Open Source Summit + Embedded Linux Conference North America 2026

Startups need to monetize fast with high quality code, and open source is a proven path to that objective. Integrators of open source solutions and COSS companies have an incredibly important and urgent role to play to bridge the gap between open source R&D and commercialization, especially in the context of trade uncertainty, digital independence and sovereignty movements, and economic headwinds.

Attendees will come away with empirical proof points that open source is an accelerator of value for COSS companies: at IPO, and M&A. And with a new survey in the field, they'll have the opportunity to influence outcomes for the benefit of startups and COSS companies everywhere!

Open Source Program Offices (OSPOs) are becoming essential for organizations of all sizes, yet many struggle with where to start and how to scale effectively. In this session, we will share a practical framework for building an OSPO based on real enterprise experience.

The talk begins with establishing an enterprise open source policy that aligns engineering, legal, and security stakeholders while enabling innovation. From there, it breaks down the two core OSPO pillars: contribution and compliance. Within compliance, the session dives deeper into managing distributed versus non-distributed software and explains why treating these use cases differently reduces friction and improves outcomes.

Attendees will gain a clear, adaptable model for designing an OSPO that works for large enterprises and can scale down for smaller organizations. The session focuses on real-world lessons learned, common pitfalls, and actionable guidance that teams can apply immediately.

This lightning talk walks through building a Wordle-style guessing game powered entirely by a local Wikipedia dump running on a Raspberry Pi. No cloud, no proprietary APIs, no internet required during gameplay.
We'll cover the practical technical journey: downloading and parsing Wikimedia dumps, extracting structured metadata into SQLite, building a lightweight Node.js server on ARM Linux, and running the game full-screen via Chromium in kiosk mode on a Pi connected to an HDMI display.
The result is a fully self-contained open knowledge game console. Live demo on actual hardware included.
Key takeaways: working with Wikimedia open data dumps, SQLite on constrained ARM hardware, Node.js performance on edge Linux, and Chromium kiosk mode as a game display layer.

Embedded software complexity has doubled every four years for decades. The way most teams build and deploy it is still stuck in the 2010s. Version control exists, but it's still not unusual for code to be shipped from a sharpie-labeled SD card or prod code to live on one machine. Deployment still means walking over to a test bench and hoping nobody else is using it. "It works on my machine" is often an entire strategy.

This talk brings modern DevOps to embedded systems. We'll cover version control workflows that actually work for firmware, build environments that don't depend on that one engineer's laptop, CI/CD pipelines that integrate with real hardware, and deployment strategies that reduce the risk of bricking devices in the field. We'll also touch on what to steal from web DevOps and what doesn't translate when your deployment target isn't a cloud server.

We'll demo the whole flow: commit, build, deploy to hardware. You'll leave with practical patterns you can bring back to your own embedded projects. Some embedded experience is useful, but if you've ever been frustrated by how your team ships firmware, you'll get something out of this.

Open source projects often struggle not with code, but with scale: issue triage, pull request validation, release automation, and community operations all consume maintainer time. Serverless, when built on open standards, offers a powerful way to automate these workflows without adding operational overhead.
This talk explores how open source maintainers can use event‑driven, serverless patterns to automate project workflows such as issue labeling, CI triggers, release orchestration, and contributor notifications. Using open technologies like CloudEvents, CDEvents, OpenTelemetry, and container‑based functions on Kubernetes, we show how to build portable, vendor‑neutral serverless automation that works across environments.
Attendees will learn practical design patterns, common pitfalls, and real‑world examples of using serverless automation to improve project reliability, contributor experience, and maintainer sustainability without locking into any single platform.

What do a raccoon, a goat, and a goose have in common? They all take part in a tracing adventure where we’ll use OpenTelemetry and the Grafana observability stack to easily showcase a cloud-native observability scenario.

In this session, you’ll learn what distributed tracing is, why it’s incredibly helpful for understanding how requests flow through multi-service systems, and how it can reveal issues like latency and unexpected errors — alongside metrics, logs, traces, and profiles for a complete observability picture.

We’ll walk through a multi-service application that uses AI to generate animal facts and images, tracing each request from API call to fact and image generation to database storage. Along the way, you’ll learn how to use OpenTelemetry to instrument Python and Java applications and visualize the full request journey using easy to understand, open-source dashboards for metrics, logs, traces, and profiles.

If a goat can survive cloud-native observability, so can you.

From the moment you press the power button to the instant the login prompt appears, a complex sequence of events happens behind the scenes to get your Linux system up and running. This talk aims to demystify the Linux boot process through a deep dive into each stage.
Starting from the role of system firmware, we compare legacy BIOS with modern UEFI and see why there has been a shift to UEFI. From there, we move on to the bootloader stage, discussing its function in loading the kernel and passing control over to it. Using GRUB as an example, we show how to view and customize bootloader configurations. Next, we explore the kernel initialization stage, including the role of initrd/initramfs, how the real root filesystem is mounted, and how the kernel initializes essential system components and launches the first userspace process. From there, control transitions to the init system. We examine SysVinit and its more modern alternative, systemd, and their roles in bringing the rest of the system online.
Finally, we cover practical debugging techniques, such as viewing boot logs, analyzing boot performance, optimizing boot up time, and improving security with features like Secure Boot.

Open source projects everywhere are asking the same question: where will the next generation of reliable contributors or maintainers come from? The answer is already here, students, but most projects lack a repeatable, maintainer-friendly system to convert student interest into sustained, high-quality contributions.

This session presents a field-tested, scalable framework for turning students from first-time contributors into long-term community members and technical collaborators. Drawing from real program experience working with student contributor pipelines, we will break down how maintainers and organisations can design contribution pathways that reduce review burden, improve contribution quality, and increase retention, without diluting project standards.

We will cover practical ideas for structuring beginner-to-advanced issue ladders and contributor experience design that keeps students engaged beyond their first pull request. The talk will also address common maintainer concerns around signal-to-noise ratio and review bandwidth when working with early-career contributors.

Microservices promised speed and independence, but for many SREs and developers, they delivered network complexity. Suddenly, we're all part-time network engineers. We have to code retry logic, timeouts, and circuit breakers into every service. We struggle to get uniform "golden signal" metrics. And how do we enforce that all 50 of our polyglot services are communicating securely over mTLS?

This is the "microservice tax," and it's holding us back.

Enter the service mesh. You've heard the buzzwords, Istio, Linkerd, but what is a mesh, and what problems does it actually solve? Is it just hype, or is it the key to taming a complex distributed system?

We'll cover the three pillars of a mesh:

Reliability: Automatic retries, timeouts, and circuit breakers.

Observability: Uniform metrics, logging, and tracing for every call.

Security: Automatic mTLS (encryption) and fine-grained authorization policies.

In the world of Open Source there are plenty of talks, resources, and guides about where to begin, and how to grow your project. But what happens at the end? How do you know when It Is Time? And how do you say goodbye with compassion and dignity?

In this talk, members of the CHAOSS.community and the Open Source Program Office at the Digital Service at CMS.gov will be sharing their latest practitioner’s guide on archival. This talk will be highlighting use cases from the private and public sector, and demonstrating how to use repository metrics, maturity models, and archival checklists for succession planning, stewardship, and sunsetting of Open Source projects.

Projects are not valuable solely based upon the utility of their results or outputs, they reflect the record of our progress. Archives provide transparency, accountability, and attribution. Archives build trust, reduce duplicate work, and reduce risk. The work saved in our archived repositories allows historians and practitioners to more accurately and completely understand the story of open source.

In this session, I will discuss the importance of verifying safety-critical software by giving real-world examples of peoples' lives who were saved or put at risk by software. I will share the compliance challenges faced by software engineers working on safety-critical software. I will give a brief overview of software assurance requirements for safety-critical systems and show how formal methods and automated reasoning are accelerating and improving the assurance process. I will give a brief introduction to automated reasoning tools and semantics, and I will share success stories from a handful of open-source projects who are using these methods to reach assurance goals faster. I will finish by walking the audience through the design of a simple demonstration project that utilizes these technologies.