Open Source Summit + Embedded Linux Conference North America 2026: Full Schedule

May 18-20, 2026
Minneapolis, MN
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central DaylightTime (UTC -5). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

arrow_back View All Dates

7:30am CDT

Welcome Coffee

Monday May 18, 2026 7:30am - 9:00am CDT

Ballroom Foyer (Level One)

Monday May 18, 2026 7:30am - 9:00am CDT
Ballroom Foyer (Level One)

Special Events / Exhibits / Breaks

7:30am CDT

Zen Zone

Monday May 18, 2026 7:30am - 6:00pm CDT

204B (Level Two)

All attendees may feel free to use the Zen Zone as needed. This is a quiet space for sensory relaxation, meditation, and worship. It is not to be used for conversations or as a workspace.

Monday May 18, 2026 7:30am - 6:00pm CDT
204B (Level Two)

Special Events / Exhibits / Breaks

7:30am CDT

Registration & Badge Pick-Up

Monday May 18, 2026 7:30am - 6:05pm CDT

Ballroom Lobby (Level One)

Monday May 18, 2026 7:30am - 6:05pm CDT
Ballroom Lobby (Level One)

Special Events / Exhibits / Breaks

7:30am CDT

Coat & Bag Check

Monday May 18, 2026 7:30am - 6:15pm CDT

Ballroom Lobby (Level One)

Monday May 18, 2026 7:30am - 6:15pm CDT
Ballroom Lobby (Level One)

Special Events / Exhibits / Breaks

9:00am CDT

Keynote: Welcome + Opening Remarks - Jim Zemlin, CEO, The Linux Foundation

Monday May 18, 2026 9:00am - 9:40am CDT

101 A-J (Level One)

Speakers

Jim Zemlin

CEO, The Linux Foundation

Jim Zemlin’s career spans three of the largest technology trends to rise over the last decade: mobile computing, cloud computing, and open source software. Today, as executive director of The Linux Foundation, he uses this experience to accelerate innovation in technology through... Read More →

Monday May 18, 2026 9:00am - 9:40am CDT
101 A-J (Level One)

Keynote Sessions

9:45am CDT

Keynote: UCP: The Evolution of an Open Standard for Agentic Commerce - Anurag Sinha, Senior Staff Software Engineer & Manager, Google

Monday May 18, 2026 9:45am - 9:55am CDT

101 A-J (Level One)

The commerce landscape is undergoing a fundamental shift from a "click-to-buy" web to an "intent-to-execute" agentic ecosystem. At the center of this transformation is the Universal Commerce Protocol (UCP), an open-source standard designed to eliminate fragmentation between AI surfaces and merchant platforms.

This session provides a deep dive into UCP's foundational architecture, exploring its core primitives and its unique capability-based system that allows AI agents to interact seamlessly with diverse retail backends. We will trace the journey of the protocol from its initial launch to its current state, highlighting key milestones in its technical evolution—including expanded support for diverse transport layers and its integration into major AI-native environments.Beyond the technical specifications, the talk will examine the real-world impact of UCP: how it is lowering the barrier to entry for smaller retailers, decentralizing commerce, and enabling a more fluid, secure, and interoperable future for global trade.

Attendees will gain a clear understanding of how this evolving standard is becoming the connective tissue for the next generation of digital transactions.

Speakers

Anurag Sinha

Senior Staff Software Engineer & Manager, Google

Anurag Sinha is a Senior Staff Software Engineer and Manager at Google, where he leads engineering for Commerce AI Native Integrations. He is currently focused on building and scaling the Universal Commerce Protocol (ucp.dev), an initiative aimed at transforming how commerce operates... Read More →

Monday May 18, 2026 9:45am - 9:55am CDT
101 A-J (Level One)

Keynote Sessions

10:00am CDT

Keynote: The First Decade of Open Quantum - Sean Dague, Chief Services Architect, IBM Quantum

Monday May 18, 2026 10:00am - 10:15am CDT

101 A-J (Level One)

Speakers

Sean Dague

Chief Services Architect, IBM Quantum

Sean Dague is the Chief Services Architect at IBM Quantum, where he focuses on making quantum computing securely and reliably accessible through the cloud. He has helped shape the architecture and operational model that allows users—from enterprise teams to learners—to access... Read More →

Monday May 18, 2026 10:00am - 10:15am CDT
101 A-J (Level One)

Keynote Sessions

10:20am CDT

Keynote: From Open Source to Agentic Systems: Building the AI Native Era - Brendan Burns, CVP, Azure OSS Cloud Native, Microsoft

Monday May 18, 2026 10:20am - 10:30am CDT

101 A-J (Level One)

Speakers

Brendan Burns

CVP, Azure OSS Cloud Native, Microsoft

Brendan Burns is a co-founder of the Kubernetes open source project and Technical Fellow & Corporate Vice President for Azure cloud-native open source and the Azure management platform including Azure Arc. He is also the author and co-author of several books on Kubernetes and distributed... Read More →

Monday May 18, 2026 10:20am - 10:30am CDT
101 A-J (Level One)

Keynote Sessions

10:35am CDT

Coffee Break

Monday May 18, 2026 10:35am - 11:20am CDT

Solutions Showcase, Ballroom A+B (Level One)

Monday May 18, 2026 10:35am - 11:20am CDT
Solutions Showcase, Ballroom A+B (Level One)

Special Events / Exhibits / Breaks

10:35am CDT

Solutions Showcase

Monday May 18, 2026 10:35am - 6:05pm CDT

Solutions Showcase, Ballroom A+B (Level One)

The Solutions Showcase is your hub to network, explore sponsor exhibits, and learn how these organizations are shaping the future of the ecosystem.

Monday May 18, 2026 10:35am - 6:05pm CDT
Solutions Showcase, Ballroom A+B (Level One)

Special Events / Exhibits / Breaks

10:45am CDT

Sponsor Activity - AWS: Building Trust in AI Through Open Innovation, Security, and Real-World Solutions

Monday May 18, 2026 10:45am - 10:55am CDT

Solutions Showcase, Ballroom A+B (Level One)

Discover how AWS champions responsible AI through open source contributions and security investments. Learn about our work with open weight models, collaborative problem-solving, and the infrastructure making open source AI trustworthy. Connect with AWS experts, explore real-world applications, and visit the booth for fun swag and giveaways throughout the conference!

Sponsor: AWS
Location: Solutions Showcase

In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Monday May 18, 2026 10:45am - 10:55am CDT
Solutions Showcase, Ballroom A+B (Level One)

Special Events / Exhibits / Breaks

10:45am CDT

Sponsor Activity - Meet Kubernetes Co‑Founder Brendan Burns in an exclusive book signing appearance at Open Source Summit!

Monday May 18, 2026 10:45am - 10:55am CDT

Solutions Showcase, Ballroom A+B (Level One)

Be first in line for one of only twenty-five signed copies of Designing Distributed Systems. Join an exclusive meet and greet with Kubernetes co-founder and Microsoft Engineering CVP, Brendan Burns; shake hands, chat architecture stories, and celebrate open source patterns powering reliable scalable cloud systems together.

Sponsor: Microsoft
Location: Solutions Showcase
Booth: D1

In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Monday May 18, 2026 10:45am - 10:55am CDT
Solutions Showcase, Ballroom A+B (Level One)

Special Events / Exhibits / Breaks

11:00am CDT

Sponsor Activity - Meet Kubernetes Co‑Founder Brendan Burns in an exclusive book signing appearance at Open Source Summit!

Monday May 18, 2026 11:00am - 11:10am CDT

Solutions Showcase, Ballroom A+B (Level One)

Monday May 18, 2026 11:00am - 11:10am CDT
Solutions Showcase, Ballroom A+B (Level One)

Special Events / Exhibits / Breaks

11:20am CDT

Keynote: The Revolution Hiding in Plain Sight: CI/CD Platform Is About to Change Forever - Dadisi Sanyika, Sol Duara, Inc.

Monday May 18, 2026 11:20am - 11:45am CDT

200C (Level Two)

Anyone who has worked on a CI/CD platform knows the feeling: the tools are powerful, but too much energy goes into making everything talk to everything else. Teams sense there should be a better way, but the ecosystem keeps pulling them back toward custom integrations.

This is an industry inefficiency. When hundreds of organizations each build integrations for the same tools, enormous effort is spent solving the same problems again and again. We’ve accepted this as normal, but there’s another pattern.

This talk explores why the status quo must change. Not through better tooling or more connectors, but through the same shift that transformed railroads, email, and the internet: shared protocol.

You’ll see the architecture making this inevitable: CDEvents as a shared vocabulary for SDLC, Workflow Segments as the semantic meaning behind “build” and “deploy,” and Conduit as an orchestration engine that understands the entire workflow. We’ll examine where boundaries exist in every pipeline, and how tools that broadcast proof of reaching those boundaries can coordinate without custom integrations.

The future of CI/CD isn’t more integrations; it’s one integration, used by everyone.

Speakers

Dadisi Sanyika

CEO, Sol Duara, Inc.

I am the Governing Board Chair for the Continuous Delivery Foundation (Linux sub-foundation) and the CEO of Sol Duara, Inc. Previously, at Apple, I led a team of engineers dedicated to improving the Continuous Deployment experience for teams and the community. Our contributions are... Read More →

Monday May 18, 2026 11:20am - 11:45am CDT
200C (Level Two)

cdCon

Audience Experience Level Intermediate

11:20am CDT

QoD-Centric NaaS Strategy: Policy-Orchestrated Multi-Access Service - Daniel Kibler, EIS Visual & Niem Dang, NHD Consulting LLC

Monday May 18, 2026 11:20am - 12:00pm CDT

200F (Level Two)

Delivering predictable, high‑quality network services in dense, multi‑access edge environments remains a central challenge for operators pursuing a Network‑as‑a‑Service (NaaS) strategy, where programmable APIs expose network capabilities as on‑demand services. Quality‑on‑Demand (QoD) APIs act as the intent interface in this model, enabling applications to request session‑level performance characteristics. QoD requires sophisticated new network control‑plane orchestration to address heterogeneous enforcement, multi‑access behavior, and session continuity issues across Wi‑Fi, private 5G, and public 5G domains.

QoD refers specifically to the CAMARA Project’s implementation, which provides standardized APIs for dynamic multi‑access orchestration, session‑level QoS enforcement, and integration with 3GPP control‑plane functions, including PCF, SMF, NEF, and NWDAF together with UE‑side ATSSS for traffic steering, switching, and splitting.

In this session, we will overview the strategic importance of QoD APIs, the global scale of the emerging NaaS domain, and detail Open Source technologies that are foundational to the industry.

Speakers

Daniel Kibler

Senior Systems Engineer and Founder, EIS Visual

Principal-level engineer and founder of EIS Visual, Daniel designs and operates large-scale distributed platforms across communications, 5G, edge networks, and high-performance compute. He bridges architecture, execution, and operations to deliver measurable business impact. A former... Read More →

Niem Dang

Founder & Principal Consultant, NHD Consulting LLC

Industry-recognized technology and thought leader with 20+ years of ground-breaking patents and accomplishments in the cable industry. Passion for delivering challenging projects through mastery of planning, strategy, technology enablement, and innovation.

Monday May 18, 2026 11:20am - 12:00pm CDT
200F (Level Two)

Cloud + Orchestration

Audience Experience Level Advanced

11:20am CDT

Building Trust in the AI Era: Agent-to-Agent Communication With DIDs and VCs - Alexander Shcherbakov, DSR Corporation

Monday May 18, 2026 11:20am - 12:00pm CDT

200E (Level Two)

As AI moves from isolated chatbots to autonomous agent ecosystems, the "identity problem" becomes a critical security bottleneck. How does an agent verify the legitimacy of a requestor before executing a sensitive task? Traditional API keys are insufficient for dynamic, decentralized agent interactions.
This session explores a cutting-edge extension to the Linux Foundation A2A protocol that leverages Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) to establish high-assurance trust and bridges the gap between Decentralized Identity standards and AI, creating a secure backbone for the next generation of agent interoperability.
We will dive into the technical design of integrating OpenID for Verifiable Presentations (OID4VP) into agent communication flows. Attendees will learn how this proposed extension moves beyond static credentials to enable granular, verifiable Authentication (AuthN) and Authorization (AuthZ) for autonomous tasks. Beyond the protocol basics, we will analyze different patterns for VC presentation—comparing interactive vs. automated flows—and evaluate diverse wallet options, ranging from cloud-based agent wallets to secure edge implementations.

Speakers

Alexander Shcherbakov

Head of Decentralized Systems Department, DSR Corporation

Ph.D. in Mathematics. Master of Applied Mathematics and Computer Science.
More than 10 years of experience in Blockchain, DLT, Decentralized Identity and SSI.
Significant contribution to open source. Maintainer and contributor of popular open-source projects.
Extensive experience sp... Read More →

Monday May 18, 2026 11:20am - 12:00pm CDT
200E (Level Two)

Digital Trust

Audience Experience Level Intermediate

11:20am CDT

From Closed To Collaborative: Lessons From Qualcomm’s Open Development Experience - Rashmi Chitrakar, Qualcomm Technologies, Inc.

Monday May 18, 2026 11:20am - 12:00pm CDT

208C+D (Level Two)

For more than 15 years, Qualcomm’s been actively involved in a range of Open Source ecosystems. Until recently, some parts of our development were handled behind closed doors, with contributions coming later and upstream enablement sometimes being limited. We tried various projects and partnerships to push things upstream sooner, but it wasn’t until lately that we truly made a complete shift.

Over the past 18 months, we’ve totally revisited our approach—moving an entire Linux product development ecosystem, with hundreds of contributors, from a private downstream setup to a full-blown Open Development model. This wasn’t just a surface change: it meant overhauling how our engineers work, syncing up our internal systems with open practices, and fundamentally changing the way our developers connect and collaborate.

In this session, we’ll share what made this transition work for us—including how we managed to weave our internal systems into Open Source workflows, encouraged developers to embrace new ways of thinking, and built scalable processes that can handle all sorts of Linux ecosystems and distributions.

Speakers

Rashmi Chitrakar

Sr Director, Engineering, Qualcomm Technologies, Inc

Rashmi Chitrakar is the Engineering Lead for Qualcomm’s Open Source Program Office. Her team does the balancing act of catering to Qualcomm’s Open Source Legal Group’s due-diligence needs and fostering an Engineering community that both leverages and contributes to Open Source... Read More →

Monday May 18, 2026 11:20am - 12:00pm CDT
208C+D (Level Two)

Embedded Linux Conference

Audience Experience Level Intermediate

11:20am CDT

From Plaintext To Protected: Syslog Over TLS 1.3 in BusyBox for Embedded Routers - Tarun Kundu, Ericsson Software Technology, USA

Monday May 18, 2026 11:20am - 12:00pm CDT

208A+B (Level Two)

BusyBox is a go-to userspace stack for embedded routers, but BusyBox syslogd remote logging is often deployed without transport security—sending logs in plaintext across networks. In enterprise deployments, there exists a security and compliance gap when encrypted log transport, such as RFC 5425-style secure syslog, is expected.

This talk shares a production-driven approach: after evaluating syslog-ng/rsyslog and weighing their integration cost against embedded constraints, we added TLS 1.3 directly to BusyBox syslogd using OpenSSL APIs, reusing crypto already on the device. We’ll demo end-to-end secure logging (router → syslog server), including optional server certificate pinning to reduce MITM risk, and validate the improvement with a packet capture.

We’ll then cover embedded-specific engineering details: preserving UDP logging behavior for backwards compatibility, gating TLS behind a build-time feature flag, testing success/failure paths (handshake and pinning errors), and overnight memory monitoring of syslogd. We’ll close with upstream interest in syslog over TLS and next-step considerations.

Speakers

Tarun Kundu

Embedded Systems Engineer, Ericsson Software Technology, USA

Tarun Kundu is an Embedded Systems Engineer at Ericsson Software Technology with 21+ years of experience delivering embedded networking and cloud software. An avid learner and AI enthusiast, previously worked at Cisco, AWS, and Altran.

Monday May 18, 2026 11:20am - 12:00pm CDT
208A+B (Level Two)

Embedded Linux Conference

Audience Experience Level Any

11:20am CDT

MOT: A Tool To Fight Open-washing in AI - Arnaud Le Hors, IBM

Monday May 18, 2026 11:20am - 12:00pm CDT

211A+B (Level Two)

Many models referred to as "open source" are distributed under restrictive licenses and fail to include the necessary information to actually qualify as open source. Just because a model is on HuggingFace does not mean it is open source.

Several attempts have been made to provide a definition of what "open source AI" ought to be but we now have a tool that can help: the Model Openness Tool (MOT).

The MOT was developed by the Generative AI Commons as an implementation of the Model Openness Framework (MOF) to provide model producers and consumers with a practical way to assess how open a model really is. This session will introduce attendees to the MOT and include a demo showing how it can be used along with Hugging Face and GitHub to provide greater understanding of which models are really open.

Speakers

Arnaud Le Hors

Senior Technical Staff Member, IBM

Arnaud Le Hors is Senior Technical Staff Member of Open Technologies at IBM. He has been working on standards and open source for over 30 years. Arnaud was editor of several key web specifications including HTML and DOM and was a pioneer of open source with the release of libXpm in... Read More →

Monday May 18, 2026 11:20am - 12:00pm CDT
211A+B (Level Two)

Open AI & Data

Audience Experience Level Beginner

11:20am CDT

The Technical Talent Market in 2026: How Decision-makers Are (really) Hiring and Training for AI - Anna Hermansen & Clyde Seepersad, The Linux Foundation

Monday May 18, 2026 11:20am - 12:00pm CDT

200B (Level Two)

In its fourth year, the State of Tech Talent report is now a landmark in the Linux Foundation’s research program. The report provides key insights for employers and practitioners to gain a realistic understanding of the talent landscape as it flexes to meet technical priorities for the current and upcoming years. The 2026 study, which will go live at Open Source Summit North America, examines the survey’s findings on which skills are truly influencing hiring decisions, what current hiring and skilling expectations are, and how AI and emerging technologies are impacting roles and career paths.

In this fireside chat, Anna Hermansen from LF Research and Clyde Seepersad from LF Education will discuss the survey findings from the wider perspective of their work and communities. Anna will review how recent LF research on AI, cloud native, and the Cyber Resiliency Act provides added insight into the tech talent market, and Clyde will lend his training expertise as SVP and general manager of the Linux Foundation’s education program. Both aim to provide wider context to frame the survey findings and distill for audience members the key takeaways to prepare for talent needs this year.

Speakers

Clyde Seepersad

General Manager, Training, The Linux Foundation

LF exec in leading the education team

Anna Hermansen

Senior Researcher and Ecosystem Manager, The Linux Foundation

Anna is a Senior Researcher & Ecosystem Manager for LF Research where she leads research projects and supports end-to-end management of the Foundation's research. Her interests lie at the intersection of open source AI, health informatics, and data sharing. Prior to the Linux Foundation... Read More →

Monday May 18, 2026 11:20am - 12:00pm CDT
200B (Level Two)

Open AI & Data

Audience Experience Level Any

11:20am CDT

Kubernetes 2026: The New Operating System for AI & Apps - Mukesh Aurangabadkar, Spectrum & Udit Misra, Salesforce

Monday May 18, 2026 11:20am - 12:00pm CDT

200H (Level Two)

In 2026, Kubernetes is the engine behind every modern app and AI model you use. This beginner-friendly session breaks down "K8s" into simple concepts, showing you how it automatically runs, scales, and repairs your software so you don’t have to. We’ll explore the 2026 essentials—from how it manages AI workloads to its role in saving companies millions in cloud costs. Whether you're a developer or just curious, you'll leave knowing exactly why Kubernetes is the most important skill to have in the cloud-native era.

Speakers

Mukesh Aurangabadkar

Principal Engineer, Spectrum

Mukesh Aurangabadkar is a Principal Engineer specializing in infrastructure automation, platform modernization, and large-scale systems deployment. He has led initiatives that have transformed vendor-dependent, manual operational processes into scalable, automation-driven frameworks... Read More →

Udit Misra

Senior Member of Technical Staff, Salesforce

Udit Misra is an IEEE Senior Member and software engineer specializing in infrastructure, platform engineering, and cloud-native systems, with almost 6 years of experience at major technology organizations. His work focuses on Kubernetes, eBPF-based network observability, and AI agents... Read More →

Monday May 18, 2026 11:20am - 12:00pm CDT
200H (Level Two)

Open Source 101

Audience Experience Level Beginner

11:20am CDT

Panel Discussion: OSPOs at Scale: Doing More With Less in 2026 - Ashley Wolf, GitHub; Karolyn Maynard, Comcast; Natali Vlatko, Cisco; Paulette Avolio, Ford; Rashida Toliver, Violane LLC

Monday May 18, 2026 11:20am - 12:00pm CDT

200A (Level Two)

Open Source Program Offices are maturing. What started as license compliance and governance functions have evolved into strategic enablers of security, AI adoption, developer productivity, and ecosystem engagement. At the same time, budgets are tighter and expectations are higher.

In this moderated panel, OSPO leaders from Ford, GEICO, Comcast, Cisco and GitHub will discuss how modern OSPOs are scaling impact. We’ll explore practical approaches to automation, policy design, internal enablement, and cross-functional alignment. We’ll share how OSPOs are using metrics to demonstrate value, navigating AI-era contribution models, and leveraging communities like the TODO Group to accelerate learning.

Attendees will leave with concrete examples of how enterprise OSPOs are evolving beyond compliance, how to prioritize when resources are constrained, and how to build influence across engineering, security, and leadership teams.

Whether you're starting an OSPO or leading a mature one, this session offers candid lessons from practitioners operating at scale.

Speakers

Ashley Wolf

Director, Open Source, GitHub

Ashley Wolf is the Director of Open Source Programs at GitHub. She runs initiatives and programs to empower developers to be successful with open source. She is also passionate about helping companies participate in the open source community. Prior to joining GitHub, Ashley led the... Read More →

Karolyn Maynard

Leader of the Comcast Open Source Program Office and The Comcast Dojo, Comcast

I build systems, I build people. I build trust. I build momentum,

I lead two teams at Comcast focused on engineering enablement and transformation: the Comcast Open Source Program Office, which empowers safe and scalable open source participation, and the Comcast Dojo (NPS: 76), which accelerates developer practices through immersive, outcome-driv... Read More →

Natali Vlatko

Director of Open Source Software Engineering, Cisco

Natali Vlatko (she/her) is a Director of Open Source Software Engineering at Cisco, specializing in open software, policy, and governance. She is a SIG Docs Co-Chair for Kubernetes and a member of the TODO Group Steering Committee. She plays on the fun computer in her spare time... Read More →

Paulette Avolio

Open Source Program Office Manager, Ford

I help connect people, policies and products to elevate open source community, compliance and contributions.

Rashida Toliver

Co-Founder & Security Strategist, Violane LLC

Rashida Toliver is a Security Engineer II at GEICO and Co-Founder of Violane Tech LLC. She builds data-driven vulnerability management systems, leads open-source contribution governance, and mentors emerging engineers. Through Violane Tech, she delivers data management, visualization... Read More →

Monday May 18, 2026 11:20am - 12:00pm CDT
200A (Level Two)

OSS Enabling & Management

Audience Experience Level Beginner

11:20am CDT

Proactive Governance To Build Sustainable OSS Projects - Dawn Foster, Independent

Monday May 18, 2026 11:20am - 12:00pm CDT

200J (Level Two)

We all want our open source projects to be sustainable, healthy, and successful. Good governance has a much larger impact on sustainability, health, and project success than many people realize. Being proactive about governance before something escalates into a crisis can help avoid misunderstandings and make your projects more sustainable and successful.

A lightweight governance model created at the beginning of a project can provide basic guidance about roles, expectations, and decision-making processes. As the project grows and matures, governance can be expanded over time to become more robust as the project evolves. However, good governance is about more than just defining roles and decision-making processes. It can be part of the process of building a sustainable leadership pipeline and can help to create an intentional culture that encourages participation and contributions from others.

This talk will provide details about the importance of governance, how to define project governance, using governance as a pathway to leadership, creating an intentional culture, and making project ownership (e.g., individual, organization, foundation) decisions.

Speakers

Dawn Foster

Open Source Strategy Consultant, Self-Employed

Dr. Dawn Foster is an OSS strategy consultant. She is also on the board of CHAOSS and OpenUK, and was previously a co-chair of the CNCF Contributor Strategy Technical Advisory Group. She has 20+ years of experience at companies like VMware and Intel with expertise in community, strategy... Read More →

Monday May 18, 2026 11:20am - 12:00pm CDT
200J (Level Two)

OSS Enabling & Management, Project Leadership

Audience Experience Level Any

11:20am CDT

Sponsored Session: Building Community in the Age of AI - Brian Proffitt, Red Hat

Monday May 18, 2026 11:20am - 12:00pm CDT

200I (Level Two)

The pervasive presence of generative AI presents a paradigm shift for open source development and community building. Tools like Copilot, Claude Code, and other large language models (LLMs) are fundamentally changing how code is created, documentation is generated, and, to some extent, how contributions are onboarded and managed. In this presentation, Red Hat’s Brian Proffitt will explore the challenges and opportunities for cultivating vibrant, sustainable open source communities in this new technological landscape.

Brian will examine the core questions facing maintainers and contributors: How do we foster human connection and mentorship when AI can start handling routine coding tasks? What ethical and legal frameworks must be established regarding AI-generated code contributions, licensing compliance, and attribution? Using real-world examples such as the Fedora Project, this session will delve into practical strategies for leveraging GenAI as an enabler rather than a disruptor.
Key Takeaways:

Use AI to accelerate developers, not replace them. Human judgment, review, and accountability remain essential.
Stay committed to open source and transparency. Transparency, collaboration, and trust matter even more in an AI world.
Keep humans accountable for quality and compliance. AI-generated code must be reviewed for quality, security, and licensing.

This session is designed for open source maintainers, community managers, developers, and anyone interested in the future of collaborative software development, offering a roadmap for thriving in an AI-integrated ecosystem where the emphasis shifts from code production to collective innovation.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Speakers

Brian Proffitt

Senior Manager, Community Outreach, Red Hat

Brian Proffitt is Senior Manager, Community Outreach within Red Hat's Open Source Program Office, focusing on enablement, community metrics, and foundation and trade organization relationships--as well as the management of OSPO's budget. Brian's experience with community management... Read More →

Monday May 18, 2026 11:20am - 12:00pm CDT
200I (Level Two)

OSS Enabling & Management, Project Leadership

11:20am CDT

The Exploit of Trust: Securing the Open Source Supply Chain - Kadi McKean, ReversingLabs

Monday May 18, 2026 11:20am - 12:00pm CDT

200G (Level Two)

In 2025, the open source supply chain faced a record-breaking escalation in targeted attacks. This talk breaks down the latest research on how attackers exploit the "trust gap" in maintainer workflows, package repositories, and automated publishing pipelines.

Moving beyond the headlines, this session examines the abuse of repository-native features and the rise of dependency compromises. Participants will walk away with a clear understanding of the evolving threat landscape and the defensive strategies—like reproducible builds and continuous validation—essential for modern software resilience. Join us to learn how to maintain the velocity of open source development while building a foundation of verified trust.

Speakers

Kadi McKean

OSS Community Manager, ReversingLabs

Kadi is passionate about the DevOps / DevSecOps community since her days of working with COBOL development and Mainframe solutions. At ReversingLabs she collaborates with developers and security researchers to help entities prioritize their open source risk, reduce technical debt... Read More →

Monday May 18, 2026 11:20am - 12:00pm CDT
200G (Level Two)

Packages + Images + Containers

Audience Experience Level Any

11:20am CDT

Zephyr at 10 Years: Survey Feedback - Kate Stewart & Hilary Carter, The Linux Foundation

Monday May 18, 2026 11:20am - 12:00pm CDT

200D (Level Two)

Ten years ago, Zephyr set out to solve a problem that many embedded teams quietly struggled with: how to build dependable real-time systems without being locked into a single vendor, toolchain, or proprietary stack. Before beginning the project, open source developers were surveyed to identify the key problems they wanted to see a new open source RTOS to solve, such as security and safety certifications.

What followed over the next decade was more than steady adoption. Zephyr introduced a new model built around portability, adoption of security best practices, modern tooling, and a shared ecosystem of drivers and middleware. Contributors collaborate in the open to improve performance, connectivity, and reliability, enabling it to now be found embedded in products which need to last many years, if not decades.

As we head into our next 10 years, the Zephyr project reached out again to survey RTOS users and understand better what they value, and what the project should focus on improving in the years ahead. This talk will go through the results that LF Research team has identified from the survey and interviews, giving a peak at the focus points going forward.

Speakers

Hilary Carter

SVP Research, The Linux Foundation

Hilary Carter is a writer, researcher, and team leader, producing engaging, decision-useful insights that broaden the understanding of open source and emerging technologies and their impact on business, government, and society. She has contributed to books and numerous research reports... Read More →

Kate Stewart

VP Dependable Embedded Systems, The Linux Foundation

Kate Stewart works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. She has launched the ELISA and Zephyr Projects, as well as supporting other embedded projects. With more than 30 years of experience... Read More →

Monday May 18, 2026 11:20am - 12:00pm CDT
200D (Level Two)

Zephyr

Audience Experience Level Intermediate

11:50am CDT

Jenkins - Year in Review and Future Roadmap - Mark Waite, Independent

Monday May 18, 2026 11:50am - 12:00pm CDT

200C (Level Two)

Speakers

Mark Waite

Independent Consultant, Self-employed

Monday May 18, 2026 11:50am - 12:00pm CDT
200C (Level Two)

cdCon

12:00pm CDT

Lunch (Provided Onsite for All Attendees)

Monday May 18, 2026 12:00pm - 1:30pm CDT

Solutions Showcase, Ballroom A+B (Level One)

Monday May 18, 2026 12:00pm - 1:30pm CDT
Solutions Showcase, Ballroom A+B (Level One)

Special Events / Exhibits / Breaks

12:00pm CDT

Women & Non-Binary Lunch

Monday May 18, 2026 12:00pm - 1:30pm CDT

Seasons (Level Two)

We’d like to invite all attendees who identify as women or non-binary to join each other for a complimentary networking lunch at the event. We will begin with a brief introduction and then attendees will be free to enjoy lunch and mingle with one another. All attendees must identify as a woman or non-binary and must be registered for the conference to attend.

*We will do our best to accommodate all interested attendees, but please note that participation is on a first-come, first-served basis.

Monday May 18, 2026 12:00pm - 1:30pm CDT
Seasons (Level Two)

Special Events / Exhibits / Breaks

12:15pm CDT

CDF Town Hall - Moderated by Tracy Ragan, DeployHub, Inc.

Monday May 18, 2026 12:15pm - 1:15pm CDT

200C (Level Two)

Speakers

Tracy Ragan

CEO, DeployHub

Tracy is a recognized expert in software supply chain security and DevSecOps, specializing in managing complex, decoupled architectures. She is the CEO of DeployHub, a scalable post-deployment vulnerability detection platform that empowers software to 'self-heal' by automatically... Read More →

Monday May 18, 2026 12:15pm - 1:15pm CDT
200C (Level Two)

cdCon

about <br>

1:30pm CDT

Lightning Talk: From Embedded Artifacts To Durable Entities: Fixing State in Spinnaker - Ben Powell, Apple

Monday May 18, 2026 1:30pm - 1:40pm CDT

200C (Level Two)

Spinnaker historically embedded artifact data directly into pipeline execution context. As workflows grew more complex, this approach led to oversized context payloads, fragile retries, and tight coupling between pipeline logic and storage representation.

The Entity Store rethinks this model. By replacing embedded state with URI-based references and delegating persistence to pluggable handlers, Spinnaker separates semantic identity from storage mechanics. Execution context becomes lighter, more stable, and easier to evolve.

In this talk, we’ll explore the architectural shift, implementation tradeoffs, migration strategy, and what this change means for future extensibility in Spinnaker and other CD systems.

Speakers

Ben Powell

Software Engineer, Apple

Ben is a software engineer at Apple for the Spinnaker team with previous experience at AWS for the AWS SDK and ECS team. He has contributed to various different tools, services, and proposals through the years, governs the Cloud SIG for Spinnaker, and is an active participant for... Read More →

Monday May 18, 2026 1:30pm - 1:40pm CDT
200C (Level Two)

cdCon

Audience Experience Level Intermediate

1:30pm CDT

Lightning Talk: SSDF Is Not a Checklist: Turning Tasks Into CI/CD Automation - Tracy Ragan, DeployHub, Inc.

Monday May 18, 2026 1:30pm - 1:40pm CDT

200E (Level Two)

In this lightning talk, we’ll introduce the new open-source security tools guide from the Continuous Delivery Foundation and show how it delivers practical, workflow-driven guidance for integrating OpenSSF security tooling into real CI/CD pipelines—helping DevOps and platform engineering teams map pipeline activities directly to the Secure Software Development Framework (SSDF) tasks.

Attendees will learn how the guide helps organizations:
• Understand tooling to meet SSDF standards
• Integrate security without slowing delivery
• Move from tool sprawl to repeatable, secure delivery patterns

This session offers a fast, practical overview of how the CDF community is helping teams turn cybersecurity from an abstract requirement into an executable CI/CD strategy.

Speakers

Tracy Ragan

CEO, DeployHub

Monday May 18, 2026 1:30pm - 1:40pm CDT
200E (Level Two)

Digital Trust

Audience Experience Level Beginner

1:30pm CDT

OpenBao: Horizontally Scaling Secrets Management - Alexander Scheel, ControlPlane

Monday May 18, 2026 1:30pm - 2:10pm CDT

200F (Level Two)

OpenBao is an OpenSSF project and a fork of HashiCorp Vault. It is an open-source secrets manager with support for static and dynamic secrets including identities and certificates.

The OpenBao community recently landed support for horizontal scalability, formerly a Vault Enterprise exclusive feature, in partnership between multiple organizations in the community.

This session will outline the design and development process of the feature, showcase how horizontal scalability improves performance on Kubernetes, and highlight future improvements the community is considering to offer write scalability.

Speakers

Alexander Scheel

Head of OpenBao Development, ControlPlane

Alex Scheel is the Head of OpenBao Development at ControlPlane and a member of the OpenBao Technical Steering Committee. He has built a career on open source contributions, previously working at GitLab with OpenBao, at Keyfactor on Bouncy Castle, at HashiCorp on Vault, and at Canonical... Read More →

Monday May 18, 2026 1:30pm - 2:10pm CDT
200F (Level Two)

Cloud + Orchestration

Audience Experience Level Intermediate

1:30pm CDT

Debug Everything: Building a Debuginfod Backbone for Embedded Linux at Scale - Colin Pinnell McAllister & Joshua Pevehouse, Garmin

Monday May 18, 2026 1:30pm - 2:10pm CDT

208C+D (Level Two)

Embedded Linux debugging has always required difficult trade-offs. Flash storage constraints on target devices force teams to strip debug symbols from most binaries, leaving developers unable to debug critical applications without finding symbols elsewhere.

This presentation examines our transition from limited, on-target debug symbols to comprehensive debuggability across all binaries and build types. The key insight: while flash is expensive on embedded targets, centralized storage is cost-effective and scalable.

We adopted elfutils debuginfod to build enterprise-scale debug infrastructure integrated with our CI/CD pipeline. This has allowed us to host debug artifacts for every binary produced by continuous integration, enabling engineers to debug any component from any build, using standard tools like GDB, without manual symbol management.

This talk covers our journey towards using debuginfod, the architectural decisions we made that allowed debuginfod to scale, integration strategies with the Yocto build system, and the impact on engineering productivity. Attendees will gain practical insights for implementing similar solutions in their organizations.

Speakers

Joshua Pevehouse

Garmin

Colin McAllister

Senior Software Engineer, Garmin

Colin McAllister is a software engineer at Garmin, where he focuses on advancing the security, core infrastructure, and development tooling that power Garmin Marine’s diverse range of Embedded Linux products. His passion for embedded Linux began in 2017 while working on a telematics... Read More →

Monday May 18, 2026 1:30pm - 2:10pm CDT
208C+D (Level Two)

Embedded Linux Conference

Audience Experience Level Any

1:30pm CDT

Do You Need GCC To Build Embedded Linux ? - Khem Raj, Comcast

Monday May 18, 2026 1:30pm - 2:10pm CDT

208A+B (Level Two)

GCC is default toolchain for Linux based systems, ever since the Linux Distributions were being put together from early days of Linux. However, there have been important developements in compiler technologies and LLVM project has come along. The LLVM infrastructure has been used to build various different compilers for different languages, Clang is the C/C++ static compiler and rust also uses LLVM. There is LLD ( LLVM Linker ) LLDB, ( LLVM Debugger ). binutils like objcopy, objdump, strip etc. are also added. C/C++ compiler runtime in compiler-rt/libc++ has matured as well. The compiler has been used to build Linux Kernel already, However, it can be used to build full Embedded Linux Systems using infrastructure like Yocto project. This talk will showcase that a Linux system can be built completely using LLVM toolchain, replacing the compiler, compiler-runtime, binutils with LLVM built tools. In addition it will also discuss the modern tooling provided with LLVM and Clang and static analyser ( clang-scan ), clang-tidy, clanf-format etc. show-casing additional tooling that can be used by developers e.g. sanitizers.

Speakers

Khem Raj

Fellow, Comcast

Khem Raj is a yocto project maintainer and long time OpenSource contributor to many projects e.g. LLVM, Glibc, Musl, OpenEmbedded etc., he has been helping several open source initiatives in industry. He is guiding the company's adoption of open source software, and becoming an active... Read More →

Monday May 18, 2026 1:30pm - 2:10pm CDT
208A+B (Level Two)

Embedded Linux Conference

Audience Experience Level Intermediate

1:30pm CDT

When Your Budget Laptop Needs a Custom Kernel: A Linux Troubleshooting Adventure - Andrei Pokhilko, Komodor

Monday May 18, 2026 1:30pm - 2:10pm CDT

205C+D (Level Two)

This talk chronicles my journey of troubleshooting a Linux kernel issue on a budget Intel GeminiLake-based Chinese mini-laptop. What began as a simple hardware purchase escalated into a two-month deep dive into the i915 GPU driver when the display mysteriously went blank during initialization.

I'll walk through the systematic troubleshooting approach: isolating the issue to the i915 driver, identifying the kernel configuration options triggering the problem, and developing a practical patch that bypasses problematic GPIO pin activation sequences. Along the way, I'll share surprising discoveries about hardware compatibility, kernel development complexity, and the limitations of AI tools when facing real-world Linux challenges.

This presentation is designed for Linux enthusiasts and IT professionals curious about kernel troubleshooting. Attendees will leave with practical knowledge about GPU driver internals, confidence that such issues are solvable without specialized expertise, and inspiration to tackle their own hardware compatibility challenges.

Speakers

Andrei Pokhilko

Open Source Dev Lead, Komodor

Andrei is an Innovation Researcher in the CTO Office at Komodor with 20+ years of engineering experience spanning, open source leadership at CA Technologies, performance testing at Yandex, and founding Loadosophia.org. He's the creator of multiple successful open source projects including... Read More →

Monday May 18, 2026 1:30pm - 2:10pm CDT
205C+D (Level Two)

Linux

Audience Experience Level Beginner

1:30pm CDT

Crawl, Walk, Run With Your MCP Servers - Lin Sun, solo.io

Monday May 18, 2026 1:30pm - 2:10pm CDT

211A+B (Level Two)

You have built your first MCP server and tested it with the MCP inspector, but it only uses stdio or streamable HTTP without HTTPS. Do you rewrite your server to add authentication and authorization, or is there a smarter way? What if you have multiple MCP servers? Can you unify them under a single virtual server without touching any of the originals? How do you deploy all of this to Kubernetes securely and reliably?

In this demo-driven session, Lin takes you from building a simple MCP server and securing it the hard way. Then she offloads authentication, authorization, and tool multiplexing to an MCP gateway. She will show how to deploy a virtual MCP server in Kubernetes and program an AI agent to call its tools, making complex setups feel effortless. By the end, you will have practical techniques to run, secure, and scale your MCP servers with confidence.

Speakers

Lin Sun

Head of Open Source, Solo.io

Lin is the Head of Open Source at Solo.io, contributing full-time to the open-source community. She serves on the CNCF Technical Oversight Committee (TOC), is a CNCF Ambassador, and is a maintainer for Istio, kgateway, and kagent. An international speaker at tech conferences, Lin... Read More →

Monday May 18, 2026 1:30pm - 2:10pm CDT
211A+B (Level Two)

Open AI & Data

Audience Experience Level Beginner

1:30pm CDT

Next Steps in Multi-agent Systems - Deborah Dahl, Conversational Technologies

Monday May 18, 2026 1:30pm - 2:10pm CDT

200B (Level Two)

Special-purpose agentic systems can access proprietary enterprise information or private user information, such as financial, health, or employment data, that isn’t available to large public LLMs. But, by their nature, specialized agents are limited to specialized knowledge. However, more complex applications can be composed of several collaborating agents, each with a specific expertise.
Manual integration of information from several agents by users is possible, but time-consuming and clumsy, and the agents wouldn’t benefit from each other’s knowledge. A better approach would be for agents to converse directly with each other. A standard messaging protocol would enable independent agents to converse and collaborate on tasks.
This presentation will outline two protocols that enable multi-agent systems to collaborate. The first is the Linux Foundation’s Agent-to-Agent protocol, and the second is the Linux Foundation AI & Data Open Voice Interoperability Initiative’s Open Floor Protocol. We will describe each protocol and explain how they complement one another with demonstrations of collaborating agents.

Speakers

Deborah Dahl

Principal, Conversational Technologies

Deborah Dahl works on innovative, practical and scalable conversational systems that push the boundary between theory and applications. She is the Principal of Conversational Technologies, which assists its clients in creating state of the art solutions using speech and natural language... Read More →

Monday May 18, 2026 1:30pm - 2:10pm CDT
200B (Level Two)

Open AI & Data

Audience Experience Level Any

1:30pm CDT

Being a Maintainer in the Age of LLM Mania - Kevin Hannon, Red Hat

Monday May 18, 2026 1:30pm - 2:10pm CDT

200H (Level Two)

AI is all around us. In this talk, I will discuss ways maintainers can also leverage AI to combat AI slop, improve maintainer experience and avoid burnout. I will mention my experience on using AI to aide in development of Kubernetes features, maintaining testing environments and providing a good experience for users of AI assistants.

AI, for better or worse, is here to stay and maintainers should embrace the tools to aide development. In this talk, I will highlight using AI pull request review tools, creating AGENTS.md to streamline dev experience of using tools, leveraging the tools to do those cleanups you know are needed but nobody wants to do and mention ways your project can better support AI tooling.

Speakers

Kevin Hannon

Senior Software Engineer, Red Hat

Kevin Hannon is focused on improving AI/ML experience on Kubernetes. He started his career as a computational scientist and has always been interested in large scale batch jobs. He is motivated to improve Kubernetes in this area to benefit various use cases that are underserved by... Read More →

Monday May 18, 2026 1:30pm - 2:10pm CDT
200H (Level Two)

Open Source 101

Audience Experience Level Beginner

1:30pm CDT

EOL, Relicensing, Forks: A Cautionary Tale of CVEs - Bridget Kromhout & Lachlan Evenson, Microsoft

Monday May 18, 2026 1:30pm - 2:10pm CDT

200J (Level Two)

Project X goes EOL at the end of this sentence; good luck with the CVEs. Project Y has a new license meaning you can’t use it anymore; what do you mean, your team built something important on it? Project Z works great but you built a new feature in your fork, and now you can’t take the upstream patches. Half of your open source environments may have a dependency on some now-defunct project, and now everyone’s scrambling for solutions.

Join experienced open source maintainers to discuss what warning signs can help prevent abrupt retirement or relicensing from taking your end users by surprise. We’ll outline the ways you can get visibility into your software supply chain and become active in the upstreams that matter most for your needs, ensuring that you’re in control of your own destiny no matter what storm of alphabet soup comes your way.

Speakers

Bridget Kromhout

Principal Product Manager, Microsoft

Bridget Kromhout is a Principal Product Manager at Microsoft Azure, focusing on the open source cloud native ecosystem.

Lachlan Evenson

Principal Product Manager - Azure Cloud Native Ecosystem, Microsoft

Lachlan is a Principal Product Manager on the Azure Cloud Native Ecosystem team. Lachlan has served in many different roles in the cloud native community including cloud native ambassador, Kubernetes steering committee and release lead, and has deep operational knowledge of many cloud... Read More →

Monday May 18, 2026 1:30pm - 2:10pm CDT
200J (Level Two)

OSS Enabling & Management, Project Leadership

Audience Experience Level Intermediate

1:30pm CDT

Strategic Approach To Demonstrating the Value of OSS Efforts - Dawn Foster, Independent

Monday May 18, 2026 1:30pm - 2:10pm CDT

200A (Level Two)

We’ve probably all had company leadership question the value of our OSS efforts. It can be difficult to frame the value in ways that resonate with leadership and clearly articulate the organizational benefits gained through continued OSS contributions. Taking a strategic approach that connects the OSS work with the broader goals and objectives of the organization can demonstrate the value of this work so that the organization can continue to allocate resources to the OSPO or other OSS teams.

Using examples from my decades of experience in OSS, this talk will provide details about how to demonstrate value by focusing on how your OSS work helps the organization achieve their strategies and goals. Every organization has unique needs and goals based on what they are trying to achieve, so there is no “one size fits all” way of demonstrating value, but aligning your OSS strategy with your organization’s goals and focusing on the most strategic projects can help show the value of your efforts. This talk will help you reason about how OSS efforts allow your organization to achieve its goals along with framing and communicating that value in ways that resonate with your leadership team.

Speakers

Dawn Foster

Open Source Strategy Consultant, Self-Employed

Monday May 18, 2026 1:30pm - 2:10pm CDT
200A (Level Two)

OSS Enabling & Management, Operations Management & OSPOs

Audience Experience Level Intermediate

1:30pm CDT

One Signature To Rule Them All: Portable Supply Chain Verification With Zarf - Brandt Keller, Defense Unicorns

Monday May 18, 2026 1:30pm - 2:10pm CDT

200G (Level Two)

Signed software creates assurances around the integrity and authenticity of how it was produced and by whom. But signing alone is not inherently valuable. The ability to verify the signature in a meaningful way elevates the process to complete the trust cycle.

Blend this idea with many disparate signing mechanisms, add the many layers of exchange as software changes hands and where the software ultimately needs to resolve verification, combine it with many different types of artifacts, and you end up with a complex web of requirements that can be difficult to maintain.

Zarf, an OpenSSF Sandbox project, takes a different approach. Rather than requiring each artifact to be independently verified against external infrastructure, Zarf consolidates artifacts into a declarative package that is pre-verified at creation time. A single signature covers the entire package. The trusted root is embedded in the CLI and the package contains the signature, enabling meaningful verification anywhere, including entirely airgapped environments, with no external connectivity or additional tooling required.

Speakers

Brandt Keller

Staff Software Engineer, Defense Unicorns

Brandt is a Staff Software Engineer with a passion for Open Source. He serves as a Maintainer and Technical Lead for the CNCF Security & Compliance Technical Advisory Group, a Cloud Native Ambassador, and a project maintainer within the OpenSSF. He has lead and contributed to multiple... Read More →

Monday May 18, 2026 1:30pm - 2:10pm CDT
200G (Level Two)

Packages + Images + Containers

Audience Experience Level Any

1:30pm CDT

Turning the Ignition on Safety: Zephyr RTOS in Automotive Compliance - Saravanan Sekar, Linumiz

Monday May 18, 2026 1:30pm - 2:10pm CDT

200D (Level Two)

Embedded Automotive RTOS (Real-Time Operating Systems) must meet stringent requirements for safety, reliability, and security, primarily governed by the ISO 26262 standard, which details ASIL (Automotive Safety Integrity Level) requirements.

This talk covers the Zephyr RTOS complies with key functional needs, including minimal latency, high determinism, efficient memory management, and robust multitasking capabilities to handle critical tasks. Currently, the project is actively moving toward greater alignment with the needs of the automotive industry, with specific plans outlined.

Speakers

Saravanan Sekar

Software Engineer, Linumiz

Saravanan graduated in Electrical Engineering and working as Software Engineer at Linumiz. Over the past 13 years his focus is primarily on Embedded Linux, RTOS in DVB, IoT and Automotive domain. His work involves to provide Mainline Linux Kernel and related projects to run on customer... Read More →

Monday May 18, 2026 1:30pm - 2:10pm CDT
200D (Level Two)

Zephyr

Audience Experience Level Beginner

1:45pm CDT

Lightning Talk: Ortelius V12: Post-Deployment Security Defense for DevSecOps - Steve Taylor, DeployHub

Monday May 18, 2026 1:45pm - 1:55pm CDT

200C (Level Two)

Most DevSecOps pipelines stop protecting software once it is deployed, leaving organizations blind to newly disclosed vulnerabilities impacting live systems. Ortelius addresses this gap with post-deployment security powered by a digital twin of deployed software. By mapping SBOMs to running packages, versions, environments, and endpoints, Ortelius continuously correlates live systems with vulnerability databases, detecting critical and high-risk CVEs the moment they are published.

This session will introduce the latest Ortelius release, demonstrate new features, and show how teams can reduce MTTR from months to days by identifying which vulnerabilities truly impact production. Attendees will learn how Ortelius integrate with platform engineering workflows to provide continuous visibility and security beyond release.
Take Aways:
- Why pre-deployment SCA tools alone cannot protect production systems
- How Ortelius builds a digital twin of deployed software across clusters, clouds, and environments
- How SBOMs are mapped to live endpoints to identify true attack surface exposure
- How teams are reducing MTTR for critical CVEs to under 10 days

Speakers

Steve Taylor

CTO, DeployHub

Steve Taylor is a technology leader and innovator with deep expertise in service-based architecture, DevSecOps, open-source security, and secure software delivery. As CTO of DeployHub, he leads product strategy focused on build and release automation, vulnerability management, and... Read More →

Monday May 18, 2026 1:45pm - 1:55pm CDT
200C (Level Two)

cdCon

Audience Experience Level Intermediate

1:45pm CDT

OpenSSH + FIDO Workshop - Dennis Hills & Alan Alvarez, Yubico

Monday May 18, 2026 1:45pm - 3:05pm CDT

200E (Level Two)

OpenSSH has built-in support for FIDO security keys since version 8.2 (released in 2020). This means you can protect your SSH private keys using security keys, similar to how this can be done with OpenPGP smart cards and cryptographic tokens that support PKCS#11.

Although such devices all allow you to protect your private keys using cryptographic hardware, the benefits on using FIDO include:

- FIDO is easier to use, especially for beginners
- security keys can be used on the web as well to store passkeys
- no need for vendor-specific software (like PKCS#11 modules)
- security keys are inexpensive
- FIDO features device attestation, which lets you cryptographically prove you are using a specific security key make and model.

In this talk, we will give a short introduction to FIDO security keys, and provide several demos of the use of security keys with OpenSSH, such as signing arbitrary data, authenticating to remote systems, and using key attestation.

The talk consists of a number of demos that participants can follow along on their system. Participants can bring their own security key (any vendor will do). If they do not own a security key one will be provided to them.

Speakers

Dennis Hills

Sr. Solutions Architect, Yubico

Dennis Hills is a Sr. Solutions Architect for Yubico and a University of Washington graduate in Computing Software & Systems.

He has two decades of web service experience ranging from client support and networking to software open source development across various platforms and la... Read More →

Alan Alvarez

Developer Advocate, Yubico

Alan Alvarez is a Developer Advocate at Yubico, specializing in WebAuthn, passkeys, and phishing-resistant authentication. Previously, he worked as a software engineer across multiple industries, building and maintaining cloud-based services and DevOps workflows. Alan’s work sits... Read More →

Monday May 18, 2026 1:45pm - 3:05pm CDT
200E (Level Two)

Digital Trust

Audience Experience Level Beginner

2:00pm CDT

Lightning Talk: CDEvents: Ending the "Glue Code" Tax on Engineering Velocity - Mihir Vora & Prem Dhayalan, Capital One

Monday May 18, 2026 2:00pm - 2:10pm CDT

200C (Level Two)

We’ve achieved industry-wide standards for containers (docker) and orchestration (kubernetes), yet our delivery pipelines remain stuck in the "scripting era." In most organizations, the connection between a security scanner, a CI runner, and a deployment engine isn't a standard interface—it’s mostly a fragile web of custom Python scripts and yaml/jenkinsfile hacks.

This is the Glue Code Tax: a massive, invisible drain on resources that forces engineers to spend nearly half of their time maintaining integrations rather than shipping features.

This session tackles the "scripting fatigue" head-on. We will explore how to move away from fragile, one-off pipelines toward a truly modular, event-driven ecosystem. Using something like CDEvents standard as a blueprint, we’ll demonstrate how tools can "signal" their status natively, allowing you to swap out parts of your stack without rewriting your entire delivery logic. We’re moving past the era of digital duct tape and into the era of interoperable DevOps.

Speakers

Mihir Vora

Senior Distinguished Engineer, Capital One

Mihir is a Sr. Distinguished Engineer at Capital One with a passion for empowering teams and driving innovation. Mihir successfully led multiple projects that drive digital transformation and enhance customer experience over the years. Mihir has successfully balanced technical contributions... Read More →

Prem Dhayalan

Senior Distinguished Engineer, Capital One

Thought leader, evangelist in the areas of DevSecOps, Continuous Delivery, Developer Experience, Cloud Computing, Open Source Adoption, Digital Transformation. A hands-on developer

Monday May 18, 2026 2:00pm - 2:10pm CDT
200C (Level Two)

cdCon

Audience Experience Level Intermediate

2:15pm CDT

Lightning Talk: CI/CD Cybersecurity Guide - Open Source Tools to Improve DevOps Security - Kate Scarcella, Independent

Monday May 18, 2026 2:15pm - 2:25pm CDT

200C (Level Two)

Speakers

Kate Scarcella

Cybersecurity Architect, Independent

Kate Scarcella is a seasoned cybersecurity leader with over two decades of experience driving innovation and building cyber resilience. At IBM, she served on the Security Board of Advisors, where she guided Fortune 50 enterprises on strengthening their cybersecurity postures.

Kat... Read More →

Monday May 18, 2026 2:15pm - 2:25pm CDT
200C (Level Two)

cdCon

2:25pm CDT

Lightning Talk: Alcoholless: Lightweight Security Sandbox for Homebrew, AI Agents, Etc. - Akihiro Suda, NTT

Monday May 18, 2026 2:25pm - 2:35pm CDT

200G (Level Two)

This presentation introduces "Alcoholless" Homebrew, which protects macOS hosts from potential malicious Homebrew packages by running Homebrew with a separate user account. A command running with this tool is only allowed to read and write its current directory.

While Alcoholless puts focus on Homebrew, it is also applicable to other package managers such as `pip install`, `npm install`, and `go install`. Aside from package management, it is even useful for running AI coding agents that may potentially execute harmful commands.

Alcoholless is also an attempt to reexamine the necessity of Linux-style containers that emerged in this century. It just utilizes 1990s' commands (`su`, `sudo`, `rsync`) and the macOS equivalent of `useradd` to implement container-like environments, without extending the XNU kernel to support Linux-style container syscalls.

Repository: https://github.com/AkihiroSuda/alcless

Speakers

Akihiro Suda

Distinguished Software Engineer, NTT

Akihiro Suda is a software engineer at NTT Corporation. He has been a maintainer of Moby (dockerd), BuildKit, containerd, runc, etc. He is also a founder of nerdctl and Lima (CNCF project).

Monday May 18, 2026 2:25pm - 2:35pm CDT
200G (Level Two)

Packages + Images + Containers

Audience Experience Level Beginner

2:25pm CDT

Troubleshooting Like a Senior on Day 1: ReAct Agents With Real-Time Cluster Evidence - Bohyun Choi, UCLIX; Woobin Hwang, NEOWIZ Partners; TaeJi Kim, Bungaejangter Inc

Monday May 18, 2026 2:25pm - 3:05pm CDT

200F (Level Two)

If a production incident hits on your first day, can you debug it? Or if you are a senior engineer, do you find it impossible to download your years of debugging intuition into a new hire’s head?
Kubernetes troubleshooting often depends on undocumented decision paths: where to look first, which signals to trust, and how to turn a sea of logs into a testable hypothesis.

In this talk, we introduce KUBE-RCA, an open-source incident assistant that plugs into your preferred external LLM and provides real-time cluster evidence (metrics, logs, events) as structured context. Using a ReAct loop, the agent proposes hypotheses, runs an allowlisted set of read-only commands/queries, ties each claim back to evidence, and publishes a concise RCA draft directly to your team channel.

We’ll share the design decisions behind our guardrailed execution loop and how we encode SRE intuition into prompts and checks. You’ll walk away with an understanding of how to make incident response more systematic. So engineers of any tenure can resolve issues faster, with less senior interruption.

Speakers

Bohyun Choi

NVIDIA SW Engineer, UCLIX

Bohyun Choi builds Kubernetes platforms for GPU/AI workloads and NVIDIA orchestration. She architects and operates scalable GPU clusters on Kubernetes and focuses on production reliability and incident response.

She holds four CNCF Kubernetes certifications and is developing kube-rca, an open-source, guardrailed LLM-assisted tool that produces evidence-backed incident triage and RCA drafts from live cluster signals... Read More →

Woobin Hwang

DevOps Engineer, NEOWIZ Partners

DevOps for Web3 (Blockchain Validator Node Operator | DeFi Infra Operator)

"Engineering mission-critical validator node in zero-trust environments. Designing and operating 24/7 high-availability infrastructure for global DeFi protocols within the Web3 ecosystem."

TaeJi Kim

DevSecOps Engineer, Bungaejangter Inc.

DevSecOps Engineer at Bungaejangter Inc. and team lead of KUBE-RCA, an open-source Kubernetes incident assistant that pairs ReAct-based LLM agents with real-time cluster evidence for automated root cause analysis. Leads the project's architecture and guardrailed execution design to... Read More →

Monday May 18, 2026 2:25pm - 3:05pm CDT
200F (Level Two)

Cloud + Orchestration

Audience Experience Level Intermediate

2:25pm CDT

Building Virtual Drivers With RPMsg: Key Design Principles, Challenges & Trade-offs - Beleswar Prasad Padhi, Texas Instruments

Monday May 18, 2026 2:25pm - 3:05pm CDT

208A+B (Level Two)

Modern heterogeneous SoCs often integrate multiple remote processors (rprocs) that control peripherals for safety purposes, alongside a general-purpose processor running a HLOS like Linux. In automotive systems, these peripherals still need to be shared with Linux for complex use cases like Ethernet traffic sharing, coordinating multiple display pipelines. The Remote Processor Messaging (RPMsg) framework in Linux enables this model by providing an efficient IPC mechanism, allowing devices owned by rprocs to be exposed to Linux as standard devices through virtual kernel drivers built on top of RPMsg. With the growing adoption of this approach, interfaces like rpmsg-gpio, rpmsg-i2c, rpmsg-net are becoming increasingly common.

Using the upstreamed rpmsg-tty driver as an example, this talk presents:
1. The key design principles for building virtual drivers with RPMsg, covering topics like channel & endpoint management(static vs dynamic), synchronization.
2. A comparative study of RPMsg-based solutions with its VirtIO alternative, highlighting trade-offs in latency, resources and use case suitability.
3. Challenges, upstreaming lessons, common pitfalls and scope for future improvement.

Speakers

Beleswar Prasad Padhi

Senior Software Engineer at Texas Instruments, Texas Instruments

Beleswar is a Senior Software Engineer at Texas Instruments, actively working on Upstream Linux Kernel and U-Boot. His work mainly focuses on Remoteproc, RPMsg, Mailbox, Virtio subsystems, as well as boot-time optimizations. He was listed among the top contributors for Linux 6.18... Read More →

Monday May 18, 2026 2:25pm - 3:05pm CDT
208A+B (Level Two)

Embedded Linux Conference

Audience Experience Level Any

2:25pm CDT

Lessons Learned in Embedded Linux Streaming - Tokunbo Quaye, Intelligent Product Solutions

Monday May 18, 2026 2:25pm - 3:05pm CDT

208C+D (Level Two)

In this session, I’ll share practical lessons learned while architecting, building, and supporting a production media system running on custom hardware using open source systems :

Yocto for a customized OS;
GStreamer for media pipelines;
PulseAudio for audio routing;
BlueZ for Bluetooth integration;

This session is relevant because while projects like Yocto, GStreamer, PulseAudio, and BlueZ are powerful individually, integrating them into a production-ready system on custom hardware exposes complexities rarely covered in documentation. Sharing hard-earned lessons helps the ecosystem build more reliable open systems.

Main Points:
- System Overview : Hardware Constraints
- Yocto Custom OS Tradeoffs : Layer Strategy, Packet Selections, Reproducible Builds, Field Updates and Support
- Gstreamer : Pipeline design patterns, Handling dynamic audio devices
- PulseAudio & Bluez Integration
- Field Support and Long Term Maintenance : Logging Strategy; Remote Diagnostics, Managing Updates

Attendees will walk away with concrete integration patterns, design considerations for long-term maintainability, and insights that help when building real-world media systems on embedded Linux.

Speakers

Tokunbo Quaye

Principal Software Engineer, Intelligent Product Solutions

I am a seasoned Software Architect and Engineer with over 20 years of experience in all phases of software development and team technical leadership. My passion lies in designing and delivering high performance, robust, maintainable and scalable software applications that drive business... Read More →

Monday May 18, 2026 2:25pm - 3:05pm CDT
208C+D (Level Two)

Embedded Linux Conference

Audience Experience Level Any

2:25pm CDT

Booting Up: A Fresh Look at the Modern Init - Antra Purohit & Hemant Bharadwaj, Microsoft

Monday May 18, 2026 2:25pm - 3:05pm CDT

205C+D (Level Two)

For many, systemd is the mysterious engine under the hood of nearly every modern Linux distribution. We use it daily—restarting services and checking logs—but how much do we actually know about how it manages our systems? If your relationship with systemctl begins and ends with copy-pasting commands from Stack Overflow, it’s time to look deeper.

This session is a practical, beginner-friendly deep dive into the most widely adopted (and debated) init system in the open-source world. We will move beyond the "init" label to explore systemd as a comprehensive suite of management tools.

Key takeaways include:

The Unit Hierarchy: Understanding .service, .timer, and .mount files.

The Boot Process: How "Targets" replace traditional runlevels.

Hands-on Management: Mastering systemctl for lifecycle management and journalctl for lightning-fast debugging.

DIY Services: A step-by-step guide to writing your first unit file from scratch.

Whether you are a developer looking to containerize applications or a new sysadmin navigating the CLI, this talk will provide the foundational knowledge needed to stop fearing the daemon and start commanding it.

Speakers

Antra Purohit

Software Engineer, Microsoft

Antra Purohit is a software engineer working on Linux‑based cloud and embedded platforms. She works on Yocto‑based systems and cloud infrastructure, translating open‑source technologies into reliable, production‑ready solutions.

Hemant Bharadwaj

Senior Site Reliability Engineer at Microsoft, Microsoft

Hemant Bharadwaj is a Senior Site Reliability Engineer working on large-scale Linux infrastructure. He focuses on observability, incident response, debugging, and automation across distributed systems. His work centers on turning operational pain points into repeatable, open, and... Read More →

Monday May 18, 2026 2:25pm - 3:05pm CDT
205C+D (Level Two)

Linux

Audience Experience Level Beginner

2:25pm CDT

Automating MCP Server Testing: Engineering Reliability for Agentic Systems - Neethu Elizabeth Simon, Arm

Monday May 18, 2026 2:25pm - 3:05pm CDT

200B (Level Two)

AI agents don’t fail like traditional software. They don’t just throw exceptions, they drift. They misinterpret tools, invoke the wrong functions or behave differently across environments. When deploying Arm’s Open Source custom MCP server to power AI assistants for architecture development, migration, and optimization, we faced a critical question: how do we test a system built for nondeterministic interaction? In this talk, I’ll share how we moved from manual validation to a repeatable, CI-enforced testing strategy using Pytest and Testcontainers. We spin up real MCP server in Docker during tests, validating tool discovery, invocation, and protocol compliance end-to-end.
This isn’t about mocking LLM output. It’s about testing the contract between agents and tools. The key insight: treat your MCP server like production infrastructure, not experimental glue code. Because “it worked on my machine” is not a deployment strategy.
Session takeaways:
• A demo of Arm’s Open Source MCP server(github.com/arm/mcp)
• Why unit tests are insufficient for agent-facing systems
• How we run MCP server inside containerized test environments
• How GitHub Actions automate CI integration testing

Speakers

Neethu Elizabeth Simon

Staff Solution Architect, Arm Ltd

Neethu Elizabeth Simon, Staff Solution Architect, Arm (previously at Intel Corporation), with vast industrial experience(10+ ys) in building AI/ML/IoT-based solutions across retail, industrial & healthcare domains for external customers and open-source developer communities. She is... Read More →

Monday May 18, 2026 2:25pm - 3:05pm CDT
200B (Level Two)

Open AI & Data

Audience Experience Level Intermediate

2:25pm CDT

From Image To Itinerary: Multimodal Agentic Travel Planning With MCP, A2A, and BeeAI - Ezequiel Lanza, Intel

Monday May 18, 2026 2:25pm - 3:05pm CDT

211A+B (Level Two)

Planning a trip is a deceptively complex problem for AI, especially when the journey starts from visual context rather than text. In this session, we present a multimodal-first, local-first agentic architecture where a user uploads an image (e.g. “where is this place?”), and the system builds a travel plan from that visual input using Model Context Protocol (MCP), A2A (Agent-to-Agent), and BeeAI — all running fully locally without cloud dependencies.

The system employs a router and specialist agent pattern, where dedicated agents handle image understanding, hotel search, and flight search, each backed by MCP servers. A multimodal model extracts meaning from the image, after which the router decomposes the task and delegates work through A2A to the appropriate specialists.

We will walk-through how BeeAI manages agent lifecycles, how A2A enables explicit agent collaboration, and how MCP acts as a stable contract layer between reasoning and real-world capabilities. The focus is on practical architecture, configuration, and lessons learned, showing how to build MCP-centric, multimodal systems that remain extensible, reproducible, and maintainable as new agents and tools are added.

Speakers

Ezequiel Lanza

Ai Software Evangelist, Intel

Passionate about helping people discover the exciting world of artificial intelligence, Ezequiel is a frequent AI conference presenter and the creator of use cases, tutorials, and guides that help developers adopt open source AI tools.

Monday May 18, 2026 2:25pm - 3:05pm CDT
211A+B (Level Two)

Open AI & Data

Audience Experience Level Intermediate

2:25pm CDT

Sponsored Session: Open Source Search and Observability in the Agentic Era - Bobby Mohammed, AWS

Monday May 18, 2026 2:25pm - 3:05pm CDT

200I (Level Two)

For many users, open source tools have provided a dependable-yet-innovative foundation for a wide array of search and observability applications. To get the most out AI agents, these tools must evolve, with new approaches to development and deployment and new ways for users to interact. With the right foundation, agentic search and observability can accelerate innovation, supercharge applications, and achieve faster time-to-results.

In this talk, Bobby Mohammed, OpenSearch Principal Product Manager for Amazon Web Services, will demonstrate how open source, agent-powered tools can empower developers to build production-ready applications in minutes, democratize the complex work of designing and provisioning workloads, and deliver the next generation of search and observability applications.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Speakers

Bobby Mohammed

Principal Product Manager, Amazon Web Services

Bobby Mohammed is a Principal Product Manager at AWS, leading product initiatives in Search, GenAI, and Agentic AI. He has previously worked across the full machine-learning lifecycle, including data, analytics, and ML features on the Amazon SageMaker platform, as well as deep-learning... Read More →

Monday May 18, 2026 2:25pm - 3:05pm CDT
200I (Level Two)

Open AI & Data

2:25pm CDT

The $300 Enterprise Lab: Democratizing Infrastructure Skills With Raspberry Pis & AI Agents - Derek Bowdle, RTX & Cameron Khorsandi, SAP

Monday May 18, 2026 2:25pm - 3:05pm CDT

200H (Level Two)

Learning to architect robust cloud infrastructure often comes with high barriers: expensive monthly cloud bills and a lack of access to senior mentorship. How can we train the next generation of SREs and Platform Engineers without financial gatekeeping? This session explores a novel pedagogical approach: combining the physicality of a Raspberry Pi "Micro-Data Center" with the instructional power of AI coding assistants.

We will demonstrate how to use low-cost edge hardware to make abstract concepts (clustering, database sharding, and network security) physically tangible. We will then show how to utilize LLM-based chatbots to act as real-time "Senior Architects," guiding learners through complex configuration and troubleshooting tasks that usually require years of experience to master.

Attendees will leave with:

- A blueprint for building a low-cost, enterprise-grade learning lab.

- Strategies for using AI agents to accelerate learning in Kubernetes, networking, and security.

- A method to simulate "Catastrophic Failure" (e.g., pulling a plug) to learn resilience safely.

Speakers

Cameron Khorsandi

Business Development Expert, SAP

Cameron Khorsandi is a Business Development expert at the Office of the CTO at SAP. He specializes in working with Fortune 500 executives to bridge the gap between advanced AI and Machine Learning technologies and real-world business applications. A technologist at heart, Cameron... Read More →

Derek Bowdle

Senior Machine Learning Engineer, RTX

: Derek Bowdle is a Senior Machine Learning Engineer at RTX and a former math educator. He combines deep technical expertise in Kubernetes and AI with a passion for accessible learning. At RTX, he architects digital threads and predictive models; off the clock, he pushes the limits... Read More →

Monday May 18, 2026 2:25pm - 3:05pm CDT
200H (Level Two)

Open Source 101

Audience Experience Level Any

2:25pm CDT

Merge, Maintain, or Move On? Deciding the Fate of an Open Source Project - Robin Ginn, OpenJS Foundation

Monday May 18, 2026 2:25pm - 3:05pm CDT

200J (Level Two)

When does maintaining a project become more harmful than helpful? As the leader of the OpenJS Foundation, home to Node.js and more, I will give a candid talk to unpack the hardest question in open source: how do you know when it’s time to let go? Drawing from real-world examples from leading one of the web’s most widely used open source foundations and its JavaScript projects like Lodash, jQuery, and Express, I will explore what it means to responsibly sunset a project, merge with others, or double down on maintenance. You’ll learn how to read the signs for security and sustainability, engage the community, and what it takes to wrap up a project with integrity, especially when billions of developers still rely on it.

Speakers

Robin Bender Ginn

Executive Director, OpenJS Foundation

Robin Bender Ginn is the Executive Director of the OpenJS Foundation. Hosted by the Linux Foundation, OpenJS is the neutral home to grow and sustain the JavaScript and web ecosystem with 35 projects including Appium, Electron, Jest, jQuery, Node.js and webpack. Previously, Robin led... Read More →

Monday May 18, 2026 2:25pm - 3:05pm CDT
200J (Level Two)

OSS Enabling & Management, Project Leadership

Audience Experience Level Intermediate

2:25pm CDT

Scaling Your OSPO With Agents and Automation: Lessons From GitHub's Open Source Program - Ashley Wolf, GitHub

Monday May 18, 2026 2:25pm - 3:05pm CDT

200A (Level Two)

As open source adoption grows, the role of the OSPO expands with it. At GitHub, we saw an opportunity to scale our capabilities by automating the repetitive work—like checklists, scans, reports, and audits—that every program office handles.

In this session, I’ll outline how we evaluated AI agents to handle the heavy lifting of data gathering and analysis. We’ll look at practical use cases for automating OSPO activities like review, compliance, reporting, including dependency analysis and license detection, using data from sources like ClearlyDefined and OpenSSF Scorecard.

Join me as we explore the patterns that worked, the surprises we encountered, and how these workflows provide a comprehensive view of project health for OSPOs. You’ll leave with a framework for applying AI, agents, agentic workflows to your own OSPO’s challenges, helping you scale your operations efficiently across the entire open source lifecycle.

Speakers

Ashley Wolf

Director, Open Source, GitHub

Monday May 18, 2026 2:25pm - 3:05pm CDT
200A (Level Two)

OSS Enabling & Management, Operations Management & OSPOs

Audience Experience Level Beginner

2:25pm CDT

From Pre‑Silicon To Production: Firmware Development on Zephyr - Dev Bhaveshbhai Joshi, Qualcomm Technologies Inc.

Monday May 18, 2026 2:25pm - 3:05pm CDT

200D (Level Two)

When our production power‑management IC (PMIC) firmware moved to Zephyr, it opened the door for us to streamline our development and validation workflow. Our production firmware used a proprietary RTOS, which required maintaining a separate codebase for pre-silicon validation. By standardizing on Zephyr, an RTOS supported across hundreds of MCUs, we were able to use single application codebase across the entire development flow.

In this talk, I’ll describe how we built a Zephyr‑based pre-silicon PMIC testing platform, enabling the same application to run on both the production as well as pre‑silicon hardware running on a completely different SoC (Raspberry Pi Pico) and a custom evaluation kit. I will briefly outline the software architecture: the application running on Zephyr with board configuration defined through device tree and Kconfig. I will also cover the hardware architecture that connects the Pico to the PMIC evaluation kit, and the Twister‑based Hardware-in-loop tests we incorporated for validation.

I’ll close by highlighting how Zephyr’s broad hardware support and tooling helped simplify our workflow and reduce duplicate effort across multiple platforms.

Speakers

Dev Joshi

Embedded Software Engineer, Qualcomm Technologies Inc.

With a Master of Science in EE from the University of California, Riverside, I contribute to Qualcomm as an Embedded Software Engineer specializing in PMIC software and USB Type-C/PD development. My work focuses on crafting robust Battery Management software for mobile and compute... Read More →

Monday May 18, 2026 2:25pm - 3:05pm CDT
200D (Level Two)

Zephyr

Audience Experience Level Any

2:30pm CDT

Keynote: AI in CI/CD Without the Hype: Practical Patterns for Platform Engineers - Jennifer Mulford, Okta

Monday May 18, 2026 2:30pm - 3:00pm CDT

200C (Level Two)

AI is being discussed as the next evolution of CI/CD, but much of that conversation skips over the realities faced by platform and infrastructure teams responsible for reliability, security, and trust. In practice, introducing AI into pipelines requires restraint, clear boundaries, and a strong understanding of where AI use helps and where it creates risk.
This talk focuses on practical, open-source approaches to using AI in CI/CD pipelines today. We’ll explore patterns where AI acts as a copilot: summarizing pull requests, generating test suggestions, helping engineers interpret CI failures, and enriching security signals while keeping humans firmly in control of decisions.
The session will also cover security concerns, prompt injection risks, secrets exposure, and the importance of treating AI output as untrusted input. We’ll discuss guardrails that help teams experiment safely, such as read-only workflows, explicit review steps, and self-hosted or open-source tooling that avoids sending proprietary code to third-party services.
Attendees will leave with a clear mental model for evaluating AI use cases in their own pipelines and an understanding of the tradeoffs involved.

Speakers

Jennifer Mulford

Senior Platform Security Engineer, Okta

Jennifer Mulford is a Senior Platform Security Engineer with 8+ years in DevOps and security, holding certifications including CISSP, CKA, Security+, CEH, and AWS certifications. She focuses on practical, real-world security engineering and automation.

Monday May 18, 2026 2:30pm - 3:00pm CDT
200C (Level Two)

cdCon

Audience Experience Level Any

2:55pm CDT

Lightning Talk: Artifacts That Explain Themselves: Build Metadata in Practice - Socheat Sou & Prajakta Kashalkar-Joshi, IBM

Monday May 18, 2026 2:55pm - 3:05pm CDT

200G (Level Two)

It's common practice to include the Git commit hash in a container image label to serve as a reference, but are you using container labels (and artifact metadata) to their full potential? By embedding metadata into your artifacts you expand your GitOps capabilities. Implement a simple build-cache-like mechanism when building your artifacts, generate robust changelogs across your multi-repo product, or provide better transparency to your security team for their audits and reports. It's even possible to perform Git Bisect-like problem determination between built images. While this talk will explore real-world examples using container images as portable sources of truth, these concepts can be applied anywhere it's possible to add additional metadata to built artifacts.

Speakers

Socheat Sou

Senior Software Engineer, IBM

Socheat has 20+ years of experience at IBM across test, development, and DevOps teams. As a DevOps lead, has led the redesign of CI/CD pipelines, implemented automation tools, and improved release management processes, significantly increasing efficiency and reliability. Socheat is... Read More →

Prajakta Kashalkar-Joshi

Senior technical Staff Member, IBM

Prajakta is a DevSecOps Architect at IBM with 20+ years of experience. A DevOps practitioner since 2010, she leads secure CI/CD pipeline development and mentors aspiring DevSecOps professionals. Passionate about advancing women in tech, she supports various inclusion initiatives... Read More →

Monday May 18, 2026 2:55pm - 3:05pm CDT
200G (Level Two)

Packages + Images + Containers

Audience Experience Level Any

3:05pm CDT

Ask the Expert Sessions

Monday May 18, 2026 3:05pm - 3:35pm CDT

TBA

Ask the Expert Session: Sit down with open source experts to gain knowledge 1:1 and ask all your pressing questions!

No sign-up necessary! More information coming soon!

Monday May 18, 2026 3:05pm - 3:35pm CDT
TBA

Ask the Experts

3:05pm CDT

Coffee Break

Monday May 18, 2026 3:05pm - 3:35pm CDT

Solutions Showcase, Ballroom A+B (Level One)

Monday May 18, 2026 3:05pm - 3:35pm CDT
Solutions Showcase, Ballroom A+B (Level One)

Special Events / Exhibits / Breaks

3:35pm CDT

Lightning Talk: When Pipelines Decide: Governing Speed, Trust, and Accountability in AI-Driven CI/CD - Sundeep Bobba, Southwest Airlines & Naga Sujitha Vummaneni, Ripple

Monday May 18, 2026 3:35pm - 3:55pm CDT

200C (Level Two)

AI and autonomous agents are now coming into CI/CD pipelines more and more. Earlier they only followed instructions. Now they help in testing, deciding releases, approving deployments, and sometimes fixing problems on their own. This is a big change. Because of this, we need to think again about speed, security, and who is responsible when something goes wrong.

This session talks about few important things, in simple way:

• Moving from only making pipelines faster to also adding control. DevOps is not just optimization now, it also needs governance and good system design.
• Practical patterns from real work. Architecture and team setups that people can actually use and scale.
• Rules for bots that do not slow humans. Policy driven guardrails for autonomous pipelines.
• Clear decision points. Who decides what, and when humans must step in.
• Human oversight at scale. Reviews that still matter but do not block delivery.
• Security from the beginning. Audit logs, policy enforcement, and safe handling when signals are not very clear.

Speakers

Sundeep Bobba

Tech Lead Cloud DevOps Engineer, Southwest Airlines

Sundeep Bobba is a Tech Lead Cloud DevOps Engineer at Southwest Airlines with 15+ years of experience building large-scale, cloud-native CI/CD and automation platforms. He leads enterprise DevOps modernization supporting millions of customers and billions in digital revenue. He is... Read More →

Naga Sujitha Vummaneni

Sr. Security Engineer, Ripple

Naga Sujitha Vummaneni is a Senior Security Engineer at Ripple with 10+ years of experience in cloud security automation and infrastructure engineering across Google, Nike, eBay, and other tech leaders. AWS Certified Security and CISM credential holder, she specializes in blockchain... Read More →

Monday May 18, 2026 3:35pm - 3:55pm CDT
200C (Level Two)

cdCon

Audience Experience Level Intermediate

3:35pm CDT

Bots Are Your Best Maintainers: Scaling Governance With Automated Security Tools - Chandra Inguva & Manoj Kumar, Microsoft

Monday May 18, 2026 3:35pm - 4:15pm CDT

200E (Level Two)

Open source projects are under-resourced, yet responsible for maintaining large, security-critical dependency ecosystems. Maintainers are overwhelmed by manual reviews, vulnerability alerts, and patch backlogs—and falling behind is inevitable.
This talk shows how automated security bots can take over the bulk of governance work. Using tools like Dependabot, Renovate, and automated security scanners, projects can automatically detect vulnerabilities, open and validate pull requests, enforce policies, and reduce human effort without sacrificing trust or quality.
We’ll walk through a practical bot stack that allows open source projects to scale from a small maintainer group to dozens of contributors, while cutting patch timelines from weeks to days. Attendees will learn which tools to deploy, how to configure them safely, and how to rely on automation for repetitive security work—so humans can focus on decisions that actually require judgment.

Speakers

Chandra Inguva

Product Manager, Microsoft

Chandra Inguva is a product manager at Microsoft

Manoj Kumar

Sr. Security Product Manager, Microsoft

Manoj Kumar is a Cybersecurity Leader at Microsoft with 20+ years of experience. A pioneer in AI/ML security, he helped build the Responsible AI Standard for LLMs and led AETHER’s group creating CodeQL rules for AI risk detection. Manoj architected Azure ML for air-gapped government... Read More →

Monday May 18, 2026 3:35pm - 4:15pm CDT
200E (Level Two)

Digital Trust

Audience Experience Level Beginner

3:35pm CDT

Engineering Quality in a Fast-Moving Open Source Project: WPE WebKit - Mario Sanchez-Prada, Igalia

Monday May 18, 2026 3:35pm - 4:15pm CDT

208C+D (Level Two)

Building an embedded product on top of a large Open Source codebase like WPE WebKit is only the first step. The real challenge is keeping its quality stable as thousands of lines evolve and hundreds of changes land every week across multiple platforms.

In such an environment, errors and regressions are inevitable. What matters is detecting them quickly, understanding their impact, and reacting before they propagate further. This talk focuses on the engineering work that makes this possible, an effort that is essential yet often invisible.

Using WPE WebKit as a case study, we will explore how quality becomes a continuous engineering effort rather than a final validation phase and how CI and QA infrastructure, testing strategies, and processes (e.g. stabilization windows) sustain upstream development while supporting downstream deployments. We will show how these feedback loops reinforce each other and why aligning upstream and downstream processes is critical to keep quality stable over time.

This talk targets engineers, maintainers, and technical leaders working on large Open Source projects, as well as teams building products on top of them who need to sustain quality at scale.

Speakers

Mario Sanchez-Prada

Software Engineer and WebKit Team coordinator at Igalia, Igalia

Software engineer and partner at Igalia with 18+ years of experience working on the development of Linux-based Operating Systems, the GNOME platform, Web engines (i.e. WebKit, Blink) and Web browsers (Epiphany, Chromium).

Past experience includes work on the Maemo project, Litl... Read More →

Monday May 18, 2026 3:35pm - 4:15pm CDT
208C+D (Level Two)

Embedded Linux Conference

Audience Experience Level Any

3:35pm CDT

Status of Linux Boot-time Work - Tim Bird, Sony Electronics

Monday May 18, 2026 3:35pm - 4:15pm CDT

208A+B (Level Two)

In this talk, Tim will describe the status of work to reduce boot-time for Linux systems. This include work by the Boot-Time Special Interest Group (SIG), as well as others in the Linux ecosystem. We will cover patches that have gone upstream to the Linux kernel and to systemd in the past year, their potential boot-time savings, and how to use them in your own projects. Patches in progress will also be discussed. Tim will summarize recent boot-time talks from other events (particularly Linux Plumbers Conference), highlighting some of the techniques that were described. Finally, Tim will present his own work to build a boot-time wizard program, to help developers find boot-time bottlenecks and areas where boot speed can be improved.

Speakers

Tim Bird

Principal Software Engineer, Sony Electronics

Tim Bird is a Principal Software Engineer for Sony Corporation, where he helps Sony use Linux and other open source software in their products. Tim is the organizer of the Linux Boot-Time Special Interest Group, a contributor to the Linux kernel, and is involved with numerous Linux... Read More →

Monday May 18, 2026 3:35pm - 4:15pm CDT
208A+B (Level Two)

Embedded Linux Conference

Audience Experience Level Intermediate

3:35pm CDT

KernelScript: Unifying EBPF, Userspace, and Kernel Extensions in One Language - Cong Wang, Multikernel Technologies

Monday May 18, 2026 3:35pm - 4:15pm CDT

205C+D (Level Two)

eBPF has made Linux highly extensible, but production eBPF systems remain fragmented and complex. Developers must write raw C for eBPF, separate userspace loaders, manage BTF compatibility, handle tail calls, dynptr APIs, and sometimes build kernel modules for kfunc support, all across different build systems.

KernelScript is a domain-specific open-source programming language that unifies eBPF, userspace, and kernel extension development in a single, type-safe source file. It introduces multi-target compilation, automatic tail-call orchestration, transparent map and dynptr handling, lifecycle-safe program loading/attaching, and built-in kfunc support that generates kernel module scaffolding automatically.

This talk presents the language design, verifier-aware type system, and compiler architecture behind KernelScript, along with real examples combining XDP, TC, probes, userspace coordination, and custom kernel functions.

KernelScript explores a broader question: what should the next generation of Linux extensibility tooling look like?

Speakers

Cong Wang

Founder and CEO, Multikernel Technologies

Cong Wang is a professional Linux kernel developer mainly focuses on Linux networking and eBPF, he is also a Linux kernel maintainer for the networking traffic control subsystem. He has contributed over 1000 patches to the Linux kernel project.

Monday May 18, 2026 3:35pm - 4:15pm CDT
205C+D (Level Two)

Linux

Audience Experience Level Intermediate

3:35pm CDT

Who You Gonna Call? Taming OpenClaw's Rogue AI Agents With OpenTelemetry and Tetragon - Henrik Rexed, Dynatrace

Monday May 18, 2026 3:35pm - 4:15pm CDT

211A+B (Level Two)

There's something strange in your infrastructure. Who you gonna call?
OpenClaw , the open source AI agent formerly known as Clawdbot, then Moltbot exploded past 150,000 GitHub stars in weeks. It connects LLMs to your messaging platforms, terminal, and file system, giving AI full autonomous control. But like a Ghostbusters ghost, it wreaks havoc: $20 in tokens burned overnight to check the time, a one-click RCE (CVE-2026-25253), 21,000 exposed instances, and 341 malicious skills in the marketplace.
I will straps on my proton pack to bust these ghosts with open source tools. First, the OpenClaw Observability Plugin :
- an OpenTelemetry-based plugin capturing full agent lifecycle traces: request → agent turn → tool calls, with per-tool timing, token breakdowns, and error tracking. Your PKE meter for rogue AI.
- Then, Tetragon , eBPF-powered kernel-level policies restricting file access, network connections, and process execution. The containment unit no prompt injection can escape. A live demo ties it all together: OpenClaw + observability plugin + Tetragon, with traces and security events flowing into one dashboard.
We came, we saw, we traced it.

Speakers

Henrik Rexed

Cloud Native advocate & CNCF Ambassador, Dynatrace

Henrik is a Cloud Native Advocate at Dynatrace and a CNCF Ambassador . Prior to Dynatrace, Henrik has worked more than 15 years, as Performance Engineer. Henrik Rexed Is Also one of the Organizer of the conferences named WOPR, KCD Austria and the owner of the Youtube Channel Isit... Read More →

Monday May 18, 2026 3:35pm - 4:15pm CDT
211A+B (Level Two)

Open AI & Data

Audience Experience Level Intermediate

3:35pm CDT

Quantum Computing for Software Engineers, Not Physicists - Ram Iyengar, Linux Foundation

Monday May 18, 2026 3:35pm - 4:15pm CDT

200H (Level Two)

All the quantum computing talks I've seen so far are about qubits, spin, superposition, and complicated math. Things that may not be entirely in the realm of software developers.
However, the reality is that there are several resources to aid software developers to simulate, test, and run quantum-based algorithms. Simple applications can be developed to explore the functioning of this new realm of computing.
The talk will consist of a section that explores all the available resources for software engineers to program simple quantum circuits and observe results. The second part will be sample code and runs that demonstrate several of these. Samples written in Python and Rust will be run and demonstrated.
In addition, several Linux Foundation projects and courses will be highlighted during the talk.

Speakers

Ram Iyengar

India Community lead, OpenSSF

Ram Iyengar is an engineer by practice and an educator at heart. He was (cf) pushed into technology evangelism along his journey as a developer and hasn’t looked back since! He enjoys helping engineering teams around the world discover new and creative ways to work. He is a proponent... Read More →

Monday May 18, 2026 3:35pm - 4:15pm CDT
200H (Level Two)

Open Source 101

Audience Experience Level Beginner

3:35pm CDT

Sponsored Session: Open-sourced Blockchain Solutions: Cardano’s Infrastructure-First Approach - Marco Russo, Cardano Foundation

Monday May 18, 2026 3:35pm - 4:15pm CDT

200I (Level Two)

Open source has become key to blockchain development, especially for public, permissionless blockchains such as Cardano. This session will share insights into the Cardano Foundation’s "Infrastructure-First" strategy. We will discuss how to sustain a diverse suite of open-source solutions designed for institutional and community use. Key case studies include:

A financial reporting and accounting system that creates immutable, easy to audit records
A scalable solution for verifiable proof of origin and product integrity
An identity and access management platform focusing on fraud prevention and digital sovereignty
A secure yet transparent voting infrastructure for decentralized governance.

Speakers

Marco Russo

Backend Development Lead, Cardano Foundation

Marco Russo is a Backend Development Lead at the Cardano Foundation, where he oversees the development of high-assurance, open-source infrastructure. Russo focuses on bridging the gap between traditional enterprise needs and decentralized protocols. His work centers on building secure... Read More →

Monday May 18, 2026 3:35pm - 4:15pm CDT
200I (Level Two)

OSS Enabling & Management, Blockchain and Distributed Ledger Technologies

3:35pm CDT

Taming MCP Server Sprawl: Securing and Scaling the Model Context Protocol in Production - Jeffrey Borek & Olivia Buzek, IBM

Monday May 18, 2026 3:35pm - 4:15pm CDT

200A (Level Two)

As AI agents transition from pilots to production systems, enterprises are rapidly adopting the open source Model Context Protocol (MCP) to connect models with tools, data, and services. But this flexibility introduces a new challenge: MCP server sprawl. Proliferating endpoints, inconsistent trust models, weak identity controls, and unclear governance can quickly create operational and security risk. This session explains what MCP is, why its adoption is accelerating, and where architectural pitfalls emerge at scale. Developers will learn key design principles for secure deployment, including authentication patterns, authorization boundaries, observability, lifecycle management, and policy enforcement. Attendees will leave with a practical mental model for building MCP integrations that remain composable, governable, and production-ready as ecosystems evolve.

Speakers

Jeffrey Borek

WW Program Director, Open Technologies, IBM

Working across IBM Research to build a scalable and consistent AI software supply chain security framework, while continuing to lead the consumption compliance Open Source Program Office (OSPO), including policy, execution and guidance. Working with IBM Government & Regulatory Affairs... Read More →

Olivia Buzek

Senior Staff Developer Advocate for AI, IBM

Olivia is a computational linguist turned AI engineer. Her career has focused on data, machine learning, and AI. She subscribes to neither AI hype nor AI doomerism, believing that human creativity and AI can coexist, and that builders of AI applications have a responsibility to their... Read More →

Monday May 18, 2026 3:35pm - 4:15pm CDT
200A (Level Two)

OSS Enabling & Management, Operations Management & OSPOs

Audience Experience Level Intermediate

3:35pm CDT

StageX: Rebuilding Trust Through Multi-Signed, Full-Source Bootstrapped, and Reproducible Builds - Danny Grove, Manifest Cyber & Lance Vick, Distrust

Monday May 18, 2026 3:35pm - 4:15pm CDT

200G (Level Two)

Most Linux distributions trust individual maintainers with complete package control, creating critical supply chain vulnerabilities. StageX rebuilds this trust model from scratch with a radically different approach: no single person or computer can compromise the system.
StageX requires fully bit-for-bit reproducible builds verified and signed by multiple independent parties before release. Built from 181 bytes of machine code, StageX bootstraps modern toolchains that can be used in container-native and static contexts.
This talk demonstrates StageX's approach to full-source bootstrapping, bit-for-bit reproducibility and multi-party verification; contrasts it with other reproducible build efforts like NixOS/Guix, and shows how its container-native design provides practical security guarantees. You'll learn how to implement these approaches in your own infrastructure to build software from toolchain to deployment.

Speakers

Lance Vick

Security Engineer, Distrust

Danny Grove

Lead Infrastructure Engineer, Manifest Cyber

Software and Infrastructure Engineer with 16 years of experience across the web stack. Co-Founder of Hashbang, a decentralized hackerspace. Owner at DR Grove Software LLC and Lead Infrastructure Engineer at Manifest Cyber. Cyborg. Specializes in containerization, building other peoples... Read More →

Monday May 18, 2026 3:35pm - 4:15pm CDT
200G (Level Two)

Packages + Images + Containers

Audience Experience Level Intermediate

3:35pm CDT

DroneCode Community Update - Ramon Roche, DroneCode Foundation & Lorenz Meier, Creator of PX4 & Auterion

Monday May 18, 2026 3:35pm - 4:15pm CDT

200B (Level Two)

Speakers

Lorenz Meier

Creator of PX4 & Founder and CEO, Auterion

Dr. Lorenz Meier is Founder and CEO of Auterion and the founder of a number of important open source projects for the drone industry that include PX4, MAVLink, QGroundControl and is the creator of the Pixhawk autopilot. He is a veteran of the drone industry since 2008 with more than... Read More →

Ramon Roche

General Manager, The Linux Foundation

Ramón Roche is General Manager of the Dronecode Foundation, an open-source project under the Linux Foundation supporting drone and robotics development. He leads a global ecosystem behind technologies like PX4 and Pixhawk, and has over a decade of experience in open source. Ramón... Read More →

Monday May 18, 2026 3:35pm - 4:15pm CDT
200B (Level Two)

PX4 Dev Summit

Audience Experience Level Any

3:35pm CDT

Beyond Static Devicetrees: Implementing Runtime Hardware Dynamism in Zephyr - Wai-Hong Tam, Google

Monday May 18, 2026 3:35pm - 4:15pm CDT

200D (Level Two)

Zephyr’s build-time configuration excels at efficiency, but challenges mass production. When a single product design needs to support dozens of hardware variations, e.g. swapping out sensors or chargers due to supply chain constraints, the standard build flow often leads to managing a unique binary for every combination. This creates a validation nightmare.

This talk presents an architectural framework used in the ChromeOS Embedded Controller that brings runtime adaptability to Zephyr, achieving Linux-like flexibility without the memory overhead of a live DTB parser.

We cover two specific patterns:
1. Dynamic Driver Selection: We treat the Devicetree as a pool of supported components. By reading a configuration bitfield from manufacturing data (EEPROM or protected flash) at boot, the firmware dynamically initializes only the correct drivers for that specific unit.

2. Safe Hardware Discovery: Zephyr compiles away hardware descriptions, leaving the host OS blind to connected peripherals. We introduce a pipeline that exports Devicetree definitions into a "Component Manifest". This enables safe OS-level verification, avoiding the risks of "blind probing" on I2C buses.

Speakers

Wai-Hong Tam

Staff Software Engineer, Google

Wai-Hong is a Staff Software Engineer at Google with over 20 years of embedded expertise. His career spans from RTOS and BootROM work at MediaTek to leading firmware architecture for ChromeOS. At Google, he has contributed to verified boot, U-Boot for the first ARM Chromebook, the... Read More →

Monday May 18, 2026 3:35pm - 4:15pm CDT
200D (Level Two)

Zephyr

Audience Experience Level Intermediate

3:35pm CDT

BoF: DRA for AI Workloads: Where Does the Spec Need To Go Next? - Yahav Biran, Amazon

Monday May 18, 2026 3:35pm - 4:20pm CDT

200F (Level Two)

Kubernetes Dynamic Resource Allocation is now being adopted by hardware vendors implementing drivers for accelerators and high-speed networking. But as real-world AI workloads hit the spec—disaggregated inference across multiple nodes, topology-aware co-location of compute and network devices, per-workload hardware configuration—gaps are emerging. This Birds of a Feather session invites platform engineers, infrastructure teams, and Kubernetes contributors to compare notes on where DRA works well and where the spec leaves teams filling in the blanks themselves. We will use the AWS Trainium Neuron DRA driver as a concrete reference point to ground the discussion, then open the floor: What attributes should be standardized across vendors? How should multi-device atomic allocation be handled? What does the community need to build so that DRA delivers on its promise across all accelerator hardware?

Speakers

Yahav Biran

Principal Architect, Amazon

Yahav Biran is a Principal Architect at AWS, focusing on large-scale AI workloads. He contributes to open-source projects and publishes in AWS blogs and academic journals, including the AWS compute and AI blogs and the Journal of Systems Engineering. He frequently delivers technical... Read More →

Monday May 18, 2026 3:35pm - 4:20pm CDT
200F (Level Two)

Cloud + Orchestration

Audience Experience Level Intermediate

3:35pm CDT

FLOSS Mentorship Unconference: A Community Event to Share, Shape, & Scale Mentoring Efforts in Open Source (Open to All Attendees; No Pre-registration Required)

Monday May 18, 2026 3:35pm - 6:05pm CDT

200J (Level Two)

FLOSS Mentorship Unconference: A Community Event to Share, Shape, & Scale Mentoring Efforts in Open Source (Open to All Attendees; No Pre-registration Required)

An unconference afternoon for anyone engaged in open source mentorship -- or who would like to be. We’ll build the agenda on-the-spot, then move into focused discussions to share best practices, challenges, and aspirations. Expect to leave with new contacts and a shared action list for better, more sustainable mentoring. Topics crowdsourced day-of – join us just to listen, or to pitch one of your own!

Speakers

Tyler Menezes

CEO, CodeDay

Tyler Menezes is the Executive Director at CodeDay, where he works to provide welcoming and diverse opportunities for under-served students to explore a future in tech and beyond.

He briefly attended the University of Washington before dropping out to start a Y Combinator and VC-backed social video startup in 2011. This, combined with stints working at Microsoft Research and several Seattle startups, led to his work finding data-driven solutions to increas... Read More →

Lola Egherman

VP Product & Operations, CodeDay

I love getting students excited about technology. I'm always happy to talk about CS Education, Open Source Mentoring programs, and any innovative or fun ideas to keep students engaged

Emily Lovell

OSPO Associate Director / Assistant Adjunct Professor of Computer Science and Engineering, UC Santa Cruz

Dr. Emily Lovell is the Associate Director of the UC Santa Cruz OSPO, which anchors the multi-campus University of California OSPO Network. She also holds a faculty appointment in the Computer Science and Engineering department, supporting new contributors through research, teaching... Read More →

Silas Morgan

Norfolk State University

Monday May 18, 2026 3:35pm - 6:05pm CDT
200J (Level Two)

Special Events / Exhibits / Breaks

4:00pm CDT

Panel Discussion: Protecting the Software Supply Chain with AI - Jennifer Mulford, Okta; Ryo Sugahara, NTT; Mihir Vora, Capital One; Tracy Ragan, DeployHub

Monday May 18, 2026 4:00pm - 4:30pm CDT

200C (Level Two)

Moderators

Tracy Ragan

CEO, DeployHub

Speakers

Jennifer Mulford

Senior Platform Security Engineer, Okta

Mihir Vora

Senior Distinguished Engineer, Capital One

Ryo Sugahara

Evangelist, NTT DATA GROUP Corporation

I joined NTT Data in 2005. Currently, I'm dedicated to driving modernization through the integration of CI/CD and infrastructure automation, transforming traditional projects.

Monday May 18, 2026 4:00pm - 4:30pm CDT
200C (Level Two)

cdCon

4:30pm CDT

Why Is It Always DNS?: Rethinking & Engineering Node-Level DNS Resolution in Kubernetes - Shaheen Sayyed & Ankur Singh, Red Hat

Monday May 18, 2026 4:30pm - 5:10pm CDT

200F (Level Two)

Is it DNS or is it network? & why is answer always DNS? In K8s, most clusters quietly rely on /etc/resolv.conf on every node for all non-service name resolution. At scale, this dependency becomes a liability, reducing caching & observability while causing fragile forwarding, higher latency, upstream resolver overload, and host-level divergence in multi-cloud environments

This talk will explain how K8s actually consumes node DNS today & then present two solutions: CoreDNS for large, complex clusters; dnsmasq for medium scale that bring deterministic caching, controlled forwarding, traffic steering, and real visibility—turning DNS from black box into an engineered system component

Attendees will gain a framework to choose DNS implementation strategies by understanding trade-offs based on cluster scale, workload type and platform maturity. We’ll compare CoreDNS & dnsmasq, surface real failure modes, & show how different designs affect latency, reliability, & blast radius.

Speakers

Shaheen Sayyed

Site Reliability Engineer, Red Hat

Coding Enthusiast with a keen interest in Building Scalable Cloud Applications

Ankur Singh

Senior Site Reliability Engineer, Red Hat

A diverse Software Engineer with experience as DevOps Engineer, Platform Engineer & Site Reliability Engineer.

Monday May 18, 2026 4:30pm - 5:10pm CDT
200F (Level Two)

Cloud + Orchestration

Audience Experience Level Beginner

4:30pm CDT

The Architecture of Accountability: Transparency in Software - Hayden Blauzvern, Google

Monday May 18, 2026 4:30pm - 5:10pm CDT

200E (Level Two)

In the context of secure systems, "transparency" is often a loaded term. We will propose a precise definition: the guarantee of discoverability and auditability. Transparency is the difference between a system that merely claims to be secure and a system that provides proof of its security claims.

This session offers a high-level primer on the principles of cryptographic transparency. We will discuss how to design transparent applications and explore the tooling available to create tamper-evident systems. We will examine how this pattern has already been used, from Certificate Transparency providing auditability for web PKI, Binary Transparency securing software delivery, and Key Transparency hardening messaging applications. We will demonstrate how transparency can be applied for emerging frontiers as well, such as AI model provenance and news authenticity.

Finally, we will discuss the ongoing specifications work to standardize transparency primitives and highlight opportunities to participate. Attendees will leave with a clear mental model for transparency by design, ready to build systems where accountability is a default feature, not an afterthought.

Speakers

Hayden Blauzvern

Technical Lead Manager, Google

Hayden Blauzvern is a technical lead manager on Google’s Open Source Security Team, focused on making open-source software more secure through code signing and applied transparency. Hayden is a maintainer and the community chair on the Sigstore project.

Monday May 18, 2026 4:30pm - 5:10pm CDT
200E (Level Two)

Digital Trust

Audience Experience Level Any

4:30pm CDT

Bootph: A Swiss Army Knife for Boot-Time Optimization - Gokul Praveen & Beleswar Prasad Padhi, Texas Instruments

Monday May 18, 2026 4:30pm - 5:10pm CDT

208A+B (Level Two)

With more stringent regulations for automotive usecases, every millisecond of boot time is critical. Safety features like rear-view camera and surround view must start working quickly to meet regulations. A typical solution is to have custom boot loaders as they are often faster than U-Boot and the memory footprint of U-Boot has been increasing as device trees grow larger. However, U-Boot provides significant advantages: rich driver model, broad hardware and strong community support.

This raises an important question: how can U-Boot be made a more attractive alternative to custom RTOS bootloaders w.r.t boot time and memory footprint? The answer lies in "bootph" (boot phase) tags, which enable selective node tagging to solve the above-mentioned problems.

This session aims to cover the following:
1. Overview of U-Boot boot phases(SPL, VPL, TPL & U-Boot proper).
2. Deep dive into bootph tags: usage, meaning, and how they affect each boot phase.
3. Common pitfalls: accidentally removing SPL-required nodes, over-tagging shared peripherals, and overusing bootph-all tag.
4. A live case study demonstrating how U-Boot matched the boot time of a custom RTOS bootloader on the TI J7200 SoC.

Speakers

Beleswar Prasad Padhi

Senior Software Engineer at Texas Instruments, Texas Instruments

Gokul Praveen

Embedded Software Applications Engineer, Texas Instruments, India

I am a Software Applications Engineer with 2 years of experience at Texas Instruments(TI). My work mainly focuses on boot time optimizations, board bring ups with Linux, U-Boot, and handling platform-specific drivers, including those for eMMC, SD, UART, USB, and Timer peripherals... Read More →

Monday May 18, 2026 4:30pm - 5:10pm CDT
208A+B (Level Two)

Embedded Linux Conference

Audience Experience Level Any

4:30pm CDT

Complying With Regulatory SBoM Requirements Using the Yocto Project - Joshua Watt, Garmin

Monday May 18, 2026 4:30pm - 5:10pm CDT

208C+D (Level Two)

With regulatory deadlines regarding Software Bill of Materials (SBoMs) in place, and more on the horizon (such as the CRA), it is important to ensure that you can comply with the requirements that are stipulated. Fortunately, Yocto has a robust and comprehensive SBoM generation integrated into it, which can aid in ensuring compliance. In this talk, Joshua will provide information and tips about how to configure your Yocto builds for compliance with several of the different SBoM standards.

Speakers

Joshua Watt

Staff Software Engineer, Garmin

Joshua is a Staff Software Engineer for Garmin with 18 years experience producing consumer electronics. He has worked on the Yocto SPDX SBoM implementation, and is a member of the Yocto Project TSC as well as the OpenEmbedded TSC.

Monday May 18, 2026 4:30pm - 5:10pm CDT
208C+D (Level Two)

Embedded Linux Conference

Audience Experience Level Intermediate

4:30pm CDT

What Developers Should Know About Hardware Architecture - Dave Neary, Ampere Computing

Monday May 18, 2026 4:30pm - 5:10pm CDT

205C+D (Level Two)

The classic Java mantra, "write once, run anywhere," suggested that developers should be able to rely on the JVM to handle the intricacies of different hardware environments. For all modern high level languages, we expect compilers and language runtimes to “abstract away” the hardware for application developers. However, the hardware can still impact application performance. Developers and architects should know enough about the behavior of the underlying hardware to avoid pitfalls and take advantage of opportunities to maximize performance.

In this talk, you will learn about:

- How modern CPU pipelining and memory models can impact application performance
- How to think about data locality and memory access patterns when choosing algorithms for your applications
- Some Arm64 features you can leverage to improve performance

This session is ideal for software developers who want to understand how server architecture influences application performance, and how to make informed decisions about the underlying architecture when deploying applications to the cloud.

Speakers

Dave Neary

Director of Developer Relations, Ampere Computing

Dave Neary has been active in free and open source communities for more than 20 years. In that time, he has worked on projects relating to infrastructure management, cloud computing, and the telecommunications industry. He currently leads the Developer Relations team at Ampere Computing... Read More →

Monday May 18, 2026 4:30pm - 5:10pm CDT
205C+D (Level Two)

Linux

Audience Experience Level Intermediate

4:30pm CDT

Scaling LLM Inference With Tiered Caching: Extending LMCache With Amazon SageMaker HyperPod - Yihua Cheng, Tensormesh, Inc. & Ziwen Ning

Monday May 18, 2026 4:30pm - 5:10pm CDT

211A+B (Level Two)

LMCache supports tiered KV caching with CPU memory offloading, extending inference beyond GPU memory limits. But what happens when local CPU memory isn't enough? This session introduces the next tier: offloading KV cache to Amazon SageMaker HyperPod managed storage, expanding cache capacity for large-scale LLM inference.

We'll cover the technical design of the SageMaker HyperPod connector contribution to LMCache. Hot entries stay in GPU memory, warm entries spill to CPU memory, and cold entries persist to HyperPod's managed storage. This three-tier architecture lets organizations cache far more context than local resources allow, reducing redundant computation for repeated prompts and long-context scenarios.

The session demonstrates the integration in action, showing cache hit rates, latency across tiers, and how the connector handles transitions between local and remote storage. We'll discuss key engineering decisions, including async prefetching and failure handling.

Attendees will leave with practical knowledge of how managed cloud storage can extend open source caching frameworks for LLM inference infrastructure.

Speakers

Yihua Cheng

CTO, Tensormesh, Inc.

Yihua Cheng is co-founder and CTO of Tensormesh. He has a deep background in large language models, high-performance computing, and open-source development.
Yihua created LMCache and the vLLM production stack, open-source projects that have collectively earned over 9,000 GitHub... Read More →

Ziwen Ning

Open Source Contributor

Ziwen Ning is an open-source contributor to LMCache. He was previously a Senior Software Development Engineer at AWS, working on Amazon SageMaker HyperPod with a focus on building scalable ML infrastructure. Before that at Annapurna Labs, he enhanced the AI/ML experience through the... Read More →

Monday May 18, 2026 4:30pm - 5:10pm CDT
211A+B (Level Two)

Open AI & Data

Audience Experience Level Intermediate

4:30pm CDT

Sponsored Session: When Your AI Agent Has Keys to Production: Governance Patterns for Autonomous Development - Nicky Pike, Coder

Monday May 18, 2026 4:30pm - 5:10pm CDT

200I (Level Two)

Your AI agents can read your code, call external APIs, and hold credentials to production. Your security controls assume they're either a human or a deterministic app. They're neither.

I'll walk through the patterns enterprise teams are actually using to deploy coding agents without getting burned: workspace isolation, network egress controls, model gateways, and credentials that die when the workspace dies.
Real incidents. Real deployments. No hand-waving about what might work someday.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Speakers

Nicky Pike

Field CTO, Coder

Nicky Pike is the Americas Field CTO at Coder after spending 20+ years making developers' lives easier at some of tech's biggest names. From launching Xbox Live to rebuilding how CVS Health develops software, he's helped shape developer productivity and team experiences at Microsoft... Read More →

Monday May 18, 2026 4:30pm - 5:10pm CDT
200I (Level Two)

Open AI & Data

4:30pm CDT

Quantum Computing for AI Engineers: Foundations, Limits, and Future Possibilities - Alireza Rahmani, Red Hat

Monday May 18, 2026 4:30pm - 5:10pm CDT

200H (Level Two)

Quantum computing is often described as the next frontier of computation, but for most engineers, it remains abstract and disconnected from practical systems such as AI and distributed infrastructure.

This session introduces the fundamentals of quantum computing in clear, accessible terms. We will explain core concepts such as qubits, superposition, and entanglement without heavy mathematics, and compare them to classical computing models used in today’s AI workloads.

We will then explore realistic intersections between quantum computing and AI, including optimization problems, simulation, and potential long-term impacts on edge and cloud architectures. The session will also briefly review open source quantum development toolkits and how engineers can begin experimenting today.

Attendees will leave with a grounded understanding of what quantum computing can and cannot do, and how it may influence the future of AI systems.

Speakers

Alireza Rahmani

Senior Cloud Architect, Red Hat

Alireza Rahmani is a Red Hat Cloud Architect, academic professor, and Doctoral Engineer candidate at Penn State University specializing in AI/ML and cloud-native systems. A Golden Kubestronaut within the CNCF ecosystem, he bridges research and real-world deployment, focusing on security... Read More →

Monday May 18, 2026 4:30pm - 5:10pm CDT
200H (Level Two)

Open Source 101

Audience Experience Level Beginner

4:30pm CDT

Lazy Rivers and Open Source Security: Learn About the OpenSSF With Angelah and Stacey - Angelah Liu & Stacey Potter, Linux Foundation

Monday May 18, 2026 4:30pm - 5:10pm CDT

200A (Level Two)

Some people claim that open source and cybersecurity are two things that don't mix. Come join this informative session to learn how the truth is very much the opposite!

Established in 2020, the OpenSSF is the security subject matter experts for the Linux Foundation. While some might claim that security is a Dark Art, hop onto our lazy river as we show you about all the amazing initiatives our community has to offer open source developers and downstream OSS consumers! Don't forget your towel and some sunscreen, and be careful if you sit in the splash-zone... you MAY get wet! HONK!

Speakers

Angelah Liu

Associate Manager, Marketing and Communications, Linux Foundation

Angelah serves as the Associate Communications & Marketing Manager at the Linux Foundation, where she supports open source projects' cross-functional marketing initiatives for high-impact open source ecosystems. She drives the marketing efforts for multiple key LF projects, including... Read More →

Stacey Potter

Community Manager, OpenSSF

Stacey brings extensive experience in open source community building, marketing, and event coordination. With a background spanning projects like Minder, Flux and Flagger, OpenFeature, and Keptn, she has played a key role in fostering engagement and driving adoption across cloud-native... Read More →

Monday May 18, 2026 4:30pm - 5:10pm CDT
200A (Level Two)

OSS Enabling & Management, Operations Management & OSPOs

Audience Experience Level Beginner

4:30pm CDT

Image Composer Tool: Declarative Multi-Distro Linux Image Builds From Packages - Mats Agerstam & Alpesh Rodage, Intel Corporation

Monday May 18, 2026 4:30pm - 5:10pm CDT

200G (Level Two)

Building custom Linux images for edge deployments requires distribution-specific toolchains, manual dependency resolution, and bespoke scripting; resulting in fragile, hard-to-reproduce pipelines.

Image Composer Tool (ICT) is an open-source tool that composes bootable Linux images from pre-built packages using declarative YAML templates. It supports Azure Linux, Ubuntu, Wind River eLxr, and Edge Microvisor Toolkit through a single workflow, with dependency resolution across RPM and DEB ecosystems, GPG signature verification, and deterministic builds for CI/CD.

This session covers:

Package management abstraction across RPM and DEB via a unified interface

Reproducible, template-driven builds producing identical outputs from identical inputs

Supply chain security: GPG verification, TLS-secured fetches, minimal attack surface

Extensible provider architecture enabling contributors to add new distributions

Live demo: composing a bootable image from a YAML template in minutes

Attendees will learn how declarative image composition simplifies multi-distribution package management and produces reproducible, secure OS images

Speakers

Mats Agerstam

Senior Principal Engineer, Intel Corporation

Mats Agerstam is a Senior Principal Engineer at Intel, leading architecture for the Open Edge Platform, Edge Microvisor Toolkit, and OS Image Composer to simplify AI and edge‑native workload deployment. With deep experience in edge computing, device lifecycle management, and platform... Read More →

Alpesh Rodage

Cloud Software Architect, Intel Corporation

Alpesh Rodage is a Cloud Software Architect at Intel with 20+ years in platform engineering and distributed systems. He architects and leads development of the OS Image Composer, an open-source tool for declarative, multi-distribution Linux image builds. Previously, he designed multi-cluster... Read More →

Monday May 18, 2026 4:30pm - 5:10pm CDT
200G (Level Two)

Packages + Images + Containers

Audience Experience Level Intermediate

4:30pm CDT

Leveraging GPU-accelerated Stereo Visual Inertial Odometry in PX4 Using ROS2 - Andrew Brahim, Ascend Engineering

Monday May 18, 2026 4:30pm - 5:10pm CDT

200B (Level Two)

This quick tutorial walks through the camera calibration/configuration, uxrce dds service, Isaac ROS setup, and PX4 parameters required to fuse stereo VIO in EKF2. The platform is a quadcopter with an Ark Jetson computer.

Speakers

Andrew Brahim

Principle Engineer at Ascend Engineering, Ascend Engineering

With a background in Electrical Engineering, I became involved in the UAS industry as a hobby at first. There are always interesting and challenging problems to solve in this space, which inspires me to learn a little bit more about the technology in this space every day.

Monday May 18, 2026 4:30pm - 5:10pm CDT
200B (Level Two)

PX4 Dev Summit

Audience Experience Level Intermediate

4:30pm CDT

Fuzzing Zephyr Apps - Struggles of Dynamic Analysis on Embedded Applications - Jayashree Srinivasan, Analog Devices

Monday May 18, 2026 4:30pm - 5:10pm CDT

200D (Level Two)

Fuzzing, a type of dynamic analysis, is a testing method to find security flaws in software during execution. It involves providing randomized inputs to the application and observing for crashes.

Embedded applications present unique fuzzing challenges. Unlike general-purpose software, they run continuously in real-time without terminating, making it hard to use traditional fuzzing approaches. They receive inputs through specialized peripherals or direct memory/register accesses that require accurate modeling. Fuzzers must generate inputs satisfying highly constrained validation checks while maintaining application state, and crash detection is complicated by the lack of clear program termination.

Existing solutions use hardware, emulation, or rehosted systems with modeled peripherals, employing full source code level, binary-only or API-level fuzzing. Zephyr's current libFuzzer integration targets unit-level API fuzzing but misses system-wide bugs. We aim to integrate AFL++, a popular fuzzing engine, to create a generalized fuzzing strategy across Zephyr's supported platforms. Though still in development, we're exploring the optimal approach to achieve this integration.

Speakers

Jayashree Srinivasan

Senior Engineer, Research Science Engineering, Analog Devices

I am an Embedded Security enthusiast, currently working as a Senior Engineer in the Product Security team at Analog Devices. My work involves building security solutions for our products with Trusted Execution Environments and open source SW including Trusted Firmware-M, Zephyr and... Read More →

Monday May 18, 2026 4:30pm - 5:10pm CDT
200D (Level Two)

Zephyr

Audience Experience Level Any

4:35pm CDT

The Probabilistic Pipeline: From Green To Safe - Mihir Vora, Capital One

Monday May 18, 2026 4:35pm - 4:55pm CDT

200C (Level Two)

CI/CD has trained us to trust one signal: green means go. But modern systems don't fail in binary. A one-line UI tweak can trigger a 45-minute test marathon, while a risky change can go green and still take production down. The issue isn't "bad pipelines" - it's that pass/fail is no longer a reliable proxy for safe.

In this talk I introduce the Probabilistic Pipeline: shipping as risk management, not static gating. The pipeline produces a per-change risk/confidence score from signals you already have: diff blast radius, service criticality, incident hotspots, flaky tests, dependency/config deltas, and real-time system health (delivery events + telemetry). That score routes changes through adaptive lanes - Fast, Standard, Hardened - so low-risk work gets lightweight checks + automated canaries, while higher-risk work earns deeper validation, safer rollout, and tighter oversight.

You'll leave with a reference architecture, a concrete example and guardrails that keep trust: explainable scores, deterministic security/compliance hard floors, and a feedback loop that learns from outcomes. No ML background required - this is about practical delivery design.

Speakers

Mihir Vora

Senior Distinguished Engineer, Capital One

Monday May 18, 2026 4:35pm - 4:55pm CDT
200C (Level Two)

cdCon

Audience Experience Level Intermediate

5:00pm CDT

Lightning Talk: Why Don't AI Technologies and CI/CD Pipelines Get Along? - Ryo Sugahara, NTT DATA GROUP Corporation

Monday May 18, 2026 5:00pm - 5:10pm CDT

200C (Level Two)

AI technologies are fundamentally transforming the landscape of IT system development. While they are increasingly applied across a wide range of development tasks, their potential remains largely untapped within CI/CD pipelines.

I have personally experimented with applying AI technologies to CI/CD pipelines in an effort to build more effective and intelligent workflows. However, these attempts did not lead to the expected results. This experience raises an important question: why is the integration of AI technologies into CI/CD pipelines so challenging?

In this session, I will explore the practical and conceptual barriers encountered when applying AI technologies to CI/CD pipelines, and examine the underlying reasons behind their apparent lack of compatibility, drawing on firsthand experience. This exploration is still a work in progress. Rather than presenting a success story, this session aims to frame the problem clearly and honestly.

Also, by raising key questions and sharing lessons learned from failed attempts, this session seeks to encourage broader discussion and invite more practitioners to engage with this challenge and collaboratively explore possible paths forward.

Speakers

Ryo Sugahara

Evangelist, NTT DATA GROUP Corporation

I joined NTT Data in 2005. Currently, I'm dedicated to driving modernization through the integration of CI/CD and infrastructure automation, transforming traditional projects.

[cdCon2026] Why don't AI technologies and CICD pipelines get along pdf

Monday May 18, 2026 5:00pm - 5:10pm CDT
200C (Level Two)

cdCon

Audience Experience Level Any

5:15pm CDT

Lightning Talk: The Era of Agentic Continuous Delivery - Vibhav Bobade, Red Hat

Monday May 18, 2026 5:15pm - 5:25pm CDT

200C (Level Two)

How do we ensure that Agentic Delivery follows the same rigour as tools when only humans created software? With AI Agents, we are slowly being forced to look at software development and delivery that looks more like a statistical distribution than a carefully implemented solution. The software delivery lifecycle is now completely touched by AI, from writing code and testing to pushing to production and testing against production code.

In this talk, we will peel the layers of Continuous Delivery and see the new verticals in delivery AI is giving rise to and problems yet to be solved from a first principle basis, and with guidance on what questions we can ask to choose the right AI tools and keep up without exhausing outselves.

Speakers

Vibhav Bobade

Senior Software Engineer, Red Hat

I am an open-source developer who enjoys containers, audio, and running. I work at Red Hat as a Senior Software Engineer and help maintain Tekton Pipelines.

Monday May 18, 2026 5:15pm - 5:25pm CDT
200C (Level Two)

cdCon

Audience Experience Level Intermediate

5:25pm CDT

Monolithic To Cloud Native: Lessons From Migrating Heroku To EKS at Scale - Mateen Anjum, Phono Technologies Inc

Monday May 18, 2026 5:25pm - 6:05pm CDT

200F (Level Two)

When our platform served a SaaS company growing from
9M$ to $100M ARR, we faced a decision every scaling team encounters: stay on Heroku or migrate to Kubernetes. We chose migration. This talk shares the real lessons from moving 47 microservices to EKS while maintaining 99.9% uptime.

I will cover the migration patterns that worked, the ones that failed spectacularly, and the operational changes that made the difference between success and rollback. You will learn how we reduced API latency from 700ms to 70ms, why our first three migration attempts failed, and what "production ready" actually means when your customers include enterprise clients with strict SLAs.

This is not a vendor pitch or theoretical framework. It is a practitioner's account of what happens when you bet your platform on Kubernetes and have to deliver.

Attendees will leave with a realistic migration checklist, common failure patterns to avoid, and honest metrics on what to expect during and after migration.

Speakers

Mateen Anjum

Staff DevOps Engineer, Phono Technologies Inc

Mateen Ali Anjum is a Staff DevOps Engineer with 12 years of experience building infrastructure platforms. He has scaled systems, led platform migrations, and currently works in Canada. His work focuses on the intersection of reliability engineering and emerging AI tooling for infrastructure... Read More →

Monday May 18, 2026 5:25pm - 6:05pm CDT
200F (Level Two)

Cloud + Orchestration

Audience Experience Level Intermediate

5:25pm CDT

Panel Discussion: Securing the AI Supply Chain: Critical Infrastructure for Model Integrity and Trust - Christopher Robinson, OpenSSF; Jay White, Microsoft; Mihai Maruseac, OpenAI; Marcela Melara, Intel

Monday May 18, 2026 5:25pm - 6:05pm CDT

200E (Level Two)

As AI systems become deeply embedded in critical infrastructure and enterprise operations, ensuring the security, integrity, and provenance of machine learning models has become a fundamental challenge for the open source ecosystem.

This session will provide an overview of the OpenSSF AI/ML Security Working Group's focus on practical solutions that bring software supply chain security best practices to AI.

1. End-to-End Model Provenance: Detect unintended changes and ensure verifiable audit trails throughout the entire model lifecycle.

2. Model Signing: Provide verifiable claims about model integrity by establishing cryptographic signing patterns.

3. GPU-Based Model Integrity: Address the scalability of authenticating very large ML models by leveraging GPU acceleration in a vendor-agnostic API.

4. Frameworks for Securing AI Agent Communications: A comprehensive security framework to secure AI agent-tool orchestration against emerging threats.

5. Cyber Reasoning System (CRS): AI-for-Security systems to identify and submit patches for software vulnerabilities.

Panelists:
Marcela Melara, Intel
Mihai Maruseac, OpenAI
Jay White, Microsoft

Moderator:
Christopher Robinson, OpenSSF

Speakers

Christopher "CRob" Robinson

Chief Architect - OpenSSF, OpenSSF

Christopher Robinson (aka CRob) is the Chief Security Architect for the Open Source Security Foundation. With over 25 years of Enterprise-class engineering, architectural, operational and leadership experience, CRob has worked at several Fortune 500 companies with experience in the... Read More →

Jay White

Security Principal Program Manager, Microsoft Corporation

Jay has 20+ years of IT/information security experience dedicated to cyber risk, security, privacy, and compliance. He provides a combined tactical and strategic balance towards the implementation of security and compliance requirements that aligns to an organization’s broader business... Read More →

Mihai Maruseac

Member of Technical Staff, OpenAI

Building AGI with Privacy and Security as Member of Technical Staff at OpenAI.

Previously was a member of the Google Open Source Security Team (GOSST), working on Supply Chain Security for ML (released model-signing). Co-lead on a Secure AI Framework (SAIF) workstream from Google on AI supply chain. Chairing OpenSSF AI/ML working group and involved in CoSAI’s... Read More →

Marcela Melara

Research Scientist, Intel Corporation

Marcela Melara is a research scientist at Intel making distributed and cloud systems more trustworthy. Her current work focuses on developing solutions for high-integrity software and AI supply chains. She leads a number of internal, academic and open-source projects on supply chain... Read More →

Monday May 18, 2026 5:25pm - 6:05pm CDT
200E (Level Two)

Digital Trust

Audience Experience Level Intermediate

5:25pm CDT

Leveraging U-Boot Binman With Hardware Security Modules (HSM) for Secure Boot - Riya Aysola & Judith Mendez, Texas Instruments

Monday May 18, 2026 5:25pm - 6:05pm CDT

208A+B (Level Two)

Secure boot is becoming essential for more embedded Linux systems, yet secure firmware signing at scale remains challenging. Traditional approaches often rely on manual, locally managed scripts and cryptographic keys, leading to increased security risks from development to production environments. This presentation demonstrates a practical approach to secure boot image creation using U-Boot's Binman tool integrated with Hardware Security Modules (HSMs) for cryptographic signing. We examine how Binman assembles multi-stage boot images and delegates signing to HSMs, protecting private keys while enabling automated builds. We will also explore how Binman's signing workflow can be adapted to support various HSM deployment models. Attendees will understand how image signing with Binman establishes a secure boot chain of trust, why HSM-backed signing is critical for production systems, and how open-source tools can be combined with security best practices to create more robust and scalable firmware signing workflows. The goal is to help the broader open-source ecosystem adopt more standardized and secure practices for firmware image creation and signing suitable for production deployment

Speakers

Riya Aysola

Systems Engineer, Texas Instruments

Riya Aysola is a Systems Engineer in Texas Instruments' Embedded Processing group, focused on embedded security and cybersecurity. She holds a bachelor's degree in computer science from the University of Houston.

Judith Mendez

Embedded Linux Developer, Texas Instruments

Judith Mendez is an embedded Linux developer at Texas Instruments with nearly 4 years of experience on Sitara K3 SoCs and legacy AM335/AM437 platforms. She handles driver development and maintenance for IPs like MMC, PWM, M_CAN, and watchdog, helping deliver quality Linux SDKs and... Read More →

Monday May 18, 2026 5:25pm - 6:05pm CDT
208A+B (Level Two)

Embedded Linux Conference

Audience Experience Level Beginner

5:25pm CDT

Verification Toward Applying SLSA in Automotive IVI Software Development - Yuta Kiyoumi & Takashi Ninjouji, Honda Motor Co., Ltd.

Monday May 18, 2026 5:25pm - 6:05pm CDT

208C+D (Level Two)

In automotive software development—such as IVI (In-Vehicle Infotainment) software—many layers of the supply chain are involved, including automotive OEMs and Tier‑1 suppliers. Automotive OEMs, in particular, are required to manage a complex and multi‑layered software supply chain under strict safety and regulatory constraints.

To evaluate supply chain security efforts within software development, we have been conducting a feasibility study on applying SLSA, a supply chain security framework being developed by the OpenSSF.

In this session, we will share insights gained through our validation of SLSA adoption and discuss approaches to supply chain security in large-scale software development projects such as AAOS.

Speakers

Yuta KIYOUMI

staff, HONDA MOTOR CO.,LTD.

Yuta Kiyoumi is the Security Architect for IVI software development at Honda Motor Co., Ltd. He also serves as a member of the Honda OSPO promoting secure OSS adoption, and participates as a member of the OpenSSF.

Takashi Ninjouji

Chief Engineer, Honda Motor Co., Ltd.

Takashi Ninjouji is a Chief Engineer at Honda Motor Co., Ltd., with a focus on Software-Defined Vehicles (SDV). He is a manager of the Open Source Program Office (OSPO). His interests also include AI-assisted engineering automation.

Monday May 18, 2026 5:25pm - 6:05pm CDT
208C+D (Level Two)

Embedded Linux Conference

Audience Experience Level Beginner

5:25pm CDT

Demystifying VirtIO-GPU: Building a Graphics Virtualization Bridge From Scratch - Yung-Tse Cheng, National Taiwan Normal University & Sheng-Wen (Colin) Cheng, The University of Texas at Austin

Monday May 18, 2026 5:25pm - 6:05pm CDT

205C+D (Level Two)

Additional Authors/Contributors: Jim Huang, Assistant Professor, National Cheng Kung University

VirtIO is the standard interface for device virtualization, enabling guest systems to access host resources and powering platforms such as QEMU and ACRN, which provide virtualized block, network, input, and graphics devices.

This talk takes an implementation-focused approach to virtio-gpu. We add virtio-gpu and virtio-input support to a minimalist RISC-V Linux emulator, building a graphics virtualization bridge from the guest framebuffer to host GPU acceleration. We examine the architectural decisions and trade-offs required to make the system function end to end.

Although VirtIO simplifies abstraction, virtio-gpu remains one of its most complex devices. Enabling 3D acceleration goes beyond the specification and requires coordination with Mesa 3D and virglrenderer, as well as compatibility with OpenGL and Vulkan. We highlight practical gaps between specification and implementation, including memory management, command submission, and synchronization.

Attendees will gain:
* A clear mental model of virtio-gpu architecture, including 2D and 3D paths
* Practical insights into integrating Mesa 3D and virglrenderer

Reference implementation: https://github.com/sysprog21/semu

Speakers

Yung-Tse Cheng

Undergraduate student, National Taiwan Normal University

Yung-Tse Cheng is an undergraduate student at National Taiwan Normal University (NTNU), Taiwan, focusing on system software and embedded systems.

He has recently contributed to the open-source RISC-V emulator semu, primarily working on a 2D-focused virtio-gpu stack and virtio-inpu... Read More →

Sheng-Wen Cheng

Graduate Student, The University of Texas at Austin

Sheng-Wen (Colin) Cheng is currently a graduate student at The University of Texas at Austin with a background in system software, robotics, and embedded systems.

He holds a master’s degree in Robotics and has conducted research on quadrotor flight control systems using nonlin... Read More →

Monday May 18, 2026 5:25pm - 6:05pm CDT
205C+D (Level Two)

Linux

Audience Experience Level Intermediate

5:25pm CDT

Beyond Vector Search: Building Knowledge Graphs for Autonomous Infrastructure - Torsten Boettjer, Rescile

Monday May 18, 2026 5:25pm - 6:05pm CDT

211A+B (Level Two)

Modern platform engineering has a 'context' problem. As infrastructure scales across Kubernetes, hybrid clouds, and internal developer platforms (IDPs) like Backstage, traditional RAG systems struggle to answer multi-hop queries like 'Which services depend on this failing database?' or 'What is the blast radius of this IAM change?'
In this session, we explore how GraphRAG—a combination of Knowledge Graphs and LLMs—solves the reasoning gap that vector-only search leaves behind. We will demonstrate how to index infrastructure as a graph of entities and relationships, allowing AI agents to perform complex root-cause analysis and automate documentation. Attendees will leave with a blueprint for building an open-source GraphRAG pipeline to turn platform data into actionable intelligence."

Speakers

Torsten Boettjer

Co-Founder, Rescile

Co-Founder at Rescile, 20 years experience in platform engineering, former CCIO at Avaloq, CTO at Cisco, Head of Innovation at Swisscom, Product Management at Oracle Cloud Infrastructure

Monday May 18, 2026 5:25pm - 6:05pm CDT
211A+B (Level Two)

Open AI & Data

Audience Experience Level Intermediate

5:25pm CDT

Kubernetes Cluster Creation Landscape - The Easy and the Hard Ways - Wendy Ha, SEEK

Monday May 18, 2026 5:25pm - 6:05pm CDT

200H (Level Two)

As a Kubernetes user, have you ever wondered how clusters from different vendors and distributions remain consistent? Whether running in the cloud or on-premises, workloads behave the same way without modification, and applications can move between platforms without being rewritten. This consistency is made possible by the Certified Kubernetes Conformance Program run by CNCF, which ensures distributions meet upstream Kubernetes standards.

However, conformance validates runtime behavior, not how clusters are created. Cluster provisioning approaches varies widely across providers, leading to configuration drift, inconsistent upgrades, and operational complexity at scale.

To address these challenges, the Kubernetes Special Interest Group Cluster Lifecycle introduced Cluster API, bringing declarative APIs to cluster provisioning and lifecycle management.

In this beginner-friendly session, I will walk you through the full landscape for Kubernetes cluster creation, and share insights from a contributor’s perspective on why Cluster API exists, the problems it solves, and how community-driven effort helps make cluster creation more consistent and sustainable.

Speakers

Wendy Ha

Software Engineer, CNCF Ambassador, Independent

Wendy is a CNCF Ambassador and a proud advocator for Women in the Cloud Native community. She is also an open source contributor and has contributed to various aspects of Kubernetes, including SIG Release (serving on the Release Team since v1.31), SIG Cluster Lifecycle and SIG Etcd... Read More →

Monday May 18, 2026 5:25pm - 6:05pm CDT
200H (Level Two)

Open Source 101

Audience Experience Level Beginner

5:25pm CDT

From Compliance To Code: The Cyber Resilience Act, SBOMs, DevTeams and YOU! - Marcus Ross, Hamburg Port Authority AöR & Peter Dickten, dcs-fuerth Germany

Monday May 18, 2026 5:25pm - 6:05pm CDT

200A (Level Two)

The EU Cyber Resilience Act (CRA) is reshaping how manufacturers and developers must secure their products—but what does it mean for your Developer platforms, DevOps pipelines, and DevTeams? In this session, we’ll share a real-world implementation for SBOMs (Technical Guideline TR-03183 from the Federal Office of Information Security). We demonstrate how to technically address CRA mandates without drowning in compliance overhead.

You will leave with
- Understand the CRA’s impact on your Developers and Management even outside the EU (and why ignoring it isn’t an option).
- See a production-ready workflow for SBOMs, vulnerability management, and compliance automation with OpenSource-Tools (DependencyTrack, CentralCyclone, GitOps).
- Actionable insights on integrating CRA requirements with SBOM handling into your CI/CD pipelines.
- A clear "why this matters" for your org., and lessons from the trenches of securing critical infrastructure with Kubernetes.
- Get a checklist for team adoption - because compliance is a cultural challenge, not just a technical one.

Speakers

Peter Dickten

Peter Dickten, dcs-fuerth Germany

Marcus Ross

CCoE Lead / Kubestronaut, Hamburg Port Authority

The Hamburg Port Authority (HPA) has been operating future-oriented port management from a single source since 2005 and is active wherever efficiency, safety, and cost-effectiveness are required in the Port of Hamburg. Marcus works as a DevOps Plattform Engineer in a team responsible... Read More →

Monday May 18, 2026 5:25pm - 6:05pm CDT
200A (Level Two)

OSS Enabling & Management, Operations Management & OSPOs

Audience Experience Level Beginner

5:25pm CDT

Verified Debian Packaging at Scale - Frederick Lawler, Cloudflare

Monday May 18, 2026 5:25pm - 6:05pm CDT

200G (Level Two)

Cloudflare’s global network relies on Debian Linux machines across 330+ cities. To enhance production security we wanted to ensure that our servers can only run authorized software. For this we leverage Linux Kernel's IMA-Measurement to validate binary signatures before execution. Our system encompasses first-party software, Docker containers, and open-source Debian packages.

This talk illustrates how we successfully injected digital signatures into every Debian package installed on our fleet. This involved deep dives into the Linux Kernel, modifying dpkg, and building a mirroring system that could sign upstream repositories. Learn about our journey enhancing software integrity on a massive scale. This session is ideal for those interested in Linux security, package management, and Internet-scale system administration.

Speakers

Frederick Lawler

Systems Engineer, Cloudflare

Fred is a backend web developer turned kernel developer. He previously focused on the PCIe subsystem since 2018 as a hobbyist. Now he works for Cloudflare on the Linux team with a focus on securing systems and production reliability.

Monday May 18, 2026 5:25pm - 6:05pm CDT
200G (Level Two)

Packages + Images + Containers

Audience Experience Level Advanced

5:25pm CDT

QGC: What You Don't Know - Andrew Wilkins, Ascend Engineering

Monday May 18, 2026 5:25pm - 6:05pm CDT

200B (Level Two)

This talk dives in to what you don't know about QGC. Hidden features, how to make changes, why things are the way they are.

We will go over: Text overlay on videos, Advanced Vs. Standard Mode, new joystick integrations, new bluetooth connections support, AND MORE!!!

Learn the intricacies of QGC as you never have before while also discovering brand new features!

Speakers

Andrew Wilkins

CEO - Ascend Engineering, Ascend Engineering

Andrew Wilkins is the CEO of Ascend Engineering. He does extensive contracting work with various PX4/QGC-related projects and has a strong sense of what these projects need from Dronecode. Ascend Engineering currently employs two PX4/QGC maintainers, giving Andrew direct insight into... Read More →

Monday May 18, 2026 5:25pm - 6:05pm CDT
200B (Level Two)

PX4 Dev Summit

Audience Experience Level Intermediate

5:25pm CDT

BoF: Space Grade Linux: From Incubation to Foundation - Ramón Roche & Kate Stewart, The Linux Foundation

Monday May 18, 2026 5:25pm - 6:05pm CDT

200I (Level Two)

SGL is graduating from ELISA incubation and launching as its own foundation. This BoF is a working discussion on three things: the structure of the new Technical Advisory Council, the near-term roadmap emerging from our mailing list, and where attendees want to plug in. New faces and long-time contributors equally welcome. Bring questions, bring priorities, bring pushback.

Speakers

Kate Stewart

VP Dependable Embedded Systems, The Linux Foundation

Ramon Roche

General Manager, The Linux Foundation

Monday May 18, 2026 5:25pm - 6:05pm CDT
200I (Level Two)

Safety-critical Software

5:25pm CDT

From FreeRTOS To Zephyr: A Practical Migration Guide for Embedded Developers - Jacob Beningo, Beningo Embedded Group

Monday May 18, 2026 5:25pm - 6:05pm CDT

200D (Level Two)

FreeRTOS has long been the go-to RTOS for embedded developers. But as projects grow in complexity, demanding better modularity, richer middleware, and long-term maintainability, teams are turning to Zephyr. The migration, however, can feel daunting. Different APIs, build systems, configuration models, and abstractions create a steep learning curve.

This session delivers a practical, step-by-step guide for transitioning from FreeRTOS to Zephyr with confidence. We'll map the similarities and differences between the two RTOSes, demonstrate migration strategies for tasks, queues, and synchronization primitives, and show how to translate existing FreeRTOS designs into Zephyr's ecosystem — covering proven tips to avoid common pitfalls, validate your port, and leverage Zephyr's strengths from device trees to vendor-neutral drivers.

Key Takeaways:
- Core architectural differences between FreeRTOS and Zephyr
- Migrating primitives (tasks, queues, semaphores, timers) to Zephyr equivalents
- Adapting build systems, configuration, and drivers
- Best practices for validating and testing migrated code
- Leveraging Zephyr's ecosystem for scalability and long-term support

Speakers

Jacob Beningo

CEO, Beningo Embedded Group

Jacob Beningo helps embedded teams modernize software architecture, streamline development, and adopt best practices for high-quality, real-time systems. As founder of Beningo Embedded Group, he provides expert training and guided learning to improve code quality, accelerate development... Read More →

Monday May 18, 2026 5:25pm - 6:05pm CDT
200D (Level Two)

Zephyr

Audience Experience Level Any

5:30pm CDT

Lightning Talk: Simple Yet Scalable MLOps: Bridging the Gap Between Data Science and CI/CD - Sachin Garg, NavankurIT; Sameeksha Garg, Carnegie Mellon University

Monday May 18, 2026 5:30pm - 5:40pm CDT

200C (Level Two)

The transition of Machine Learning (ML) models from experimental notebooks to reliable production environments often reveals a significant disconnect between Data Scientists and Infrastructure/Operations teams. While traditional DevOps has mastered code delivery, the unique "state" of ML—comprising both code and massive datasets—requires a specialized evolution: MLOps. This session provides a practical roadmap for building a simple yet highly scalable CI/CD pipeline using a purely open-source stack.

We begin by addressing the critical challenge of Model Reproducibility. Standard version control systems like Git excel at managing algorithms but fail when handling the 500MB weights or multi-gigabyte training sets typical of modern ML. Our proposed architecture integrates DVC (Data Version Control) to version-control data alongside source code, ensuring that every deployment is fully traceable and repeatable.

Speakers

Sachin Garg

CTO, NavankurIT

Dr. Sachin Garg built India's early FOSS infrastructure: MNNIT's first internet server (1995) over 9.6 kbps VSAT, core BLUG member (1996-2002), IT.com '99 Linux Pavilion participant, and architect of Wipro's landmark FOSS.in 2006 sponsorship. At C-DAC, championed Linux for PARAM supercomputers... Read More →

Sameeksha Garg

Student, Carnegie Mellon University

Sameeksha Garg is a Computer Science student at Carnegie Mellon University (graduating May 2026), specializing in Machine Learning. With hands-on experience in open-source security at Visa, building ML monitoring systems using Grafana and Prometheus, and developing AI-driven pipelines... Read More →

Monday May 18, 2026 5:30pm - 5:40pm CDT
200C (Level Two)

cdCon

Audience Experience Level Intermediate

5:45pm CDT

Lightning Talk: Taming MCP Challenges at Scale: Move Fast and Build Right - Muktesh Mishra, Adobe

Monday May 18, 2026 5:45pm - 5:55pm CDT

200C (Level Two)

Tired of governance slowing you down while you’re racing to ship AI features? You’re not alone—every AI builder has felt that friction.

Enterprise AI builders struggle to move fast: governance feels like a roadblock, data access is inconsistent and risky, best practices and security controls are manually enforced (or ignored), and every team reinvents the wheel—leading to slow delivery, compliance gaps, quality issues, and mounting technical debt.

Join us for a hands-on session featuring code examples and demos to learn how we overcome these challenges at Adobe, enabling AI builders at scale without compromising quality and speed.

Through a series of code snippets and demos, we will show:
- Paved paths via reusable templates and reference architectures to accelerate onboarding and iterations.
- Automated governance gates covering evaluations, best practices, access controls, and security
- Interoperability and discoverability, via an automated well-formed AI registry
- Standardized data access patterns that ensure compliance, auditability, and efficiency

Join us for a fun session, and let's learn together.

Speakers

Muktesh Mishra

Lead Engineer, AI Foundations and Platforms, Adobe

Muktesh is Lead AI Builder at Adobe. Active contributor to 20+ open-source projects and enjoys solving problems at scale. Conference junkie who has spoken at MongoDB Local, JavaOne, API World, OSCON, DockerCon, Open Source Summit & more. Active in teaching and development across Apache... Read More →

Monday May 18, 2026 5:45pm - 5:55pm CDT
200C (Level Two)

cdCon

Audience Experience Level Intermediate

6:30pm CDT

Attendee Reception

Monday May 18, 2026 6:30pm - 9:30pm CDT

Mill City Museum

Join us at Mill City Museum for an evening of connection, conversation, and Minneapolis character. Enjoy locally inspired food and drinks throughout the space as you explore the museum’s historic ruins and interactive exhibits overlooking the Mississippi River.

Designed for meaningful networking in a relaxed setting, the Attendee Reception offers space to mingle, reconnect with peers, and spark new collaborations across the open source community.

Transportation will be provided, and guest passes are available for purchase by updating your registration. To ensure quick entry, we recommend leaving bags and backpacks at your hotel.

We’re thrilled to welcome guests of all ages to the Attendee Reception. If you’d like to enjoy alcoholic drinks, you must bring a government-issued photo ID for verification. We can’t wait to see you there!

Location: Mill City Museum, 704 S 2nd St, Minneapolis, MN 55401

Monday May 18, 2026 6:30pm - 9:30pm CDT
Mill City Museum 704 S 2nd St, Minneapolis, MN 55401

Special Events / Exhibits / Breaks

9:00pm CDT

Drone Show (Presented by Uvify)

Monday May 18, 2026 9:00pm - 9:15pm CDT

Mill City Museum

Presented By Uvify

Don’t miss the Attendee Reception’s grand finale! Keep your eyes on the Minneapolis skyline at 9:00 PM sharp. We’re celebrating 35 years of Linux with a high-tech drone performance that bridges the gap between the 1991 revolution and the future of open source. Trust us – you’ll want to party like it’s 1991.

Monday May 18, 2026 9:00pm - 9:15pm CDT
Mill City Museum 704 S 2nd St, Minneapolis, MN 55401

Special Events / Exhibits / Breaks