OpenSSF Community Day NA 2025 Agenda Live!

We’re excited to share that the agenda for OpenSSF Community Day North America 2025 is now live! Join us on June 26 in Denver, Colorado, for a day filled with collaboration, technical insights, and future-focused conversations on securing the open source ecosystem.

This year’s Community Day, co-located with Open Source Summit North America, features a robust mix of keynotes, lightning talks, and technical sessions across topics like supply chain security, AI/ML threats, SBOMs, and practical open source tooling. We’re also bringing back the popular OpenSSF Table Top Exercise (TTX), an interactive, scenario-driven panel session that highlights real-world collaboration in incident response and open source risk mitigation.

Mark your calendar and register now! 

Agenda Highlights

Welcome & Keynotes

• Welcome + Opening Remarks – Steve Fernandez, General Manager, OpenSSF, The Linux Foundation
• Security Work isn’t Special – Seth Larson, Python Software Foundation
• Keynote – Sarah Evans, Dell Technologies

Morning Sessions

• Bridging the Chasm: Filling the Security Knowledge Gap Between Academia and Industry – Michael Biocchi, Snyk
• Taming the Wild West of ML: Practical Model Signing With Sigstore on Kaggle – Mihai Maruseac, Google
• OSPS: All Your Base Are Belong To Us – Christopher Robinson, OpenSSF & Eddie Knight, Sonatype
• Who Are You Building For: Pipelines Have a Purpose – Andrew McNamara & Julen Landa Alustiza, Red Hat
• A Dashboard for Actionable OpenSSF Scorecard Insights – Tracy Ragan, DeployHub, Inc.
• Myths Developers Believe About Open Source Security – Jess Lowe & Tim Zhang, Google
  Trends and Insights from the Sigstore Ecosystem – Eve Martin-Jones & Hayden Blauzvern, Google
• Living Off the Pipeline: From Supply Chain 0-Days To Predicting the Next XZ-like Attacks – François Proulx, BoostSecurity.io
• Democratizing Cloud Native Security: How CNAMM Drives Evidence-Based Maturity – Abdel Sy Fane, DevSecFlow
• From Model To Trust: Building Upon Tamper-proof ML Metadata Records – Mihai Maruseac, Google & Eoin Wickens, HiddenLayer
• Predicting OSS Vulnerabilities Through Communication Analysis – Shlok Gilda, University of Florida
  Securing Public Sector Supply Chains Is a Team Sport – Daniel Moch, Lockheed Martin
• SWAG: Bringing Software Security Best Practices To the Web – Daniel Appelquist, Samsung
• Beyond the Bot: Building Secure and Resilient AI Agents With Open Source – Mihai Maruseac, Google & Sarah Evans, Dell Technologies

Afternoon Sessions

• Shadow Vulnerabilities in AI/ML Data Stacks – What You Don’t Know CAN Hurt You – Mic McCully, Oligo Security
• SLSA Dependency Track Update – Meder Kydyraliev, Google & Adrian Diglio, Microsoft
  Evangelizing Security in India: Fears, Tears, and a Billion Deaf Ears – Ram Iyengar, Linux Foundation
• The Open Source SDLC Control Plane: Building the Supply Chain Security Sandwich – Michael Lieberman, Kusari & Eman Abu Ishgair, Purdue
• Navigating Security in Generative AI Development – Katherine Druckman, Intel Corporation
• Simplifying SBOM Management: An Introduction To Bomctl – Allen Shearin & Ian Dunbar-Hall, Lockheed Martin
  Enhancing Supply Chain Security: Integrating Zarf and GUAC for Seamless SBOM Generation and Delivery – Brandt Keller, Defense Unicorns
• Harnessing In-toto Attestations for Security and Compliance With Next-gen Policies – Marcela Melara, Intel Labs & Trishank Kuppusamy, Datadog
• PQC & Crypto Agility: Hybrid Certificates, Different Formats, and Migration Strategies – Sven Rajala, Keyfactor
• Signing and Verifying Multi-architecture Containers With Sigstore – Natalie Somersall, Chainguard

Closing Session

• OpenSSF TTX Panel Session – Speakers To Be Announced
• Closing Remarks – Speaker To Be Announced
  

Sponsorship Opportunities

Want to join us in supporting OpenSSF Community Day and connect with a passionate, highly-engaged audience? Sponsorships are now open!

Email us at openssfevents@linuxfoundation.org to reserve your sponsorship, ask questions, or talk about different options. View the full Sponsorship Prospectus here.

Stay tuned for more updates and community engagement opportunities during Open Source Summit.

 👉 Register now to secure your spot for OpenSSF Community Day NA 2025 — we look forward to seeing you there!

Upcoming CFP’s and events: 

• OpenSSF Community Day Japan: Open through April 27, 23:59 JST 
• OpenSSF Community Day India: Open through May 26, 23:59 CEST
• OpenSSF Community Day EU: Open through May 4, 23:59 IST
• Open Source SecurityCon: CFP will open in mid-May