A Case Study In Cross-Ecosystem Security Response

Companies use multiple open source projects and programming languages in their product stack creating a potential ‘wheel of misfortune’ when thinking about the rise in software supply chain attacks. Taking it one step further malicious actors are targeting programming languages to get to the core of how products are built. The rise in attacks at the programming language level seen as recently as September 2025 has amplified the need for cross communication between language ecosystems. Using the phishing attacks on Rust and Python as a case study we will show how Alpha-Omega facilitated stronger links between ecosystems, specifically the Rust Foundation and Python Software Foundation (grantees of Alpha-Omega) and how this helped improve security response times and outcomes when the phishing attacks were launched.

How Community Helped Me Survive A Challenging Job Search

I started my career in 2004 and I have been laid off three times. The shame around the first two experiences was replaced with the shocking reality that I was now one of the 260,000+ tech workers laid off in 2023. The stakes were higher this time, the competition was stiff, and I could have easily fallen into a pit of despair. Thankfully the community had my back and helped me stay focused and supported during the most unnerving time of my life. This talk will discuss my community involvement prior to being laid off, my seven month journey to find new employment, and how staying engaged and active in the community helped boost my confidence and opened several doors to find my current gig. I’ll discuss some tips, resources, and strategy I used along the way.

A Hitchhikers Guide to the CNCF Landscape

Get your hiking boots ready because we are about to traverse the wild, wonderful world of the CNCF Landscape. The magic number is 42 so we are going to dive into 10 stellar projects you may be missing out on. Then we’re going to speed round through the remaining 32! Why you ask? We currently have 190 projects, and finding information about them can be a challenge. “Just go to the website” doesn’t cut it.

Getting started can be difficult for new users and contributors. We will equip you with knowledge so you can make an informed decision when you’re choosing projects to include in your toolkit. In this talk you will learn how to navigate the CNCF Landscape to find information about our projects. You will learn how to search by category & maturity, and understand how organizations use these projects in production. The goal is for you to be confident in your ability to traverse the landscape so the next time you "go to the website" you will find what you need.

Open Source Evangelists Assemble

On August 10th, 2023, Hashicorp changed its license for Terraform to a non-open source license. The community was up in arms, a manifesto was written, and a little over a month later OpenTofu supported by the Linux Foundation was launched. On March 20, 2024, Redis announced it was adopting a new license terminating its status as an open source database. On March 28, 2024, the community again assembled behind the protective shield of The Linux Foundation and Valkey was formed. These are two examples of the power of the open source community to activate its ‘avengers’ to save countless corporations and open source development.

With open source seemingly under attack how do we protect ourselves from licensing changes? How do we as a community choose to stick with a product that’s changed its license or take a chance on an open source edition? This talk will discuss methods to help gain awareness, contributors, adoption and successfully build an open source project’s community from the perspective of seasoned community collaborators and tech evangelists.

Bridging the Gap Between Open Source Problems - Communities In Action

Community members from multiple projects, foundations and organizations like Oasis Open, CNCF, OpenSSF, Rust Foundation, and the Continuous Delivery Foundation find themselves working on the same problems, but they are all attacking the issues from different angles. The one thing that is constant is that the community wants to solve the problem but community members find themselves working in silos based on what foundation their respective companies belong to and we feel the community as a whole are missing out on the bigger picture. This talk will show how cross community collaboration can strengthen both communities and foundations by bridging the gap in knowledge, practice and standards the result may help create solutions that are well thought out from multiple vantage points that benefit developers across the board.

The 5 Ws and H of Open Source Community

The term 'community' is used throughout tech conversations, articles, websites, marketing collateral, etc. The list is endless but what exactly is an open source community? This panel will discuss the 5 Ws: who, what, where, why, when, and the H: how - of open source community. We'll dive into each question and give real world examples of our experience getting to the bottom of 'open source community.' We'll discuss the who, the people that dedicate their time to community, the what: technology and projects, when things go well, why things maybe don't go so well, and how to join and get involved!

5 community leaders will talk about the value of open source community by delving into the reasons why it exists and how it makes the technology ecosystem stronger.

Securing Your Software Supply Chain One Open Source Project at a Time

Delivering software fast is one piece of the CI/CD puzzle, but delivering it securely is the glue that keeps your puzzle from falling apart. Software supply chain attacks are on the rise with security exploits directly targeting open source projects, central repositories, and software package managers. The financial industry is not immune to these attacks and now more than ever they need to be working harder to prevent potential attacks. The question then becomes how do you protect your DevOps pipeline?

This is a problem that projects in foundations like the Continuous Delivery Foundation (CDF), OpenSSF, CNCF and OWASP are working to solve.. To help ensure a secure SDLC, these vendor neutral, developer focused communities are investing in projects that provide security solutions. This talk will highlight the importance of securing your software supply chain at the source and how technologists all around the globe are working to solve this problem.

I’ve Started an Open Source Project – Now What!?!

You created a brand new open source project and you know that your project is going to save thousands of developers from going through the same hardships you faced. But how to get the word out about this amazing tool you built and get more user adoption, contributors, maintainers…

This talk will discuss how you can get your project more visibility within the developer community by proposing it to become a part of a foundation. I'll cover the who, what, where, and why of taking your project to the next level and proposing it to a foundation.

What Do You Get If You Cross the CNCF, CDF & OpenSFF? Strenghtening Community through Collaboration

Community members from multiple projects, foundations and organizations find themselves working on the same problems and are attacking the issues from different angles. The cool thing is the community wants to solve the problem. The harsh reality is these groups often find themselves working in silos based on the working group, SIG or foundation they joined. This creates a whole new problem: how do we share findings, reference architectures, resources across the board? This talk will focus on CNCF, CDF and OpenSFF and will demonstrate how cross community collaboration can strengthen both communities and foundations by bridging the gap in knowledge, practice and standards. The result may help create solutions that are well thought out from multiple vantage points that benefit developers across the board whether they are focused on cloud native, continuous delivery or software supply chain security.

This talk covers three Linux Foundations: CNCF, CDF, and OpenSFF and discusses working in silos and the potential opportunities to increase knowledge base and creativity to solve pain points when communication is open and brain trust is shared.

Six Degrees of Kevin Bacon - Open Source Community Edition

The open source community can be siloed at times. People tend to ‘stay in their lane’ and don’t realize what they may be missing out on by not expanding their network. I know time is limited and it’s impossible to participate in every community so how do you become like Kevin Bacon? How do you set yourself up to be connected to people in various communities that you may be able to help or vice versa without being present at every meeting? I’m going to show you how you can channel your inner Kevin Bacon and learn how to expand your network like your funding counted on it!