Plus: Why Last Year’s SecurityCon NA Proved This Is the Event You Can’t Miss
Open Source SecurityCon Europe is approaching, which means we’ll be gathering again in Amsterdam this spring for one of the most focused, practitioner-driven events in open source security.
Save your spot, register now, and add your favorite sessions to your calendar from the agenda.
If you care about securing the software supply chain, protecting AI systems, improving developer practices, and advancing real-world security outcomes across open ecosystems, this is where you want to be.
Why Attend Open Source SecurityCon Europe?
Open Source SecurityCon Europe is where maintainers, engineers, researchers, policy leaders, and security practitioners come together to:
- Learn what’s actually working in real environments
- Share practical approaches to supply chain security, AI security, and DevSecOps
- Discuss emerging risks before they become incidents
- Connect with peers shaping the future of open source security
Whether you’re building tools, maintaining projects, leading security programs, or navigating policy and compliance, SecurityCon delivers concrete value you can take back to your work.
What to Expect at Open Source SecurityCon Europe 2026
Featuring Sessions from the OpenSSF Community
Open Source SecurityCon Europe’s agenda carries forward the momentum from SecurityCon North America, with multiple sessions led by speakers from OpenSSF member organizations and OpenSSF team, including:
- From Mild to Wild: How Hot Can Your SLSA Be?
Andrew McNamara (Red Hat) & Adolfo GarcĂa Veytia
Featuring Red Hat, a Premier OpenSSF member, this session explores real-world maturity of SLSA adoption and how organizations can meaningfully raise the bar on supply chain security. - Upstream Collaboration for the Win (of the CRA)!
Georg Kunz & Jan Melen (Ericsson Software Technology)
Ericsson, an OpenSSF Premier Member, shares lessons on upstream collaboration and how coordinated ecosystem engagement supports compliance efforts like the EU Cyber Resilience Act. - Quantum Proofing Sigstore: A Tale of Three Approaches
Kevin Conner & Firas Ghanmi (Red Hat)
A forward-looking exploration of securing signing and trust infrastructure in a post-quantum future, grounded in practical cryptographic and ecosystem considerations. - Secure Your MCP Servers With OAuth, JWT, SPIFFE and More
Yi Yang (IBM) & Lin Sun
With IBM — a founding OpenSSF Premier Member — this session focuses on practical identity, authentication, and trust patterns for securing modern distributed systems. - Simplifying Global Compliance for CNCF Projects With the OpenSSF OSPS Baseline
Madalin Neag (OpenSSF)
A direct OpenSSF perspective on how the OSPS Baseline supports projects navigating compliance pressures while strengthening project security in a practical, scalable way - Lightning Talk: A Supply Chain Security View of OpenSearch – Ram Iyengar, Linux Foundation
Ram Iyengar (Linux Foundation)
A practical look at how OpenSearch applies real-world supply chain security practices, from scanning and dependency management to attestations, to meet the needs of security-conscious enterprises.
These sessions reflect what the OpenSSF community consistently brings to Open Source SecurityCon: technical depth, practitioner experience, and a strong focus on real-world outcomes.
Highlights From SecurityCon North America
Last year’s Open Source SecurityCon North America agenda shows exactly the depth, relevance, and quality of discussion this community brings together. Sessions led by speakers from the OpenSSF community included:
- Panel: Turn Down That Noise — Why the OpenSSF Security Baseline Is Good for Maintainers
- Christopher Robinson (OpenSSF)
- Jennifer Power (Red Hat)
- Ben Cotton (Kusari)
- Stephen Augustus (Bloomberg)
- Evan Anderson
A practical discussion on sustainable security practices and how maintainers can realistically adopt stronger baselines.
- What Doesn’t Kill You Makes You Stronger: The Vulnerabilities That Redefined Kubernetes Security
Dor Serero & Michael Katchinskiy (Microsoft)
An exploration of vulnerability classes that have reshaped Kubernetes security practices in production environments. - OSPS Baseline: Improving Your Project Security the Easy Way
Ben Cotton (Kusari)
A hands-on look at how projects can adopt stronger security practices without overwhelming maintainers. - The Whole Is Greater Than the Sum of Its Parts: A Case for Interoperable Supply Chain Tooling
Hayden Blauzvern (Google) & Marcela Melara (Intel Labs)
A compelling argument for ecosystem-wide interoperability to improve supply chain security outcomes. - The State of Git Security with SLSA and gittuf
Patrick Zielinski (New York University) & Aditya Sirish A Yelgundhalli (Bloomberg)
Focused on trust, provenance, and integrity in the foundations of source control systems. - Who Let the Agents Out? Securing AI Workflows the Right Way
Mariusz Sabath & Maia Iyer (IBM Research)
A forward-looking discussion on emerging risks in agentic AI systems and how to design security into workflows from the start. - Lightning Talk: AIxCC Results and New Open Source AI Projects to Help Secure OSS
Jeff Diecks (OpenSSF)
Highlighting community-led efforts and new initiatives advancing open source security.
Together, these sessions reflect the kind of contributions OpenSSF brings to the open source community: practical experience, real-world constraints, technical depth, and a shared commitment to improving security across the ecosystem.
Join Us in Amsterdam
If you’ve ever wondered:
- “What’s actually working in real environments?”
- “How are security experts approaching these challenges?”
- “How do we move from best practices to sustainable practice?”
You’ll find the answers at Open Source SecurityCon Europe.
Registration is open and the agenda is live.
Whether you’re new to open source security or deeply experienced in the field, everyone is welcome and you’ll find a community ready to learn and share together! We look forward to seeing you in Amsterdam this spring.