Loading…
May 21, 2026 | Minneapolis, Minnesota, USA
Learn More and Register To Attend
Schedule is subject to change.

The Sched app allows you to build your schedule, but it is not a substitute for event registration. To participate in the sessions, you must be registered for OpenSSF Community Day NA 2026. If you have not registered but would like to join us, please visit the event registration page to purchase a ticket.
Thursday, May 21
 

7:30am CDT

Registration & Badge Pick-up
Thursday May 21, 2026 7:30am - 5:00pm CDT
Ballroom Lobby

Thursday May 21, 2026 7:30am - 5:00pm CDT
Ballroom Lobby
  Registration / Breaks & Networking

9:00am CDT

Welcome & Opening Remarks - Stacey Potter, Community Manager - OpenSSF, The Linux Foundation
Thursday May 21, 2026 9:00am - 9:10am CDT
101E

Speakers
avatar for Stacey Potter

Stacey Potter

Community Manager, OpenSSF

Thursday May 21, 2026 9:00am - 9:10am CDT
101E
  Keynote Sessions

9:15am CDT

Keynote: Securing the Agentic Future: How OpenSSF is Leading the AI Security Transition - Steven Fernandez, OpenSSF Managing Director, The Linux Foundation
Thursday May 21, 2026 9:15am - 9:35am CDT
101E
As AI becomes a bigger part of software and open source development, security needs are changing quickly. This talk will cover how the Open Source Security Foundation is ramping up the use of and support for AI security across the open source ecosystem.
Speakers
avatar for Steven Fernandez

Steven Fernandez

OpenSSF Managing Director, The Linux Foundation

Thursday May 21, 2026 9:15am - 9:35am CDT
101E
  Keynote Sessions

9:40am CDT

Keynote: Anatomy of a Phishing Campaign - Mike Fiedler, Python Software Foundation
Thursday May 21, 2026 9:40am - 10:00am CDT
101E
In July 2025, PyPI users received emails directing them to another site - a near-perfect clone transparently proxying requests to pypi.org. Within hours, attackers compromised four accounts and uploaded malicious releases of the popular num2words package.This talk dissects the complete attack chain: how attackers harvested email addresses from public package metadata, built a transparent proxy...
See More →
Speakers
avatar for Mike Fiedler

Mike Fiedler

PyPI Safety & Security Engineer, Python Software Foundation
Mike’s been in the engineering game for 30+ years, leading teams at Datadog, MongoDB, LeafLink, Warby Parker, and Capital One. He’s a big believer in learning from every peer and helping others navigate tech’s complexities. An AWS Hero and Awesome Community Chef, Mike loves... Read More →
Thursday May 21, 2026 9:40am - 10:00am CDT
101E
  Keynote Sessions, Securing the Software Supply Chair

10:05am CDT

Keynote: BEAR-ing Fruit: A Year of Learning, Mentorship, and Community Building in Open Source Security - Marcela Melara, Research Scientist, Intel Corporation
Thursday May 21, 2026 10:05am - 10:20am CDT
101E
The OpenSSF BEAR (Belonging, Empowerment, Allyship, and Representation) Working Group is on a mission to make cybersecurity a place where everyone belongs! We knock down barriers and crank up the volume for underrepresented voices. We've learned that true representation is about building fun, lasting paths for participation. In this session, we'll take you on a journey through the evolution of...
See More →
Speakers
avatar for Marcela Melara

Marcela Melara

Research Scientist, Intel Corporation
Marcela Melara is a research scientist at Intel making distributed and cloud systems more trustworthy. Her current work focuses on developing solutions for high-integrity software and AI supply chains. She leads a number of internal, academic and open-source projects on supply chain... Read More →
OpenSSF CD NA 2026 BEAR WG Keynote pdf
Thursday May 21, 2026 10:05am - 10:20am CDT
101E
  Keynote Sessions, Implementation Success Stories

10:25am CDT

The Architecture of Accountability: Transparency in Software - Hayden Blauzvern, Google
Thursday May 21, 2026 10:25am - 10:40am CDT
101E
In the context of secure systems, "transparency" is often a loaded term. We will propose a precise definition: the guarantee of discoverability and auditability. Transparency is the difference between a system that merely claims to be secure and a system that provides proof of its security claims. This session offers a high-level primer on the principles of cryptographic transparency. We will...
See More →
Speakers
avatar for Hayden Blauzvern

Hayden Blauzvern

Technical Lead Manager, Google
Hayden Blauzvern is a technical lead manager on Google’s Open Source Security Team, focused on making open-source software more secure through code signing and applied transparency. Hayden is a maintainer and the community chair on the Sigstore project.
OSSF Community Days NA 2026 The Architecture of Accountability Transparency in Software pdf
Thursday May 21, 2026 10:25am - 10:40am CDT
101E
  Enhancing Security Tools
  • Slides Attached Yes

10:40am CDT

Break
Thursday May 21, 2026 10:40am - 11:00am CDT
101C+D
- Scones (v) 
- Gluten-free Scones (v, GF) 
- Assorted Fruit
- Yogurt

Thursday May 21, 2026 10:40am - 11:00am CDT
101C+D
  Registration / Breaks & Networking

11:00am CDT

OpenSSF Baseline Alignment in Open Source Repos: Automation, Surveys, and the Visibility Gap - Will Sergeant, Kiran Chana & Kavoi Mutisya, Harvard
Thursday May 21, 2026 11:00am - 11:15am CDT
101E
Project BaseJump is the result of months of Capstone Project effort from a team of three Cybersecurity Masters Degree Candidates at Harvard Extension School: The project sought to develop a repeatable methodology for assessing Open Source Software repository alignment with the OpenSSF Baseline. In this presentation we will go over our findings from the project. In addition, we have developed...
See More →
Speakers
avatar for Will Sergeant

Will Sergeant

Graduate Student, Harvard Extension School
I am a Technologist at heart. I work on everything from microcircuits to cyber risk management. Currently I work as a Cybersecurity Analyst at Harvard Medical School and study as a Cybersecurity Masters Degree candidate at Harvard Extension School. I hold an active CISSP, AZ-104... Read More →
avatar for Kiran Chana

Kiran Chana

BaseJump Team Leader; Graduate Student, Harvard
cybersecurity master's candidate at Harvard; 5 years at MEDITECH developing software and leading teams; a lifetime of passion for diverse communities.
avatar for Kavoi Mutisya

Kavoi Mutisya

Student, Harvard Cybersecurity Masters Candidate 26'
Harvard Cybersecurity Masters Candidate 26'
Thursday May 21, 2026 11:00am - 11:15am CDT
101E
  Securing the Software Supply Chain

11:20am CDT

Curating Secure Software: The Art of Selecting Safe Dependencies - Kadi McKean, ReversingLabs
Thursday May 21, 2026 11:20am - 11:35am CDT
101E
Imagine curating an art gallery—you wouldn’t hang just any painting on the wall. Each piece is carefully selected, verified for authenticity, and preserved to ensure a valuable experience for visitors. The same meticulous approach applies to software development. Secure curation of open source isn’t about stifling creativity; it’s about ensuring that the dependencies we bring into our...
See More →
Speakers
avatar for Kadi McKean

Kadi McKean

OSS Community Manager, ReversingLabs
Kadi is passionate about the DevOps / DevSecOps community since her days of working with COBOL development and Mainframe solutions. At ReversingLabs she collaborates with developers and security researchers to help entities prioritize their open source risk, reduce technical debt... Read More →
Thursday May 21, 2026 11:20am - 11:35am CDT
101E
  Securing the Software Supply Chain

11:40am CDT

Enforcing the OpenSSF Ecosystem With AMPEL - Adolfo García Veytia, Carabiner Systems
Thursday May 21, 2026 11:40am - 12:00pm CDT
101E
AMPEL, the Amazing Multipurpose Policy Engine (and L), is the latest open-source project (about) to land in the OpenSSF sandbox. AMPEL is a policy engine designed to be embeddable and easy to use in modern CI/CD environments. It brings together verification of signed in-toto attestations against policies, mapped to security framework controls, enabling projects and organizations to demonstrate...
See More →
Speakers
avatar for Adolfo Garcia Veytia

Adolfo Garcia Veytia

Founding Engineer, Carabiner Systems
Adolfo García Veytia (@puerco) is one of the Kubernetes SIG Release Technical Leads and actively works on the Release Engineering team. He specializes in improving the software that drives the automation behind the Kubernetes release process. He is also the creator of the OpenVEX... Read More →
202605 OSS Summit AMPEL pdf
Thursday May 21, 2026 11:40am - 12:00pm CDT
101E
  Securing the Software Supply Chain
  • Slides Attached Yes

12:05pm CDT

From SBOMs To Decisions: Prioritizing Supply Chain Risk in Time-Bound M&A Reviews - Prashanth Chandrasekar, Bitsea US, Inc.
Thursday May 21, 2026 12:05pm - 12:20pm CDT
101E
Software supply chain risk assessments increasingly rely on Software Bill of Materials (SBOMs), yet their practical value is often tested under severe time constraints. In Mergers and Acquisitions (M&A) due diligence, Application Security (AppSec) teams are frequently required to assess large codebases and their third-party dependencies within days or weeks, where the goal is informed risk...
See More →
Speakers
avatar for Prashanth Chandrasekar

Prashanth Chandrasekar

Principal Consultant, Bitsea
Prashanth Chandrasekar is an Application Security practitioner and Open Source Consultant at Bitsea, focused on software supply chain risk and SBOM-driven analysis for stakeholders. He brings hands-on experience from time-bound due-diligence engagements, helping teams prioritize vulnerability... Read More →
OpenSSF Community Day 2026 From SBOMs to MnA Decisions Prashanth Chandrasekar pdf
Thursday May 21, 2026 12:05pm - 12:20pm CDT
101E
  OSS Signatures and Verification
  • Slides Attached Yes

12:25pm CDT

Gemara: The GRC Architecture You Didn’t Know You Built - Hannah Braswell & Jennifer Power, Red Hat
Thursday May 21, 2026 12:25pm - 12:45pm CDT
101E
If you’ve ever set a branch protection rule or configured a security scan, you’ve already entered the world of GRC. You may not have realized it at the time, though, because GRC is often seen as a combination of spreadsheets and screenshots. Framing this through Gemara reveals a different reality: these security configurations don't exist in a vacuum; they work within a larger, interconnected...
See More →
Speakers
avatar for Hannah Braswell

Hannah Braswell

Associate Product Security Engineer, Red Hat, Inc.
Hannah is an Associate Product Security Engineer at Red Hat, focusing on proactively securing complex open-source systems. As an active contributor to the OSCAL Compass CNCF community, she is passionate about pragmatic development and using automation to enhance security workflows... Read More →
avatar for Jennifer Power

Jennifer Power

Principal Product Security Engineer, Red Hat
Jennifer Power is a Principal Product Security Engineer at Red Hat, where she focuses on open-source solutions for compliance automation. She is active in the open-source community, contributing to multiple projects and is currently a maintainer of the OSCAL Compass CNCF project... Read More →
The GRC Architecture You Didn't Know You Built (1) pdf
Thursday May 21, 2026 12:25pm - 12:45pm CDT
101E
  Enhancing Security Tools
  • Slides Attached Yes

12:45pm CDT

Lunch
Thursday May 21, 2026 12:45pm - 1:45pm CDT
101C+D
- Roasted Chicken Caesar Wedge: Deli-Roasted Chicken, Romaine, Caesar Cream Cheese, Asiago Focaccia
- Deli Roast Beef: Shaved Natural Roast Beef, Lettuce, Cucumber-Herb Cream Cheese, Egg Focaccia
- Roasted Veggies Wedge (vg): Roasted Vegetables, Hummus, Lettuce, Rosemary Red Pepper Focaccia

 Includes Dutch Crunch Potato Chips, Fresh Grapes, and Chocolate Chip Cookie
Thursday May 21, 2026 12:45pm - 1:45pm CDT
101C+D
  Registration / Breaks & Networking

1:45pm CDT

Making a Lockfile for Maven - Adam Kaplan, Red Hat
Thursday May 21, 2026 1:45pm - 1:55pm CDT
101E
Many package ecosystems produce a comprehensive list of dependencies known as a lockfile. These files serve several purposes, ranging from optimizing application assembly to verifying package integrity and ensuring reproducible builds. Newer package ecosystems such as npm, cargo, and go modules incorporated lockfiles in their designs from the start. More recently, the Python community adopted a...
See More →
Speakers
avatar for Adam Kaplan

Adam Kaplan

Senior Principal Software Engineer, Red Hat
Adam Kaplan (he/him/his) is a software engineer at Red Hat, a maintainer of the Shipwright and Tekton projects, and former CD Foundation Governing Board member. He currently leads efforts to simplify hybrid cloud application development and secure Red Hat's software supply chain... Read More →
Making a Lockfile for Maven Final pdf
Thursday May 21, 2026 1:45pm - 1:55pm CDT
101E
  Securing the Software Supply Chain
  • Slides Attached Yes

2:00pm CDT

Beyond Keyless Signing: Using Ephemeral Certificates With BYOPKI - Kenneth Yang & Adrian Smith, Coinbase
Thursday May 21, 2026 2:00pm - 2:20pm CDT
101E
Keyless signing in sigstore/cosign avoids the need to manage long-lived private keys by using ephemeral keys, short-lived certificates issued by a Managed CA (sigstore/fulcio), and a Public Transparency Log (sigstore/rekor). While this model fits many use cases, some organizations may prefer to run their own infrastructure with an Internal CA and Private Transparency Logs. At Coinbase, the...
See More →
Speakers
avatar for Kenneth Yang

Kenneth Yang

Staff Software Engineer, Coinbase
Kenneth is a Staff Software Engineer at Coinbase and ex-Airbnb Security Engineer focusing on Key Management systems. When he’s not getting paged and pulled into incidents he enjoys spending time with his two dogs and being in the outdoors.
avatar for Adrian Smith

Adrian Smith

Senior Software Engineer, Coinbase
Adrian is a software engineer at Coinbase who helps build and maintain PKI systems at scale
Thursday May 21, 2026 2:00pm - 2:20pm CDT
101E
  OSS Signatures and Verification

2:25pm CDT

GAME SHOW! GAME SHOW! - Christopher Robinson, OpenSSF
Thursday May 21, 2026 2:25pm - 2:45pm CDT
101E
Join the OpenSSF staff and community and pit your knowledge of our community against your peers in this interactive game that EVERYONE can play. Come be educated, informed, and entertained.
Speakers
avatar for Christopher

Christopher "CRob" Robinson

Chief Architect - OpenSSF, OpenSSF
Christopher Robinson (aka CRob) is the Chief Security Architect for the Open Source Security Foundation. With over 25 years of Enterprise-class engineering, architectural, operational and leadership experience, CRob has worked at several Fortune 500 companies with experience in the... Read More →
Thursday May 21, 2026 2:25pm - 2:45pm CDT
101E
  Securing the Software Supply Chain

2:50pm CDT

Navigating the Land of Git Commit Signatures With Gittuf - Patrick Zielinski, Secure Systems Lab @ NYU & Yongjae Chung, New York University
Thursday May 21, 2026 2:50pm - 3:05pm CDT
101E
You’ve probably heard by now that Git supports signing your commits and the chorus encouraging you to sign your commits. There’s just a tiny little problem: what exactly do you do with those signatures? How do you know if a signature is legitimate? When a signing key needs to be rotated and is marked as untrusted, does that mean your entire Git history is “untrusted”? What makes a commit...
See More →
Speakers
PZ

Patrick Zielinski

PhD Candidate, NYU
Patrick is a Ph.D. student at New York University researching software supply chain security. He focuses on securing version control systems that underpin systems such as The Archive Framework (TAF). He is also a maintainer of gittuf, an incubating project at the Open Source Security... Read More →
avatar for Yongjae Chung

Yongjae Chung

Masters Student, New York University
Yongjae is a Master's student at New York University. He is a contributor to gittuf, an incubating project at Open Source Security Foundation.
Thursday May 21, 2026 2:50pm - 3:05pm CDT
101E
  Securing the Software Supply Chain

3:10pm CDT

Petra: SBOMs Without Oversharing for Confidential Supply Chain Transparency - Eman Abu Ishgair, Purdue University & Marcela Melara, Intel Corporation
Thursday May 21, 2026 3:10pm - 3:25pm CDT
101E
Software Bills of Materials are central to improving transparency and trust in modern software supply chains. However, organizations often hesitate to share complete SBOMs due to intellectual property or security concerns. This challenge is amplified in multi-tier supply chains, where SBOMs are routinely redistributed across vendors. We present Petra, a system that enables confidential and...
See More →
Speakers
avatar for Marcela Melara

Marcela Melara

Research Scientist, Intel Corporation
Marcela Melara is a research scientist at Intel making distributed and cloud systems more trustworthy. Her current work focuses on developing solutions for high-integrity software and AI supply chains. She leads a number of internal, academic and open-source projects on supply chain... Read More →
avatar for Eman Abu Ishgair

Eman Abu Ishgair

Graduate Research Assistant, Purdue University
PhD candidate in ECE @ Purdue, working on software supply chain security
Thursday May 21, 2026 3:10pm - 3:25pm CDT
101E
  Securing the Software Supply Chain

3:25pm CDT

Break
Thursday May 21, 2026 3:25pm - 3:45pm CDT
101C+D
- Rice Crispy Bars (GF)
- Potato Chips (GF, Vg)
- French Onion Dip (V, GF) 
Thursday May 21, 2026 3:25pm - 3:45pm CDT
101C+D
  Registration / Breaks & Networking

3:45pm CDT

Verification Toward Applying SLSA in Automotive IVI Software Development - Yuta Kiyoumi & Takashi Ninjouji, Honda Motor Co., Ltd.
Thursday May 21, 2026 3:45pm - 4:00pm CDT
101E
In automotive software development—such as IVI (In-Vehicle Infotainment) software—many layers of the supply chain are involved, including automotive OEMs and Tier‑1 suppliers. Automotive OEMs, in particular, are required to manage a complex and multi‑layered software supply chain under strict safety and regulatory constraints. To evaluate supply chain security efforts within software...
See More →
Speakers
avatar for Yuta KIYOUMI

Yuta KIYOUMI

Security Architect for IVI software development, HONDA MOTOR CO.,LTD.
Yuta Kiyoumi is the Security Architect for IVI software development at Honda Motor Co., Ltd. He also serves as a member of the Honda OSPO promoting secure OSS adoption, and participates as a member of the OpenSSF.
avatar for Takashi Ninjouji

Takashi Ninjouji

Chief Engineer, Honda Motor Co., Ltd.
Takashi Ninjouji is a Chief Engineer at Honda Motor Co., Ltd., with a focus on Software-Defined Vehicles (SDV). He is a manager of the Open Source Program Office (OSPO). His interests also include AI-assisted engineering automation.
Applying SLSA by Kiyoumi Ninjouji OpenSSF Community Day NA26 pdf
Thursday May 21, 2026 3:45pm - 4:00pm CDT
101E
  Securing the Software Supply Chain
  • Slides Attached Yes

4:05pm CDT

What Are Web Developers Doing About Security? - Daniel Appelquist, Samsung
Thursday May 21, 2026 4:05pm - 4:15pm CDT
101E
The W3C SWAG community group (which is linked with the OpenSSF Best Practices working group) recently ran a survey of web developers to see what web security features and technologies web developers are using and how they're using them. This talk will be a brief introduction to SWAG, an overview of the surprising results, and what it means for the work ahead. I will also touch on the topic of how...
See More →
Speakers
avatar for Dan Applequist

Dan Applequist

Open Source Strategist, Samsung

SWAG deck for OpenSSF Day NA 2026 pdf
Thursday May 21, 2026 4:05pm - 4:15pm CDT
101E
  Case studies and real-world experiences
  • Slides Attached Yes

4:20pm CDT

Quantum Proofing Sigstore: A Tale of Three Approaches - Kevin Conner, Red Hat
Thursday May 21, 2026 4:20pm - 4:40pm CDT
101E
Implementing post quantum cryptography in supply chain security requires decisions beyond algorithm selection, with trade offs impacting performance and storage. This talk explores three approaches for adding PQC into Sigstore, the open standard for signing and verifying artifacts. The first maintains classical certificates, adding PQC signatures to transparency log inclusion proofs. The second...
See More →
Speakers
avatar for Kevin Conner

Kevin Conner

Senior Principal Software Engineer, Red Hat
Kevin is a Senior Principal Software Engineer at Red Hat's Trusted Artifact Signer team, working on Sigstore projects. Previously Chief Engineer at GetUp Cloud, focusing on Kubernetes and DevSecOps, he's worked at startups and major companies like Sun Microsystems and Red Hat, leading... Read More →
Post Quantum Cryptography in Sigstore OpenSSF Community Day NA26 pdf
Thursday May 21, 2026 4:20pm - 4:40pm CDT
101E
  Enhancing Security Tools

4:45pm CDT

AI as Security Orchestrator: An Introduction To Darnit - Michael Lieberman, Kusari
Thursday May 21, 2026 4:45pm - 5:00pm CDT
101E
There's a million security tools, specifications, formats, models, schemas, and the list goes on. The problem of keeping up to date on security best practices seems insurmountable even for experienced practitioners. The problem is even worse for your average open source developer who wants to focus on features, not integrating the latest security and compliance tooling. In this talk you'll how...
See More →
Speakers
avatar for Michael Lieberman

Michael Lieberman

CTO, Kusari
Michael Lieberman is co-founder and CTO of Kusari where he helps build transparency and security in the software supply chain. Michael is an active member of the open-source community, co-creating the GUAC and FRSCA projects and co-leading the CNCF’s Secure Software Factory Reference... Read More →
Thursday May 21, 2026 4:45pm - 5:00pm CDT
101E
  AI and ML in Security

5:05pm CDT

Keynote: OSS-CRS: Next Generation Bug-Finding and Remediation for the LLM Era - Andrew Chin, Georgia Institute of Technology
Thursday May 21, 2026 5:05pm - 5:25pm CDT
101E
The AI Cyber Challenge demonstrated that AI-powered Cyber Reasoning Systems (CRS) can autonomously find and fix software vulnerabilities at scale. But how do we take those advancements and make them accessible to the broader security community? Enter OSS-CRS: an open-source, standardized framework designed to accelerate the development of AI-assisted bug-finding and remediation systems. In this...
See More →
Speakers
avatar for Andrew Chin

Andrew Chin

Ph.D. Student, Georgia Institute of Technology
Andrew is part of Team Atlanta, the winning team in the AIxCC finals competition at DEF CON 33.

He is currently a Ph.D. student at the Georgia Institute of Technology, working with Prof. Taesoo Kim at the Systems Software & Security Lab. Building on the work from AIxCC, Andrew is leading a Team Atlanta effort — in partnership with the OpenSSF — to strengthen the security... Read More →
OSS CRS OpenSSF Community Day 2026 pdf
Thursday May 21, 2026 5:05pm - 5:25pm CDT
101E
  Keynote Sessions

5:25pm CDT

Closing Remarks
Thursday May 21, 2026 5:25pm - 5:30pm CDT
101E

Thursday May 21, 2026 5:25pm - 5:30pm CDT
101E
  Keynote Sessions
 
  • Filter By Venue
    Minneapolis, MN, USA
    All
    101C+D
    101E
    Ballroom Lobby
  • Filter By Type
    AI and ML in Security
    Case studies and real-world experiences
    Enhancing Security Tools
    Keynote Sessions
    All
    Implementation Success Stories
    Securing the Software Supply Chair
    OSS Signatures and Verification
    Registration / Breaks & Networking
    Securing the Software Supply Chain
  • Slides Attached
    Yes
  • Timezone

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Thursday, May 21
101C+D
101E
Ballroom Lobby
  • AI and ML in Security
  • Case studies and real-world experiences
  • Enhancing Security Tools
  • Keynote Sessions
  • OSS Signatures and Verification
  • Registration / Breaks & Networking
  • Securing the Software Supply Chain
  • Slides Attached
  • Yes