By Angelah Liu, OpenSSF
Executive Summary
The open source community recently gathered in Minneapolis for Open Source Summit North America and OpenSSF Community Day North America 2026. Functioning as a collaborative “Skyway,” the Open Source Security Foundation (OpenSSF) successfully brought together diverse working groups, security researchers, and enterprise maintainers to unify tooling, address artificial intelligence security transitions, and fortify the global software supply chain.
Minneapolis Skyway Interconnection Diagram. Source: Minneapolis 2040 / Skyways
If you have ever explored downtown Minneapolis, you have likely walked through its famous “Skyway” system. It is an interconnected, elevated network that links separate corporate towers, retail hubs, and public spaces into a single cohesive ecosystem. Instead of forcing people to navigate the freezing winter cold or busy street traffic in isolation, the “Skyway” provides a seamless, protected pathway that brings distinct communities together.
On May 21, 2026, the OpenSSF community gathered in Minneapolis for OpenSSF Community Day North America. Throughout the day, OpenSSF acted as the “Skyway” to the community, bridging separate security causes, Working Groups, and tools, connecting them all into a stronger, “weather-resistant” open source software supply chain. None of this would have been possible without our Gold sponsor, Honda, whose support allowed our global community to connect, collaborate, and share these critical innovations. From AI orchestration to practical developer blueprints, here is how the community used this elevated network to fortify our digital infrastructure.
How Are We Connecting the Hubs of AI and Security?
Just as a “Skyway” bridge links a tech hub to a community center, the morning keynotes focused on connecting rapid technological shifts with the human networks that sustain them. Stacey Potter announced the inaugural OpenSSF Ambassador Program to drive community initiatives. OpenSSF’s General Manager, Steven Fernandez discussed how the foundation leads the AI security transition, ensuring safety guardrails keep pace as software moves toward autonomous workflows.
At the same time, technology only works if the people using it are protected and supported. The Python Software Foundation’s Mike Fiedler took the crowd through the gripping anatomy of a phishing campaign, while Marcela Melara from the BEAR (Belonging, Empowerment, Allyship, and Representation) Working Group highlighted a year of mentorship and community building through the BEAR initiative, demonstrating that ecosystem health depends on developer support. Google’s Hayden Blauzvern wrapped up the morning sessions by challenging attendees to treat software transparency as a core architectural principle, designing connected systems that are inherently accountable from the ground up.
How Do We Unify Our Tools to Close the Visibility Gap?
When security tools are fragmented, integrating them can feel like navigating separate, disconnected streets.The midday sessions showed how OpenSSF acts as a single, smooth tunnel linking policy, compliance, and code visibility. Addressing the foundational layer, Will Sergeant, Kiran Chana, and Kavoi Mutisya showcased how automation and surveys can reveal what is actually happening inside open source repositories versus what maintainers assume is happening, effectively closing the visibility gap.
Moving further up the supply chain, ReversingLabs’ Kadi McKean treated the art of dependency selection like “museum curation”, offering a clear roadmap for smart, secure software procurement. The technical tracks then dove deep into architectural compliance frameworks. Adolfo García Veytia introduced AMPEL for ecosystem policy enforcement, and Red Hat’s Hannah Braswell and Jennifer Power demystified governance with Gemara, bridging the gap between compliance analysts and developers through a unified governance architecture.
What Happens When We Tighten the Bolts via Hands-On Tooling?
After lunch, the “Skyway” bridged into hands-on engineering, peppered with a bit of local competitive spirit. Red Hat’s Adam Kaplan tackled Maven lockfiles to ensure reproducible and secure builds, while Kenneth Yang and Adrian Smith demonstrated how to use ephemeral certificates with BYOPKI for keyless signing in Sigstore/Cosign. OpenSSF’s Christopher “CRob” Robinson injected a burst of collaborative energy into the day, breaking up the deep technical tracks with a spirited “GAME SHOW! GAME SHOW!” that spotlighted essential OpenSSF projects and tools while keeping the community thoroughly engaged.
This energy carried directly into technical presentations centered on identity and data control. Patrick Zielinski and Yongjae Chung navigated the complex landscape of Git commit signatures using Gittuf, showcasing how to secure developer identities at the root. Following them, Eman Abu Ishgair (Purdue University) and Marcela Melara introduced Petra, a clever approach to achieving confidential supply chain transparency via SBOMs without forcing organizations to overshare proprietary data.
How Do We Expand the Network to Automotive and Post-Quantum Frontiers?
A great “Skyway” system is never stagnant; it continuously expands and connects new city blocks with the “Skyway” network. The final stretch of the day proved that open source security is scaling into entirely new industrial sectors and future frontiers. Honda Motor Co.’s Yuta Kiyoumi and Takashi Ninjouji brought a massive real-world industrial perspective, demonstrating how to apply SLSA (Supply-chain Levels for Software Artifacts) guidelines directly into automotive In-Vehicle Infotainment (IVI) development, making consumer vehicles safer.
Looking toward public web platforms and future threats, Dan Appelquist investigated the current security habits of web developers to find out where the front-end ecosystem needs better alignment. Red Hat’s Kevin Conner then took the audience down a futuristic path with a look at three distinct approaches to Quantum Proofing Sigstore against tomorrow’s cryptographic threats. The day closed on a high-tech note focused on automated remediation, featuring Michael Lieberman from Kusari introducing Darnit for AI security orchestration, and Georgia Tech’s Andrew Chin delivering a keynote on OSS-CRS, an OpenSSF Sandbox Project, showcasing the next generation of bug-finding and self-healing repositories built specifically for the LLM era.
What Lies Ahead for the OpenSSF Community Network?
At OpenSSF Community Day North America 2026, participants emphasized that securing the open source ecosystem requires systemic collaboration rather than isolated efforts. Just like the Skyway, OpenSSF unites enterprise maintainers, developers, architects, open source leaders, and security researchers to secure repositories against security threats and simplify compliance tools.
Whether we are connecting maintainers with academic researchers, or linking automated policy tools with human mentorship programs, OpenSSF is the infrastructure that makes collaboration possible. By bridging these diverse security working groups and tools, the community secures the global software supply chain rather than simply patching isolated vulnerabilities.
Catch Up on Demand
The OpenSSF Community Day North America 2026 YouTube Playlist is available, and sessions are live. You can watch the full recordings of every presentation mentioned above to catch up on all the insights from the event. Be sure to subscribe to the YouTube channel to stay up to date with the latest open source security deep dives, community calls, and future event releases. Photos available here.
Thank you to everyone who stepped into this elevated network and helped tighten the bolts of our “Skyway”, the shared open source infrastructure. The journey continues at OpenSSF Community Day Europe. Submit your proposals and today.
About the Author
Angelah Liu is the Associate Communications & Marketing Manager at the Linux Foundation, driving marketing initiatives across multiple open source projects, including OpenSSF, the Confidential Computing Consortium, Overture Maps, and AOUSD. A creative at heart, she thrives on bridging the gap between technical communities and the wider world. As a dedicated advocate for “Open Source for Good,” she uses digital storytelling to ensure open source breakthroughs drive a lasting, positive influence far beyond the tech ecosystem.