By Eman Abu Ishgair
Earlier this summer, I had the privilege of attending the Open Source Summit North America 2025 in Denver — one of the largest gatherings of open source contributors, maintainers, researchers, and advocates. Even more exciting: I participated as a speaker, volunteer, and a new community member during the OpenSSF Community Day, the co-located event focused on software supply chain security and open source sustainability.
Travel Support from OpenSSF
I’m incredibly grateful to the OpenSSF for awarding me a travel fund that made this experience possible. As a PhD student and a researcher on securing software supply chains, the opportunity to attend, speak, and engage with the community in person was invaluable.
Presenting at OpenSSF Community Day
I had the opportunity to co-present a talk with Michael Lieberman from Kusari, about how policy-based orchestration across the software development lifecycle can help secure the open source supply chain. All sessions are available to watch on the OpenSSF Community Day NA 2025 YouTube Playlist, mine was titled “The Open Source SDLC Control Plane: Building the Supply Chain Security Sandwich.”
Volunteering with the OpenSSF Booth
In addition to speaking, I had the opportunity to volunteer at the OpenSSF booth during the main summit which gave me the chance to connect and share resources with developers, researchers, and newcomers curious about supply chain security. The booth had demos from different OpenSSF projects and community initiatives. It was energizing to help represent a community and to see how much interest there is in building secure by design open source infrastructure.
A Warm and Welcoming Community
One of the things that stood out to me the most was how friendly, supportive, and open the open source community was, especially for someone newer to in-person events. Whether it was during sessions, booth conversations, or hallway chats, I found people eager to share ideas, answer questions, and build connections. It didn’t matter if you were a long-time contributor or just starting out, the atmosphere was one of shared curiosity and mutual respect.
Reuniting with Collaborators and Learning from Others
In addition to presenting and volunteering, I had the chance to attend several interesting talks on SBOM, Signing, Securing AI pipelines, and reproducible builds, across both the OpenSSF Community Day and the main summit. The discussions went beyond the talks, the hallway conversations were just as impactful as the sessions, the community energy is real! I also finally got to meet several collaborators in person, people I’ve been working with virtually for months (or years!).
A Family-Friendly Summit
Another standout aspect of the summit was its family-friendly setup. The free on-site childcare made it possible for me to attend with my two kids.
My older daughter joined me visiting booths, trying out new technologies, and proudly collecting swags and stickers. Her excitement was contagious, and it reminded me how powerful it is to create spaces where learning and innovation are accessible across generations.
Exploring Colorado’s Natural Wonders
The summit was set in Denver, but I also had the chance to explore some of Colorado’s breathtaking landscapes during the trip: garden of the gods and rocky mountain national park.
Looking Ahead
Being part of OpenSSF Community Day and the broader Open Source Summit reaffirmed my passion for research and real-world impact in secure software supply chains. I’m excited to continue building and collaborating with this amazing community. I encourage anyone working on SDLC security, SBOMs, or open source governance to connect and get involved in the OpenSSF! Join OpenSSF slack to get involved in one of the OpenSSF working groups, you can start by attending the monthly meetings for the group you are interested in. If you have similar interests as me, I would suggest learning about Bomctl, and SLSA projects.
About The Author
I am Eman Abu Ishgair, a Graduate Research Assistant @ TSELab and PhD candidate in ECE at Purdue University, working on software supply chain transparency and integrity. You can find me on LinkedIn and OpenSSF slack .