What Not to Miss at Open Source Summit & OpenSSF Community Day Europe

The countdown is on! From August 25 to 28, 2025, the open source security community will gather in Amsterdam for Open Source Summit Europe and OpenSSF Community Day Europe. These two major gatherings will focus on the future of software supply chain security, regulatory readiness, and collaborative innovation.

Whether you’re a developer, policymaker, security engineer, or project maintainer, these events will help you understand where open source security is headed –and how you can be part of it.

OpenSSF at Open Source Summit Europe (August 25–27)

Throughout the Summit, the OpenSSF community will lead conversations on software security through technical sessions, booth demos, office hours, and AMAs. This is your opportunity to engage directly with working group leaders, project maintainers, and contributors about evolving security practices and the tools available to support them.

Booth Activities and Demo Schedule

Visit us at the OpenSSF booth (B33 located in the upper left quadrant of the expo hall near the green P2 booth) Stop by the Solutions Showcase to meet project leads, see live demos, and ask questions during scheduled office hours

August 25 (Monday)

• 10:30–12:30: Ask Me Anything: OSPS Baseline Office Hours | Eddie Knight (Sonatype)
  12:30–14:30: Demo: Securing Software Repositories Working Group + RSTUF Project | Kairo de Araujo (Eclipse Foundation)
  14:30–16:30: Mentorship and CRA Alignment | Kairo de Araujo (Eclipse Foundation), Harald Fischer (Balena)
  16:30–17:35: Model Signing and ML Integrations | Mihai Maruseac (Google)

August 26 (Tuesday)

• 10:30–12:30: All Things CRA: What Contributors & Maintainers Need to Know | Götz Martinek; Roman Zhukov (Red Hat) and Mapping CRA to OSPS Baseline | Ben Cotton (Kusari)
• 16:30–18:30: Ask Me Anything: Developer Relations | Katherine Druckman

August 27 (Wednesday)

• 10:30–12:30: OSPS Baseline Office Hours | Ben Cotton (Kusari), Eddie Knight (Sonatype)
• 12:30–14:30: Ask Me Anything: Developer Relations & AI/ML Working Group | Katherine Druckman, Mihai Maruseac (Google)

Session Highlights

These talks reflect OpenSSF’s broader themes:regulatory readiness,secure build pipelines, SBOM accuracy, and real-world incident response.

• “Zephyr: Evolving to CRA Readiness” | Kate Stewart (Linux Foundation)
• “Chain Reaction: Remixing CNCF’s Supply Chain Security Guide for 2025” | John Kjell (ControlPlane)
• “Panel Discussion: Prepare for the CRA: Open Source Governance in the Age of Cyber Resilience” | Andrew Martin (ControlPlane), Eddie Knight (Sonatype), Amanda Brock (OpenUK), Michael Lieberman (Kusari)
• “Sometimes Sequels Are Good: CISA’s Update to the 2021 NTIA SBOM Minimum Elements” | Victoria Ontiveros (CISA)
• “Linux Foundation Initiatives Supporting the Implementation of the EU Cyber Resilience Act” | Mirko Boehm, Hilary Carter (Linux Foundation), Christopher “CRob” Robinson (OpenSSF)
• “Your SBOM Is Lying to You – Let’s Make It Honest” | Yuchen Zhang & Justin Cappos (New York University)

OpenSSF Community Day Europe (August 28)

Co-located with OSS EU, OpenSSF Community Day Europe is a full-day event dedicated to collaboration, knowledge-sharing, and technical deep dives into open source security. The agenda spans five major themes: regulatory readiness, real-world incident response, community-driven collaboration, secure tooling and automation, and future policy/governance.

The day kicks off in Elicium 1, with keynote sessions from OpenSSF and community leaders, setting the tone for collaboration and action:

• “Welcome and Opening Remarks” | Adrianne Marcum (Chief of Staff, OpenSSF) 
• Keynote: Bridging Policy and Communities – OpenSSF Involvement in EU Cyber Policy | Madalin Neag (EU Policy Advisor, Linux Foundation)
• Scaling FOSS security across governments and industry | Florian von Samson (BSI) 
• Improving security data with the new ORBIT Working Group | Ben Cotton (Kusari) & Eddie Knight (Sonatype) 
• How DevRel transforms security tool adoption | Katherine Druckman  

From there, the agenda dives into more than two dozen technical sessions and case studies that showcase the depth and breadth of the OpenSSF community’s work. Sessions will take place in Room D203(Level 2) and in Elicium 1 (Level 1, directly below).

 Highlights include:

• Adolfo García Veytia “Puerco” on becoming a “good CRA citizen” by applying the OpenSSF Project Security Baseline.
• The unification of GUAC + Trustify into a shared supply chain knowledge graph, presented by Ben Cotton (Kusari) and Dejan Bosanac (Red Hat).
• OpenSSF Bug Squashing Allies by Georg Kunz and Jan Melen (Ericsson)
• Path to SLSA 4: How Tekton Secures the Software Supply Chain by Vibhav Bobade & Vincent Demeester (Red Hat)
• The results of DARPA’s AIxCC challenge and the open source projects it sparked by Jeff Diecks (Linux Foundation) 
• Tamper-proof ML metadata records through the Model Signing initiative by Mihai Maruseac (Google)
• Eve Martin-Jones (Google) with data-driven insights from the Sigstore ecosystem.
• Arthur Savage (Red Hat) on preparing for quantum-safe cryptography in open source.

Don’t Miss: The OpenSSF Tabletop Exercise (TTX) Building What’s Next

One of the day’s most unique features is the interactive Tabletop Exercise (TTX), moderated by Christopher “CRob” Robinson (OpenSSF). Panelists from Samsung, OSTIF, Null Point Studio, Eclipse, and Red Hat will roleplay a live open source incident scenario bywalking through detection, decision-making, and coordination under pressure. The exercise concludes with a collaborative postmortem, offering a practical template for running TTX sessions in your own organization.

Building What’s Next

The program wraps up with closing remarks from Steve Fernandez (General Manager, OpenSSF), followed by a community reception sponsored by Red Hat.

With more than two dozen sessions, expert-led keynotes, and an afternoon of technical breakouts, OpenSSF Community Day Europe is the place to connect directly with the people, tools, and policies shaping the future of secure open source. Whether you’re focused on software development, supply chain integrity, or regulatory alignment, you’ll find valuable insights and connections here. View the full agenda and mark your calendar!

Join Us Next Week!

Open Source Summit Europe and OpenSSF Community Day Europe are more than conferences – they’re where ideas turn into action and your chance to connect with the people, tools, and ideas driving the future of open source and security. By bringing together developers, maintainers, policymakers, and security practitioners, these gatherings accelerate and celebrate collaboration on the tools, standards, and practices we need to build a more resilient digital ecosystem.

Join us at Open Source Summit and OpenSSF Community Day Europe!