Open Source Summit Europe 2025: Full Schedule

25-27, August 2025
Amsterdam, Netherlands
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time, CEST (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

arrow_back View All Dates

09:55 CEST

Snag It, Flash It, Ship It: Rethinking Factory Flashing With Open Tools - Romain Gantois, Bootlin & Paresh Bhagat, Texas Instruments

Monday August 25, 2025 09:55 - 10:35 CEST

D201

Factory flashing is a critical stage in the lifecycle of any embedded product. It can quickly become a bottleneck in the supply chain, and its correct execution is essential to ensure that shipped devices are both fully functional and secure. Today’s available tools are often closed-source and tightly coupled to specific vendors, limiting flexibility and making customization difficult.

In 2023, Bootlin introduced Snagboot—an open-source, vendor-agnostic tool designed for recovering and reflashing embedded platforms. Building on this foundation, Bootlin and Texas Instruments collaborated in 2024 to expand Snagboot into a comprehensive factory flashing solution, maintaining its open-source and vendor-neutral nature.

In this talk, we’ll present Snagboot as a recovery and reflashing solution, highlighting its core tools, snagrecover and snagflash. We’ll then dive into the unique challenges of factory flashing and explain how our extended toolset—Snagfactory—addresses them effectively.

Speakers

Romain Gantois

Embedded Linux and kernel engineer and trainer, Bootlin

Romain's journey at Bootlin started with his end of studies internship, during which he developed Snagboot, an open-source and vendor-agnostic embedded platform recovery and reflashing tool. He is currently still maintaining Snagboot, which has attracted several contributions since... Read More →

Paresh Bhagat

Embedded Software Engineer, Texas Instruments

I am an Embedded Software Engineer at Texas Instruments with nearly 3 years of experience in developing and integrating solutions for embedded Linux systems. My work spans across multiple areas including Hypervisor like Jailhouse, custom Linux build systems using Buildroot and Yocto... Read More →

Monday August 25, 2025 09:55 - 10:35 CEST
D201

Embedded Linux Conference

Audience Experience Level Any

09:55 CEST

TPM Is No Silver Bullet: Pitfalls in Embedded Device Security - David Gstir, sigma star gmbh

Monday August 25, 2025 09:55 - 10:35 CEST

Elicium 1

With the growing adoption of TPMs (Trusted Platform Modules) in the Linux ecosystem, thanks to features like TPM-backed disk encryption in systemd and the longstanding use in Windows BitLocker, TPM chips are seeing a resurgence as a go-to for secure secret storage. This trend is increasingly making its way into embedded devices. Often as a measure to fulfill NIS2, EU Cyber Resilience Act or similar requirements.

However, embedded systems present a vastly different threat model compared to desktops or servers, and TPMs often don’t deliver the level of security many developers assume. In this talk, David will demystify TPM functionality in embedded Linux environments. He will give a concise overview of security threats for embedded devices and where a TPM can and or where it cannot. Special focus will be put on using TPMs for disk encryption and integrity.

The session will wrap up with a discussion of alternative approaches, other usage scenarios for TPMs, and how to make informed decisions when designing secure embedded systems.

Speakers

David Gstir

Senior Security Expert, sigma star gmbh

David Gstir is a security engineer with 15+ years of hands-on experience. He has been actively involved in security-related projects, successfully identifying vulnerabilities in various consumer and enterprise software.

Monday August 25, 2025 09:55 - 10:35 CEST
Elicium 1

Embedded Linux Conference

Audience Experience Level Any

11:20 CEST

Dig Smart: Building a Reliable Cloud Native DNS for Modern Networks - Joel Studler & Fabian Schulz, Swisscom

Monday August 25, 2025 11:20 - 12:00 CEST

Emerald Room

Join us for a tech talk where we'll demonstrate how we operate and automate a highly available, geo-redundant DNS service for Swisscom's 5G mobile network using a cloud-native tech stack. We'll provide an in-depth look into our multi-cluster architecture that leverages ExternalDNS, PowerDNS, and CoreDNS. Additionally, we'll showcase how the system behaves when a cluster breaks down, and how we monitor and troubleshoot this multi-cluster setup at scale.

This talk will be particularly interesting for those with demanding DNS requirements—such as applications which require rare DNS resource records like NAPTR—as well as engineers and architects tasked with building a DNS service using cloud-native tools who, due to compliance, governance, or availability concerns, cannot use publicly available DNS-as-a-service offerings.

Speakers

Fabian Schulz

Senior DevOps Engineer, Swisscom

Fabian Schulz is a cloud architect and Kubernetes specialist known for his expertise in building resilient cloud-native solutions. Currently at Swisscom, he focuses on designing next generation 5G core services using open-source technologies. With a passion for innovation, Fabian... Read More →

Joel Studler

DevOps Engineer and System Architect, Swisscom

Joel is a DevOps Engineer currently in a team that builds the cloud native 5G core at Swisscom. He is experienced in infrastructure automation, software defined networking and highly available databases and passionate about automation. He is CK* certified and has written several CRD/Operator... Read More →

Monday August 25, 2025 11:20 - 12:00 CEST
Emerald Room

Cloud & Containers

Audience Experience Level Any

11:20 CEST

Decentralized Technologies and Public Infrastructure - Sean Bohan, LF Decentralized Trust

Monday August 25, 2025 11:20 - 12:00 CEST

TBA

In a digital-first world, how are governments adapting the public infrastructure underpinning services for public administrations, businesses, organizations, and citizens? What risks and challenges do they face as they digitize these services? Sean Bohan of LF Decentralized Trust will sit down for a Q+A with the incoming director of Europeum EDIC about delivering EU-wide cross-border services via the European Blockchain Services Infrastructure (EBSI) network. This session will dive into the roll-out of EBSI as a secure, trustworthy digital verification infrastructure for Europe. It will cover how EBSI and other public infrastructure projects serve as a model for verifying identities, credentials, and data integrity with reduced inefficiencies and fraud.

Topics will include:
-Services EBSI supports—verifiable educational, medical, and travel credentials; patent protections; product authentication, and more
-Adoption and interoperability challenges of deploying across 30+ countries, each with its own regulatory framework and infrastructure
-Decision to build on Besu, an enterprise Ethereum client.
-Role of open source, decentralized tech in delivering digital verification at scale

Speakers

Sean Bohan

Community Architect, LF Decentralized Trust

In a 20+ year career in technology, Sean has built digital experiences for clients like ABC Television and JetBlue, defined global digital strategy for GM and advised investors on where technology is going. He spent the last dozen years as an entrepreneur and executive working on... Read More →

Monday August 25, 2025 11:20 - 12:00 CEST
TBA

Digital Trust

Audience Experience Level Any

11:20 CEST

32-bit Linux Support Now and in the Future - Arnd Bergmann, Linaro

Monday August 25, 2025 11:20 - 12:00 CEST

D201

Over the last few years, 64-bit Linux has made it from Servers, PCs and high-end embedded machines lower down in the market, everywhere including the smallest embedded Linux targets. This gives new challenges for users that rely on existing 32-bit hardware being kept up to date, while new features development and testing on those machines keeps winding down.

Arnd gives an overview of which 32-bit systems are still supported, and how long that is going to be the case. This covers modern ARMv7/v8 hardware, older ARMv4/v5/v6 machines, and other embedded CPU architectures.

Specific issues include MMU-less microcontrollers, large memory, small memory, 32-bit userland on 64-bit hardware and the state of the 2038 epochalypse.

Speakers

Arnd Bergmann

Arm SoC kernel maintainer, Linaro

Arnd Bergmann has been with Linaro since almost the beginning. He's worked on the kernel across many CPU architectures over his career is and currently co-maintaining the soc tree that is used for merging platform support into the kernel.

Monday August 25, 2025 11:20 - 12:00 CEST
D201

Embedded Linux Conference

Audience Experience Level Any

11:20 CEST

Securing Software Supply Chains: OpenCode as Building Block for Sovereign Digital Infrastructure - Leonhard Kugler, Zentrum Digitale Souveränität

Monday August 25, 2025 11:20 - 12:00 CEST

G105

As software becomes increasingly critical to the functioning of the state, economy, and society, ensuring its security and stability is a core task for governments. Secure software supply chains are a key component of this effort and a decisive factor for successful digitalisation. To effectively guarantee supply chain security, a new approach to IT security architecture is required, one that brings together the expertise of security experts, developers, and government agencies to standardise testing procedures and facilitate collaborative security analyses. The openCode platform, run by the German Centre for Digital Sovereignty (ZenDiS), is central in addressing this challenge: by establishing binding security standards, promoting transparency, and enabling the tracing of origins for critical software components, openCode helps build resilient, sovereign OS infrastructure for public administration. A recent strategy paper published by ZenDiS and the German Federal Office for Information Security develops a strategy on how to secure software supply chains with openCode, which will be presented in this talk.

Speakers

Leonhard Kugler

Head of Open Source Platform, Zentrum Digitale Souveränität

Leonhard Kugler, head of ZenDiS' openCode software platform, has over 20 years of experience in IT, digitalisation, and organisational development. With a background that spans software development, founding a software development and services agency, and serving as an interim manager... Read More →

Monday August 25, 2025 11:20 - 12:00 CEST
G105

OpenGovCon

Audience Experience Level Any

11:20 CEST

The CRA, Where Are We Six Months After Its Approval - Timo Perala, Nokia

Monday August 25, 2025 11:20 - 12:00 CEST

G106

The Cyber Resielience Act (CRA) was approved late 2024 by European Union.
Open source community was heavily involved in influencing drafting of the CRA. But the need for active engagement with the regulator did not end there. During the three-year period from late 2024 to late 2027 a lot of standardisation and guidance needs to be created to guide industries, manufacturers and open source community to best comply and cope with the CRA. Open source communities have organised to address these challenges.

Here we shortly explain the motivation for, and the main requirements set forth by the CRA, the various relevant organisations working on the regulation and the timelines of the work, as well as the achievements of the open source community in this work so far, and what is the work ahead of us towards the final deadline in late 2027. After the presentation you should be able to understand what the CRA is and why it is introduced, how it impacts world wide - also open source, how open source community is addressing this new regulation and how you can join the community.

Speakers

Timo Perala

Head of Open Source Network and Service Automation, Nokia

Timo has over 25 years of experience in network systems, systems architecture research, new business incubation, to mobile network and operations systems standardization. In his current role Timo is with Nokia OSPO, responisble for Automation related open source projects and Regulatory... Read More →

Monday August 25, 2025 11:20 - 12:00 CEST
G106

Standards & Specifications

Audience Experience Level Any

11:20 CEST

CPatch: Optimising OTA Upgrades Through Binary Diffs - Jordan Yates, Embeint

Monday August 25, 2025 11:20 - 12:00 CEST

D202

Do you find yourself twiddling your thumbs while waiting for dozens of devices to upgrade over Bluetooth? Or do you think twice before pressing the “Firmware Rollout” button due to the anticipated LTE data bill? Introducing Constrained Patch (CPatch), a binary patching algorithm designed specifically for Firmware Over-the-Air (FOTA) upgrades of constrained devices running Zephyr.

In this session I will step through the design and implementation of the algorithm, including:
* Prerequisites for a diff based solution
* Constraints the algorithm works within
* Embedded patching implementation
* Python patch generation
* Comparisons against existing algorithms
* Live demo!

Speakers

Jordan Yates

Co-founder @ Chief Engineer, Embeint

Embedded developer focusing on ultra-low power wireless devices.

Monday August 25, 2025 11:20 - 12:00 CEST
D202

Zephyr Developer Summit

Audience Experience Level Any

11:20 CEST

Zephyr Workqueues: How They Work and Queue - Loic Domaigne, Doulos GmbH

Monday August 25, 2025 11:20 - 12:00 CEST

D203

Zephyr provides workqueue, a mechanism used to offload non-urgent processing to a lower priority thread. Workqueues are typically found in ISR (interrupt service routine) and high-priority threads.

In this talk, we shall present:
- what workqueues are, and what they are not,
- their typical use case
- how workqueues, scheduling and meta-IRQ threads relate,
- some best practices to address some common challenges, like sysworkq bottleneck, passing data or handling cancellation
- some lesser known workqueues, like the p4_wq

This is a practical hands-on talk. We’ll therefore run demo code and investigate what’s going on under the hood by looking at the Zephyr internal implementation! This will help us to get a solid understanding of workqueues, their usages and limitations, “directly from the source” (code).

Speakers

Loïc Domaigné

Senior Technical Staff Member, Doulos GmbH

Loïc loves sharing knowledge and is an enthusiastic instructor at Doulos since 2018. Loïc enjoys teaching Embedded Linux, Yocto, Python, Edge AI… and Zephyr Essentials, the new training he designed.

Monday August 25, 2025 11:20 - 12:00 CEST
D203

Zephyr Developer Summit

Audience Experience Level Any

13:30 CEST

Trust, but Verify: Proactive Security in Open Source - Jess McClintock, Google

Monday August 25, 2025 13:30 - 14:10 CEST

TBA

Ken Thompson's "Reflection on Trusting Trust" warns against blindly relying on others' code, emphasizing the gap between reviewed source and built artifacts. This is critical for developers navigating complex trust models, where source code alone offers limited assurance. Recent supply chain attacks on open source packages, like xz and boltdb-go, expose the real-world practicality of deceiving traditional source reviews, threatening the foundation of open source consumption.

In this talk, we discuss a novel method for analysing and investigating the code that actually gets built using Capslock, an open source CLI tool for analyzing Go packages. By analysing and exposing discrepancies between a package’s advertised and actual permissions, potential attacks (such as the malicious version of boltdb-go) can be thwarted. Integrating this capability information into both free public data sources (e.g. deps.dev) and guided code review systems enables developers to shift left, and feel more confident trusting open source.

Speakers

Jess McClintock

Senior Software Engineer, Google

Jess is a senior software engineer on the Open Source Security team at Google. In this role, she develops software solutions to security problems. Previously, Jess completed a PhD in theoretical computer science at the University of Melbourne, and has written papers on approximation... Read More →

Monday August 25, 2025 13:30 - 14:10 CEST
TBA

Digital Trust

Audience Experience Level Any

13:30 CEST

Thinking Outside the (Linux) Box: Security Considerations From Human Actors - Esa Jääskelä, Buutti Oy

Monday August 25, 2025 13:30 - 14:10 CEST

D201

Embedded Linux security often focuses on protecting the devices against attackers using technical safeguards like secure boot and kernel hardening. While essential, this engineering-oriented perspective can result in overlooking a major threat vector: human behavior. Social engineering remains a common attack method, and even embedded devices with limited interactability can be vulnerable to this.

This presentation explores the relationships between developers, users, and attackers to identify security requirements and possible shortcomings in security planning. Core principles include:

- Prevent users (and developers) from compromising security
- Design for resilience against security failures
- Recognize that misunderstandings lead to errors
- Communicate clearly to reduce social engineering risk

While the talk isn't deeply technical, it presents embedded Linux–oriented solutions to these human-centric challenges where applicable. The presentation is accessible to people who are still beginners in the embedded world. My goal is to ensure that device developers consider the actions of both malicious actors and legitimate users in their threat models.

Speakers

Esa Jääskelä

Software Developer, Buutti Oy

Esa Jääskelä is an embedded systems engineer with a focus on Linux, Yocto, and programming. He holds an MSc in Computer Science and Engineering and has worked in embedded Linux development since 2016. Passionate about cybersecurity, Esa explores system hardening and shares technical... Read More →

Monday August 25, 2025 13:30 - 14:10 CEST
D201

Embedded Linux Conference

Audience Experience Level Any

13:30 CEST

Realtime Linux Beyond PREEMPT_RT: Exploring Xenomai's Dual-Kernel Approach - Richard Weinberger, sigma star gmbh

Monday August 25, 2025 13:30 - 14:10 CEST

G104

In the area of Linux-based real-time applications, PREEMPT_RT has become a widely embraced solution. However, it's not the only path to achieving real-time characteristics. Xenomai, utilizing a dual-kernel approach, presents a compelling alternative that merits consideration.

In this session, Richard will delve into the Xenomai project, highlighting its unique architecture and the scenarios where it excels over PREEMPT_RT and where not. Participants will gain a comprehensive understanding of how to deploy Xenomai in real-world applications through step-by-step examples.

This talk is designed not only to introduce attendees to the fundamental concepts of Xenomai but also to equip them with practical skills for implementing their own real-time solutions using this framework. Whether you’re a developer seeking to expand your toolkit or a system architect exploring different real-time options, this presentation will provide valuable insights into a versatile and powerful alternative to the conventional PREEMPT_RT route.

Speakers

Richard Weinberger

CTO, sigma star gmbh

Richard Weinberger is co-founder of sigma star gmbh where he offers consulting services around Linux and IT security.

Monday August 25, 2025 13:30 - 14:10 CEST
G104

Linux

Audience Experience Level Any

13:30 CEST

Upstream Kernel Hardening: Progress on Enabling -Wflex-array-member-not-at-end - Gustavo A. R. Silva, The Linux Foundation

Monday August 25, 2025 13:30 - 14:10 CEST

G102-103

The -Wflex-array-member-not-at-end compiler option was introduced in GCC 14. At the time, it revealed around 60,000 warnings in the upstream Linux kernel. While many of these were duplicates, about 650 are unique and require individual auditing and attention. These issues span different categories and vary in complexity, which adds to the challenge of globally enabling this compiler option in the upstream Linux kernel.

In this presentation, we'll share the progress we've made on this work as part of the Kernel Self-Protection Project (KSPP) over the past few months. We'll go over the challenges we've encountered, show concrete code examples, and demonstrate how to fix these kinds of problems. We'll also discuss why enabling this option is important for the kernel, and how we plan to complete this work in the near future.

Whether you're a seasoned kernel developer or someone looking to start contributing upstream, this presentation will introduce useful helpers and strategies you can use to fix existing code or implement new functionality, and in doing so, help us harden the upstream Linux kernel for the benefit of everyone.

Speakers

Gustavo A. R. Silva

Upstream Linux Kernel Engineer, The Linux Foundation

Gustavo A. R. Silva is an Upstream Linux Kernel Engineer focused on hardening and proactive security. He has spent the past several years fixing all sorts of bugs and hardening the Linux kernel. His work is supported by The Linux Foundation and Alpha-Omega. He's a member of the Kernel... Read More →

Monday August 25, 2025 13:30 - 14:10 CEST
G102-103

Linux

Audience Experience Level Any

13:30 CEST

The Impact of Copyleft on the EU CRA - Jimmy Ahlberg, Ericsson

Monday August 25, 2025 13:30 - 14:10 CEST

G107

The introduction of the EU Cyber Resilience Act (CRA) marks a transformative milestone in software security regulation within the European Union, with far-reaching implications for global software practices. As the EU seeks to bolster cybersecurity standards across digital products and services, the CRA introduces new requirements aimed at identifying, managing, and mitigating vulnerabilities more effectively.

This session will explore the specific implications of the CRA for Free and Open Source Software (FOSS), with a particular focus on projects under Copyleft licenses such as the GNU General Public License (GPL). Copyleft licenses, which require derivative works to also be open source, present unique challenges in the context of the CRA's provisions.

Join us as we delve into the complexities and opportunities presented by the EU CRA, and explore its impact on the future of Free and Open Source Software.

Speakers

Jimmy Ahlberg

Director Open Source, Ericsson

Currently Mr Ahlberg is the Director of Open Source Policy with the Ericsson OSPO. Prior to the inception of the Ericsson OSPO he worked in different roles with various aspects of Open Source in the Ericsson organization, This included consumption of and contribution to Open Source... Read More →

Monday August 25, 2025 13:30 - 14:10 CEST
G107

Operations Management

Audience Experience Level Any

13:30 CEST

Better PURLs for Better Software Compliance Processes - Philippe Ombredanne, AboutCode & Dennis Roellke, Bloomberg

Monday August 25, 2025 13:30 - 14:10 CEST

G106

Reliably identifying software components is a critical requirement for regulatory compliance.

PURL is the de-facto standard for the reliable naming of components in software applications, products, and systems, across programming languages, package ecosystems, tools, APIs and databases. Every open source and most proprietary tools for Software Composition Analysis (SCA), along with all SBOM and Vulnerability Exploitability Exchange (VEX) specifications and most vulnerability databases, adopted PURL for component identification. But a 2024 Software Composition Analysis (SCA) report demonstrated significant inconsistencies in how different tools create PURLs…

Better PURLs is a comprehensive project of open source tools and open data to correct this problem. The extended PURL syntax validation confirms that the PURL components (namespace, name, version, qualifiers) are correct for a given package ecosystem, according to the specification, and that the PURL locates an existing software package artifact.

In this talk, Philippe from AboutCode and Dennis from Bloomberg will share the latest developments and how accurate and correct PURLs facilitate better compliance processes.

Speakers

Philippe Ombredanne

Lead maintainer, AboutCode

Philippe Ombredanne is a FOSS hacker passionate about enabling easier and safer reuse of open source code. He is the lead maintainer of the AboutCode stack of open source tools for Software Composition Analysis and license and security compliance, including the industry-leading ScanCode... Read More →

Dennis Roellke

Security Architect, Bloomberg

Dennis is a Cloud Security Architect in the CTO Office at Bloomberg.

Monday August 25, 2025 13:30 - 14:10 CEST
G106

Standards & Specifications

Audience Experience Level Any

13:30 CEST

Zephyr: Evolving To CRA Readiness - Kate Stewart, The Linux Foundation

Monday August 25, 2025 13:30 - 14:10 CEST

D202

The Cyber Resiliance Act (CRA) will be coming into effect in a few short years. Product makers will have different obligations than open source stewards for compliance. The Zephyr project has been working towards making it easier for product makers to comply with the CRA over the last few years, and will continue to work with the community to refine these capabilities.

From automatic "Build SBOM" generation to LTS Vulnerability fixes being extended to 5 years, the project has some useful starting points.

This talk will discuss what is available, and where some of the gaps will be for product makers and other ecosystem vendors to consider in their roadmaps and support plans.

Speakers

Kate Stewart

VP Dependable Embedded Systems, The Linux Foundation

Kate Stewart works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. Since joining The Linux Foundation, she has launched the ELISA and Zephyr Projects, as well as supporting other embedded projects... Read More →

Monday August 25, 2025 13:30 - 14:10 CEST
D202

Zephyr Developer Summit

Audience Experience Level Any

14:25 CEST

A First Person Identity System for Open Source - Wenjing Chu, Futurewei Technologies Inc. & Drummond Reed, Gen

Monday August 25, 2025 14:25 - 15:05 CEST

TBA

Open source has a trust problem. One may attribute this to the age old problem of identity frauds and related security vulnerabilities on the Internet. One may further worry that the rise of AI will dramatically increase this risk and even overrun the Internet altogether without mitigation in a fundamental level. One may also see it as an inevitable consequences of 'de-globalization' or 'fragmentation' which sows distrust and threatens to undo many of the progress we had made in the past two plus decades. The Linux Foundation's Executive Director Jim Zemlin highlighted this challenge during the LFDT member summit last year, then re-emphasized it again during the LF member summits in the fall last year and again this spring in 2025. This is a followup to that "Call to Action" to a First Person Project. A decentralized First Person developer ID system is one of the things we can do in the open source infrastructure level, i.e. the fundamental ways of practice that we know as open source, to meet this challenge. In this session, we will examine the issues, discuss the First Person Project and solution approaches, and update the community its progress.

Speakers

Wenjing Chu

Senior Director of Technology Strategy, Futurewei Technologies

Wenjing is a senior directory of technology strategy at Futurewei leading initiatives on trust in the future of computing. He is a Steering Committee member of the Trust over IP (ToIP) Foundation and co-Chairs the TSP and AI & Metaverse task forces. He is a Board Member of the OpenWallet... Read More →

Drummond Reed

Director, Trust Services, Gen

25 years working on Internet identity, security, privacy & trust

Monday August 25, 2025 14:25 - 15:05 CEST
TBA

Digital Trust

Audience Experience Level Any

14:25 CEST

What Have We Found in Git Repos? - Marta Rybczynska, Ygreky

Monday August 25, 2025 14:25 - 15:05 CEST

G102-103

Open source project repositories often expose more than developers intend - and not just the occasional leaked password. In many cases, careful analysis of public Git histories can uncover traces of vulnerabilities being fixed days or even weeks before an official security advisory is published.

In this talk, Marta will present findings from research into the repositories of several high-impact open source projects, revealing how fix commits often hint at upcoming security disclosures.

She will then share practical advice on how to reduce this kind of information leakage - helping maintainers better protect their projects and users from premature exposure.

Speakers

Marta Rybczynska

Technical Program Manager, Security Team, Eclipse Foundation/Ygreky

Marta Rybczynska has a network security background, with 20 years of experience in Open Source. She has worked with embedded operating systems like Linux and various real-time OSes, and with system libraries and frameworks up to user interfaces. She has been involved in various Open... Read More →

Monday August 25, 2025 14:25 - 15:05 CEST
G102-103

Linux

Audience Experience Level Any

14:25 CEST

Establishing Zephyr RTOS in Corporate Environments: Strategies and Success Stories - Christian Schlotter, ZEISS

Monday August 25, 2025 14:25 - 15:05 CEST

D202

Switching from any RTOS to Zephyr represents a significant transition. Join us as we revisit our journey that led to the selection of Zephyr and explore our efforts to cultivate a vibrant Zephyr developer community within a large multinational corporation.

In this session, we will discuss:

• Strategies for creating a persuading case for Zephyr

• Techniques for motivating development teams to adopt Zephyr

• Initiatives that contributed to the creation of a thriving developer community

• Ways in which the Zephyr community's momentum can energize your projects

• Methods for building a pool of Zephyr talent for recruitment purposes

Attendees will gain insight into the essential steps required to successfully integrate Zephyr RTOS into a corporate environment and sustain its use over the long term.

Speakers

Christian Schlotter

Software Architect, ZEISS

Software Architect at Carl Zeiss Meditec AG, active member of queer ERG Proud@ZEISS 🏳️‍🌈, love nature, hiking and people 😀

Monday August 25, 2025 14:25 - 15:05 CEST
D202

Zephyr Developer Summit

Audience Experience Level Any

14:25 CEST

Rust Meets Zephyr: Building Safer Embedded Applications - Martin Mosler, Zühlke Engineering AG

Monday August 25, 2025 14:25 - 15:05 CEST

D203

Rust revolutionizes systems programming with safety, performance, and concurrency, while Zephyr OS excels in embedded systems with modularity and hardware support. How well do these two technologies work together?

In this talk, we’ll explore the benefits and challenges of developing applications in Rust on top of Zephyr OS. Through a live demo and code walkthrough, I will showcase how Rust’s safety guarantees can enhance embedded application development while leveraging Zephyr’s robust ecosystem.

Key questions addressed include:

• Why should you consider Rust for embedded development?

• How does Rust integrate with Zephyr’s C-based APIs?

• What limitations and tooling gaps should you be aware of?

• How can you get started with Rust on Zephyr today?

This session will provide practical insights from real-world experience, helping you evaluate whether Rust is the right choice for your next embedded project. Whether you’re an embedded developer or a Rustacean curious about RTOS environments, this talk will equip you with actionable knowledge to start your journey.

Speakers

Martin Mosler

Principal Embedded Software Consultant, Zühlke Engineering AG

Martin Mosler is a seasoned software engineer with expertise in developing secure embedded systems. With a background in Rust programming, he has firsthand experience implementing secure concurrent code and is passionate about sharing his knowledge with the community.

Monday August 25, 2025 14:25 - 15:05 CEST
D203

Zephyr Developer Summit

Audience Experience Level Any

14:35 CEST

BoF: Collaboration With Universities and Enterprises OSPO - Ana Jiménez Santamaría, Linux Foundation; Chris Hoeppler, Bosch Research; Leslie Hawthorn, Red Hat GmbH; Cornelius Schumacher, DB Systel GmbH; Ying Wang, ETH Züric; Clare Dillon, CURIOSS

Monday August 25, 2025 14:35 - 15:05 CEST

D204

Join the TODO Group and CURIOSS community for an interactive session where attendees can share use cases on how their organizations are investing in academic research. Explore best practices for transferring knowledge from academia and the research community.

We welcome open source managers, OSPO leaders, and other stakeholders from organizations and universities engaged in research or interested to learn more.

Speakers

Ana Jiménez Santamaría

Project Manager , Linux Foundation, Developer Relations Foundation

Ana is the Project Manager at the Linux foundation TODO Group collaborative project, whose aim is to create and share knowledge on open source management and operations best practices. Formerly she worked at Bitergia, a Software Development Analytics firm, and she has finished her... Read More →

Chris Hoeppler

Senior Expert Open Source, Bosch Research

Chris is Open Source Officer at Bosch Research and member of Bosch's corporate Open Source Expert Team. Since joining Bosch Research a decade ago Chris has been working on a wide range of open source topics from compliance to strategy. Currently, he focuses on working with internal... Read More →

Leslie Hawthorn

Director - Industry Community Strategy, Red Hat GmbH

An internationally known strategist & engagement expert, Leslie Hawthorn has spent her career creating and enabling successful communities. She has driven open source strategy in Fortune 10 companies, pre-IPO startups, and Foundation Boards including roles at Red Hat, Google, the... Read More →

Cornelius Schumacher

Open Source Steward, DB Systel GmbH

Cornelius helps teams at Deutsche Bahn, the German railway company, to use and contribute to open source software. He has a background from more than two decades in the open source community and industry. Originally a software developer he now focus on management of open source.

Clare Dillon

CURIOSS Community Lead, CURIOSS

Clare Dillon is community lead for CURIOSS, a community for university & research institution OSPOs. Clare is also a researcher with Lero, the Science Foundation Ireland Research Centre for Software and a member of Lero's OSPO team. From 2021-2023, Clare served as the inaugural ED... Read More →

Ying Wang

Technology and licensing manager, ETH Züric

Ying holds a Ph.D. from the California Institute of Technology in geochemistry and a Juris Doctor from the Georgia State University College of Law, with a focus on Intellectual Property.

Monday August 25, 2025 14:35 - 15:05 CEST
D204

OSPOCon

Audience Experience Level Any

15:35 CEST

Between Building and Testing Your Linux Driver - Krzysztof Kozlowski, Linaro

Monday August 25, 2025 15:35 - 16:15 CEST

G109

Linux kernel code (and any C project in general) can greatly benefit from several static code analyzers. Let's dive into open and free (as in free beer as well) tools for static code analysis used in the Linux kernel, because there is more than one tool

The session will describe in detail how to check your Linux kernel code around build time to improve the code quality.

Many techniques will be applicable to other projects, but session focuses on the Linux kernel due to its own build process.

Speakers

Krzysztof Kozlowski

Linux Kernel Maintainer , Linaro

Krzysztof Kozlowski is an active Linux Kernel developer, working currently for Linaro. Krzysztof maintains several upstream kernel subsystems: Devicetree bindings (as a co-maintainer with Rob and Conor), Memory controller drivers, NFC subsystem with drivers, and Samsung Exynos SoC... Read More →

Monday August 25, 2025 15:35 - 16:15 CEST
G109

Open Source 101

Audience Experience Level Any

15:35 CEST

Of Queens and Other Benevolent Dictators – the Role of Succession Planning in Open Source Community - Aeva Black, Independent & Hazel Weakly, Nivenly Foundation

Monday August 25, 2025 15:35 - 16:15 CEST

Auditorium

Several high-profile incidents have raised global awareness that single-maintainer projects can become single points of global risk. However, a similar risk exists among established and mature projects – the attrition of a small “core” group of maintainers can be just as damaging to downstream dependencies.

Today, many established projects are facing significant maintainer attrition while vibrant and younger communities have formed around derivatives and forks. Meanwhile, entire new ecosystems have emerged and become characterized by generational divides.

Why is this happening, and what can you do to prepare to pass the mantle of project leadership?

We will discuss factors contributing to a rising participation barrier, then explore strategies for community growth and educate policymakers on ways to support the longevity and security of mid- and large-sized open source projects.

Speakers

Aeva Black

Distinguished Technology Advisor, Independent

Aeva Black is a distinguished technology advisor focused on the secure and sustainable development of free and open source software. With a 25-year career across roles in the public sector, private sector, and at non-profits, Ms. Black has presented at international forums, led large... Read More →

Hazel Weakly

Fellow, Nivenly Foundation

Hazel spends her days working on building out teams of humans as well as the infrastructure, systems, and tooling to make life better for others. She’s worked at a variety of companies and knows that the hardest problems to solve are the social ones. One of her favorite things is... Read More →

Monday August 25, 2025 15:35 - 16:15 CEST
Auditorium

Open Source Leadership

Audience Experience Level Any

15:35 CEST

Machine Learning on Microcontrollers With Zephyr and Emlearn - Jon Nordby, Soundsensing

Monday August 25, 2025 15:35 - 16:15 CEST

D202

Modern Machine Learning makes it possible to automatically extract valuable information from sensor data, and it has become feasible to deploy ML systems to low-cost embedded devices and sensors. This niche is often referred to as "TinyML", and is enabling a range of new applications in consumer electronics, science and industry.

emlearn is an open-source project for deploying Machine Learning models to any device with a C99 compiler. It provides a Python library for converting models made with scikit-learn or Keras to efficient C code. The library has been used for many applications across a range of sensor modes, such as audio, vibration, power-line, radar, et.c.

Zephyr RTOS is a comprehensive open-source operating system that runs on a wide range of microcontrollers. The support for low-power operation, communication protocols, and standardized "sensors" API makes it a very attractive platform for TinyML applications.

In this presentation, we introduce the emlearn project, and show how it can be used together with Zephyr. We will cover the key features and tools that the library provides, and demonstrate how to perform practical Machine Learning tasks.

Speakers

Jon Nordby

Head of Data Science, Soundsensing

Jon is a Machine Learning Engineer specialized in IoT systems,

Monday August 25, 2025 15:35 - 16:15 CEST
D202

Zephyr Developer Summit

Audience Experience Level Any

15:35 CEST

ZMS a New Lightweight Storage System - Riadh Ghaddab, Baylibre

Monday August 25, 2025 15:35 - 16:15 CEST

D203

Zephyr Memory Storage is a new key-value storage system that is designed to work with all types of non-volatile storage technologies. It supports classical on-chip NOR flash as well as new technologies like RRAM and MRAM that do not require a separate erase operation at all, that is, data on these types of devices can be overwritten directly at any time.

We will explore during this session the new functionalities introduced by this new storage system as well as the upcoming enhancements.

Speakers

Riadh Ghaddab

Senior Software Engineer, Baylibre

Riadh Ghaddab is a Senior Software Engineer currently working at Baylibre.

Monday August 25, 2025 15:35 - 16:15 CEST
D203

Zephyr Developer Summit

Audience Experience Level Any

15:35 CEST

My First Kernel Driver Workshop - Hans de Goede, Red Hat

Monday August 25, 2025 15:35 - 17:10 CEST

G102-103

Attendees will be given an USB (ch341t) to qwiic converter + a qwiic sht40 temperature/humidity sensor.

A github repo with preparation instructions + a ready-to-build driver to instantiate an i2c-device/-client for the sensor will be provided.

The goal of the workshop is for attendees to write their own (very simple) kernel driver for the sensor offering sysfs attributes providing temperature and humidity readings. Example code snippets of a skeleton i2c-driver and example communication code will be provided to make it possible to write a simple driver in 2 hours.

Attendees will be expected to know the C-programming language at an intermediate (or better) level.

Speakers

Hans de Goede

Principal Software Engineer, Red Hat

Hans de Goede is a FOSS developer and enthusiast with 20 years of experience. He is a maintainer for the kernel’s x86 platform drivers subsystem.

Monday August 25, 2025 15:35 - 17:10 CEST
G102-103

Linux

Audience Experience Level Any

16:30 CEST

ESSTRA: A Software Suite To Enhance Software Transparency and Traceability in Software Supply Chain - Takuya Namae, Sony Group Corporation

Monday August 25, 2025 16:30 - 17:10 CEST

Elicium 1

When you use OSS, do you want to know which source files are compiled and included in the binaries? Project ESSTRA (https://github.com/sony/esstra) is a tool that collects a list of source files while compiling your software and embeds the data into the binaries.

Recently, the importance of using SBOMs has been increasing, and there is a growing demand for improved transparency and traceability in the software supply chain from the perspectives of vulnerability management and OSS license compliance. However, it is difficult to trace the details of which files are included in the binaries used in your product or service, and which OSS licenses to comply with based on this data.

To solve this issue, Sony has developed ESSTRA. It is available now as open source itself, and includes both a GCC plugin to record source files during a build and embed it into resulting binaries, as well as a tool to manage the information.

ESSTRA is already supported by Binary Analysis Next Generation (BANG) tool.

Attendees of this session will learn how to use ESSTRA and take the first steps to improve the transparency and traceability of your project's software.

Speakers

Takuya NAMAE

Open Source Compliance Tooling Lead, Sony Group Corporation

Takuya NAMAE is an Open Source Compliance Tooling Lead and Software Engineer in Sony Group Corporation. He works on OSS license compliance of Linux-based system software for various Sony products. He also leads the development of tools and workflows to efficiently carry out the continuous... Read More →

Monday August 25, 2025 16:30 - 17:10 CEST
Elicium 1

Embedded Linux Conference

Audience Experience Level Any

16:30 CEST

Guiding Newcomers: A Mentor’s Journey Through Linux Kernel Development - Daniel Baluta, NXP Semiconductors

Monday August 25, 2025 16:30 - 17:10 CEST

G109

Helping newcomers step into the Linux kernel community is not an easy task, but

with the right mentorship it becomes a transformative journey for both the mentor and the

the mentee.

This talk shares lessons from over a decade of hands-on mentoring experience, helping students

grow from their first patch to becoming meaningful contributors.

This presentation focuses on real world examples from subsystems like IIO, ALSA and device tree

bindings and explains the practical steps to get beginners started. Each steps is important:

from selecting the appropriate tasks and hardware platfroms, to explaining kernel workflows

and mailing list culture.

Attendees will gain practical guidance on building effective mentorship practices, learning

how to support newcomers as they evolve from learners to contributors. Also, this presentation

is valuable for newcomers looking to take their first step into kernel development, offering

a clear view of the journey ahead and how to access mentoring programs like Outreachy Program for Women

or Google Summer of Code.

Speakers

Daniel Baluta

Software Engineer, NXP Semiconductors

Daniel works at NXP in Romania hacking on Linux kernel audio drivers for i.MX boards. He is a teaching assistant for Operating System Internals class at University POLITEHNICA in Bucharest and very passionate about helping newcomers to the Linux kernel world while being a mentor for... Read More →

Monday August 25, 2025 16:30 - 17:10 CEST
G109

Open Source 101

Audience Experience Level Any

16:30 CEST

Streamlining Open-Source License Compliance With the Continuous Clearing Tool - Amrit Kumar Verma & Dearsh Oberoi, Siemens

Monday August 25, 2025 16:30 - 17:10 CEST

G107

We present Continuous Clearing (CA) Tool, an open-source solution designed to automate & accelerate the license clearing of OSS components. This tool streamlines the identification & license compliance of 3rd party OSS components within various projects, including those using NPM, NuGet, Maven, Python, Alpine & Debian. It ensures that orgs. maintain a SBOM for all builds within the DevOps pipeline. It is designed with 3 different modules:

1. Package Identifier: This module accepts a package file or BOM as input & produces a SBOM file as output. It classifies each dependency type & incorporates into the output SBOM.

2. SW360 Package Creator: Utilizing the SBOM from the package identifier, this module identifies & creates any missing components or releases in SW360. Then associates components with the relevant project in SW360 & triggers the upload to FOSSology & automatically updates the clearing state in SW360. It also offers an option to exclude dev dependencies, if they are not relevant for compliance.

3. Artifactory Uploader: This final module takes the updated BOM & uploads components tagged as "Report approved" clearing state to the JFrog artifactory.

Speakers

Dearsh Oberoi

Research Engineer, Siemens

Open source contributor and Research Engineer at Siemens, passionate about fostering inclusive communities. Active contributor at SW60 and LicenseDB. Focused on license management and SBOMs.

Amrit Kumar Verma

Research Engineer, SIEMENS

Research Professional | Open-Source Contributor | Mentor

Monday August 25, 2025 16:30 - 17:10 CEST
G107

Operations Management

Audience Experience Level Any

16:45 CEST

Lottie: Establishing an Open Standard for Vector Animation - Mattia Basaglia, Lottiefiles & Brandon Wilson, Google

Monday August 25, 2025 16:45 - 17:00 CEST

G106

Lottie is an efficient, feature-rich, vector animation format that delivers animations across platforms without sacrificing performance or file size, maintaining quality at any resolution. Lottie is widely adopted across various tools spanning the web, mobile and desktop systems.

In this session, we'll explore the journey of Lottie and the Lottie Animation Community (LAC) in establishing the official Lottie 1.0 specification under the Linux Foundation.

We'll examine the technical challenges addressed in standardizing this format, cross-platform compatibility, and feature consistency across different renderers. Attendees will gain insight into the collaborative process behind creating an open specification with input from diverse stakeholders across industries. We'll discuss the key components of the Lottie format, the standardization work that improved interoperability between creation tools and rendering engines, and demonstrate real-world applications showing the format's capabilities. Finally, we will provide a preview of upcoming efforts and welcome collaboration.

Speakers

Mattia Basaglia

Principal R&D Engineer, Lottiefiles

Mattia has contributed to several Open Source projects, including Glaxnimate — a vector animation program now joining KDE, and other tools to export Lottie. He was heavily involved the Lottie Animation Community standardization process.

Brandon Wilson

Senior Software Engineer, Google

Brandon has been working at Google for five years. He currently works on Lottie/Animation tooling and ensuring motion design partners get the most out of their animations. He is an active participant in the Lottie Animation Committee and helps to organize/lead the meetings.

Monday August 25, 2025 16:45 - 17:00 CEST
G106

Standards & Specifications

Audience Experience Level Any