders, OMH is creating an open, collaborative ecosystem for developers, service providers, and users alike.

This session will highlight how OMH’s open-source framework simplifies cross-platform app development, boosts interoperability, and fosters innovation. Learn how OMH is reshaping the mobile landscape and how you can get involved in driving this transformative movement forward.

As AI innovation accelerates, the definition of "openness" in AI models becomes critical for fostering collaboration, transparency, and trust. The Model Openness Framework (MOF) provides a clear and actionable classification for AI models based on their openness:
• Class III: Open Models
• Class II: Open Tooling Models
• Class I: Open Science Models
In this talk, we will introduce MOF and showcase exemplary AI models that qualify for each class, highlighting how they align with MOF criteria. We will explore real-world use cases of these models demonstrating how openness drives tangible value, innovation, and collaboration.

Generative AI has plenty of use cases in Finance. From the customer support on the front office, to research, business analysis and optimization of investment cases.
However most companies get stuck at the "Proof of concept" stage.
While it is relatively quick to create a demo with a "Wow effect", building the right pipelines, governance, security and controls and in general get the buy in and approvals from legal and compliance teams is extremely hard.

In this presentation we will show a detailed runbook on how to leverage Generative AI cases at scale in the organization, from the perspective of the first company that delivered a production application in the market.

We will review how to build an open innovation system that promotes collaboration in what we called "The era of the 14.000 innovators" where every employee became a prompt engineer. And how we harnessed that power to put dozens of use cases in production (internal and external) as well as the edge research on agents and beyond.

In 2017, I gave a talk, "Replace your exploit-ridden firmware with a Linux kernel", describing the NERF project we had started at Google. NERF (Non-Extensible Reduced Firmware) replaced much of the proprietary, buggy, exploit-friendly UEFI firmware with a Linux kernel and user programs, written in Go, from the u-root project (u-root.org).

A lot has happened since that talk!

We renamed NERF to LinuxBoot, and set up a Linux Foundation project of that name. Google, Bytedance, and others have deployed LinuxBoot at global scale; it is no exaggeration to say that LinuxBoot is deployed on the better part of 10 million servers. The Go code in u-root continues to grow in capability, even as the Go compilers have gotten better, producing higher performance, higher quality, smaller code. We can also use Google's Go compiler or the TinyGo compiler, which uses an LLVM backend. The TinyGo compiler has been shown to produce code that is comparable in speed, footprint, and jitter to the best binary that Rust generates.

In this talk, I will review the core ideas of the LinuxBoot project; why we designed it that way; our deployment experience; and where we go from here.

Despite the availability of fixes for well-known vulnerabilities, open source software remains a significant target for attackers. In fact, three years after the infamous Log4j vulnerability, 13% of its downloads are still vulnerable. Even more concerning, 95% of vulnerable components downloaded today have a fixed version available.

In this session, Brian Fox (Sonatype), Christopher Robinson (OpenSSF), and Madison Oliver (GitHub) will explore these stark realities of open source vulnerabilities. The speakers will discuss why these vulnerabilities persist and how outdated or vulnerable components can slip through the cracks. Drawing from years of industry expertise, they will outline real-world remediation strategies and actionable best practices for mitigating open source risks.

Attendees will learn how to accelerate the adoption of secure components, integrate automated tools, and foster collaboration in the open source community to protect their software supply chain. Whether you’re a developer, security professional, or business leader, this session will equip you with the insights needed to secure your open source dependencies and strengthen your organization's resilience.