By Brandt Keller & Constanze Roedig
This blog was originally published on cncf.io and was modified for OpenSSF
Open Source SecurityCon (evolved from Cloud Native SecurityCon) returns for its second event, co-located with KubeCon + CloudNativeCon Europe 2026. The conference advances innovation and collaboration across open source software security and cloud native security. It brings together creators, maintainers, operators, and consumers who are actively involved in securing the software ecosystem.
As open source software continues to power modern infrastructure, the need to strengthen security practices across projects and production environments is critical. Co-hosted by CNCF and OpenSSF, Open Source SecurityCon provides a focused space in which the community can share insights, examine emerging challenges, and collectively improve the security posture of the cloud native ecosystem.
Who will benefit most from attending this event?
Open Source SecurityCon offers valuable insights for anyone involved in building, maintaining, or securing projects, platforms, or services. This includes open source maintainers, platform engineers, security practitioners, and operators running workloads in production.
Security is a shared responsibility across the entire software lifecycle, from development to production deployments. Attendees will benefit from exploring ecosystem-wide challenges, identifying vulnerabilities within their own environments, and learning practical strategies for mitigation.
What is new and different this year?
This year’s program focuses on the latest advancements in security across policy, processes, and technology. The agenda spans topics from the implications of Artificial Intelligence (AI) to foundational improvements in software supply chain security.
Attendees will gain insight into securing development, strengthening existing systems, and addressing complex security challenges that the community supports. The program reflects the evolving cloud native security landscape and the growing importance of implementing secure practices at scale.
What will the day look like?
Open Source SecurityCon is a single-stage event that encourages shared learning and broad participation. The day will feature a diverse lineup of deeply technical talks spanning topics from regulatory compliance to quantum cryptography, along with a high-profile panel and a series of lightning talks.
Sessions will explore advancements across security domains and offer perspectives that connect policy, engineering practices, and emerging technologies.
Should I do any homework first?
We encourage attendees to approach security from a variety of perspectives. Reviewing the schedule ahead of time can help you identify topics of interest and see how they intersect.
Security is often just one dimension of a broader technical focus. Thinking about how it intersects with your areas of interest will help you get the most out of the day.
Find your community!
Developing secure software at scale presents ongoing challenges, especially when feature development moves faster than security prioritization. Open Source SecurityCon brings the community together to highlight essential issues, share lessons learned, and foster collaboration across projects and organizations.
By creating space for open discussion and collective problem-solving, the event helps strengthen the cloud native community and support the next wave of security leaders.
Don’t forget to register for All-Access In-Person KubeCon + CloudNativeCon pass that will to have access to Open Source SecurityCon
Author Bio
Brandt Keller is a Staff Software Engineer with a passion for Open Source. He serves as a Maintainer and Technical Lead for the CNCF Security & Compliance Technical Advisory Group, a Cloud Native Ambassador, and a project maintainer within the OpenSSF for the Zarf Project. He has lead and contributed to multiple foundation working groups, to include publishing artifacts to enhance end-user security.
Constanze Roedig is a Researcher, Founder and CNCF Ambassador. She works on sovereign security for defense with a focus on runtime security. Her passion are eBPF-based algorithms to make security less resource intense and more achievable for alert-fatigued humans. She founded the “Security-Native Europe” Community Group bridging cloudnative and I/oT security for critical infrastructure.