Ram Iyengar, OpenSSF

Showcase on how tools can be used to make informed decisions about open source projects used in building products to allow engineers to build freely and compliance to be maintained without compromise

Sjoerd van Leent, Aliander N.V.

Lighning talk on how to set up a pipeline for building sofware deliverables with integrated verification of license and security compliance alongside signing and attestation of the deliverable based on experience with Tekton, DependencyTrack, Syft and Cosign

David Hirsch, Dynatrace

What are early signs that a project or community is stagnating? Who should be responsible for naming decline? or Why is ending a project seen as failure? This lighning talk explores how to recognize early signals of declining momentum and how to respond responsibly. Participants will discuss whether graceful shutdown is a leadership skill, who has the authority to make such decisions, and how fear of failure often prolongs unhealthy project states.

Jan van den Berg, Ahold Delhaize A practical introduction to the OSPO Book, guiding open source managers through its core chapters on strategy, governance, policy, compliance, security, community engagement, and metrics to help organizations build and mature their open source management practices

Gina Plat, Dutch Ministry of Interior and Kingdom Relations

Lightning talk on how open source is done in practice within the dutch public sector showcasing two projects: Dutch Government Codeplatform, a shared development environment based on Forgejo designed to modernize software development processes, facilitate cloud deployment, and simplify open-sourcing; and MijnBureau, a sovereign open-source workspace for government agencies that builds upon the La Suite/OpenDesk initiatives from the French and German governments

Natali Vlatko, Cisco | Mirko Boehm, Linux Foundation Europe

The EU CRA has several effects on open source foundations and the consumers of open source projects. In this discussion I would like to discover CNCF staff's thoughts about CRA and how CNCF will fulfill the steward obligations and if CNCF will support the manufacturer due diligence with voluntary attestation? How the CRA steward obligations will effect a CNCF project? Will CNCF provide voluntary attestation on the CNCF projects? Will attestation be mandatory for certain maturity level in CNCF?

Sebastian Grüner, E.on

As distributed corporate enterprise and CNCF enduser we use a lot of CNCF projects internally on a large scale. But in contrast to that the rate of employees that are interested in project specific trainings and certifications has remained extremely low. How do you provide trainings on scale?; How do you handle the cost and cost-distribution involved?; How do you approach engineers and engineering managers about open source specific trainings?; Do you have internal engagement with engineers about training opportunities?

Thomas Steenbergen, AboutCode Foundation and SIVON OSPO

As more organizations embrace open source, the challenge shifts from mere participation to effective scaling: how do large enterprises contribute meaningfully to open source ecosystems like Cloud Native while ensuring regulatory compliance, security, collaboration, and internal alignment? In this session, we’ll explore strategies and lessons learned from fostering open source contributions among hundreds, if not thousands, of developers and teams. Discussion points will include developing effective governance frameworks, balancing company objectives with community values, and navigating legal and compliance barriers without hampering engineering progress. We'll also delve into strategies for sustaining key technologies that are critical to the organization’s success.