Open Source Summit + AI_dev Japan 2024: Full Schedule

October 28-29, 2024 | Tokyo, Japan
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit + AI_dev Japan 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Japan Standard Time (UTC +9). To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.

arrow_back View All Dates

07:30 JST

Registration & Badge Pick-Up

Tuesday October 29, 2024 07:30 - 16:40 JST

Main Foyer

Tuesday October 29, 2024 07:30 - 16:40 JST
Main Foyer

Special Events / Exhibits / Breaks

09:00 JST

Keynote Sessions: To Be Announced

Tuesday October 29, 2024 09:00 - 10:25 JST

Main Hall

Tuesday October 29, 2024 09:00 - 10:25 JST
Main Hall

Keynote Sessions

10:25 JST

Coffee Break

Tuesday October 29, 2024 10:25 - 11:10 JST

Special Events / Exhibits / Breaks

10:25 JST

Sponsor Showcase

Tuesday October 29, 2024 10:25 - 15:50 JST

Solutions Showcase

Tuesday October 29, 2024 10:25 - 15:50 JST
Solutions Showcase

Special Events / Exhibits / Breaks

11:10 JST

Monsters in the Deps: How to Protect Your AI/ML Systems from Supply Chain Attacks - Erin Glass & Patrick Smyth, Chainguard

Tuesday October 29, 2024 11:10 - 11:50 JST

Hall B (4)

Love developing AI/ML systems, but don’t want to become the next front-page cyberattack? We got you! In this fast-paced, meme-a-liscious, hands-on workshop, we’ll take a deep dive into the murky waters of the AI/ML supply chain, explore its many threats and terrors, and then – with our trusty box of supply chain security tools – build an island of safety for our AI/ML systems! Participants will come away with the skills and knowledge to significantly improve AI/ML supply chain security at their organization, as well as the unpleasant awareness about what might happen if the industry doesn’t do the same. Sorry! Hands-on activities will include vulnerability scanning, creating/consuming SBOMs/AIBOMs, digital signing using Sigstore tools, and provenance tracking. We will also provide a conceptual background on AI/ML supply chain components, attack categories, and global regulation and standards related to AI/ML security. Led by software supply chain and AI deployment experts at Chainguard, this workshop will enable participants to harden their AI/ML systems and evangelize others to do the same.

Speakers

Erin Glass

Senior Product Manager, Chainguard

Dr. Erin Glass is a product manager at Chainguard, where she focuses on supply chain security education and meme R&D. She has published widely in developer education and other digital topics, including the courses Securing the AI/ML Supply Chain and Painless Vulnerability Management... Read More →

Patrick Smyth

Staff Developer Relations Engineer, Chainguard

Dr. Patrick Smyth is Staff Developer Relations Engineer at Chainguard, where he shows developers how to deploy AI and other applications with 0 CVEs using Chainguard Images. Patrick has a PhD in the digital humanities and in a previous life led technical bootcamps for researchers... Read More →

Tuesday October 29, 2024 11:10 - 11:50 JST
Hall B (4)

AI_dev

Audience Beginner

11:10 JST

Deep-Dive in VirtIO: Virtualized AGL with VirtIO to Achieve Cloud-Native Environment Parity - Kazuki Kuzu, Panasonic Automotive Systems Co., Ltd.

Tuesday October 29, 2024 11:10 - 11:50 JST

Hall B (3)

VirtIO, a widely adopted device virtualization technology, is becoming increasingly important in the trend of Software-Defined Vehicles. It decouples operating systems from physical devices, paving the way for hardware agnostic software to function seamlessly across diverse environments, be it cloud-based or on various automotive edges. In this presentation, we'll be taking a deep-dive into the technical essences of VirtIO-based device virtualization. We will also explore how to leverage this technology to build and deploy the same Automotive Grade Linux (AGL) virtual machine binary on both cloud and automotive hardware platforms. This session is recommended for developers and architects looking to gain a comprehensive understanding of VirtIO and its practical applications in an automotive cloud-native environment. By attending, you will gain valuable insights into how to achieve environment parity using VirtIO, and understand its vital role in the future of Software-Defined Vehicles.

Speakers

Kazuki Kuzu

Engineer, Panasonic Automotive Systems Co., Ltd.

Kazuki Kuzu has five years of experience at Panasonic Automotive Systems Corporation, focusing on the development and research of virtualization for automotive embedded operating systems. He is committed to contributing to the field of automotive software. Outside of work, He enjoys... Read More →

Tuesday October 29, 2024 11:10 - 11:50 JST
Hall B (3)

Automotive Linux Summit

Audience Advanced

11:10 JST

Exploring Best Practice for Implementing Authn and Authz in a Cloud-Native Environment - Yoshiyuki Tabata, Hitachi

Tuesday October 29, 2024 11:10 - 11:50 JST

Hall A (3)

Authn/authz are some of the most important considerations for cloud-native applications, which is clear from OWASP Top 10, and at the same time, these are big challenges for many implementers today. Fortunately, regarding "authn," there are standards such as OpenID Connect and there is a CNCF project, Keycloak, so the concerns are somewhat alleviated. On the other hand, regarding "authz," there was no clear standard, and there are several superior OSSs such as OPA, OpenFGA, and Topaz, so implementers are faced with a difficult choice.
Currently, OpenID Foundation AuthZEN WG works on authz standards, and it is difficult to predict the situation after the standards are established, which also makes the choice difficult.
In this session, Yoshiyuki Tabata introduces how to authorize requests using the OSSs including the AuthZEN perspective, and integrate them with Keycloak. It helps implementors explore a best practice for implementing authn/authz in a cloud-native environment.

Speakers

Yoshiyuki Tabata

Senior OSS Consultant, Hitachi

Yoshiyuki Tabata is a Senior OSS Consultant at Hitachi, Ltd, responsible for IAM and API-related solutions. As an authentication and authorization expert, he has provided numerous consultations, for example, designing and building API/SSO systems in various fields such as finance... Read More →

Tuesday October 29, 2024 11:10 - 11:50 JST
Hall A (3)

CloudOpen

11:10 JST

Revolutionizing Cross-Platform AI in Containers: The Future with WebGPU - Aditya Soni, Forrester & Seema Saharan, Autodesk

Tuesday October 29, 2024 11:10 - 11:50 JST

Hall A (2)

This talk explores groundbreaking methods for enhancing cross-platform AI workloads within container ecosystems. The focus will be on integrating the WebGPU standard into containers, enabling them to utilize host GPUs and other AI accelerators through a flexible API. This approach eliminates the need for creating container images specific to individual GPU vendors and their proprietary drivers. Explore 1. How the WasmEdge project leverages the WebGPU standard to develop portable LLM inference applications in Rust. 2. How containers can efficiently manage and orchestrate these applications, simplifying AI deployment across diverse environments.

Speakers

Seema Saharan

Site Reliability Engineer, CNCF Ambassador, Autodesk

Meet Seema, the tech whiz at Autodesk. She's not just about fixing things – she loves sharing what she knows! Whether speaking at cool events like GitLab Commit, and GitHub Universe or breaking down tech on her YouTube channel, Seema makes the complicated stuff easy and fun. Join... Read More →

Aditya Soni

DevOps Engineer ll, CNCF Ambassador, Forrester

Aditya Soni is a DevOps/SRE tech professional He worked with Product and Service based companies including Red Hat, Searce, and is currently positioned at Forrester Research as a DevOps Engineer II. He holds AWS, GCP, Azure, RedHat, and Kubernetes Certifications.He is a CNCF Ambassador... Read More →

Tuesday October 29, 2024 11:10 - 11:50 JST
Hall A (2)

ContainerCon

Audience Any

11:10 JST

Desktop Linux War Stories - Anna Aitchison, Callcare

Tuesday October 29, 2024 11:10 - 11:50 JST

Hall A (4)

Linux is incredibly versatile, being a major player in server, mobile and embedded systems, yet your average person can comfortably live their entire life never even seeing a desktop or laptop running Linux. It's hard enough for individual users to overcome this intertia, but it's even harder for organisations. Implementing desktop Linux reaps rewards like digital sovereignty, security, cost reductions and more, but it takes you out of the cozy Windows ecosystem. This talk is an high level overview of what a corporate journey to desktop Linux can look like, the problems that have to be solved along the way, from provisioning to configuration management and most importantly why these migrations fail. It will draw on the speaker's experiences of managing a Linux Desktop estate, and from the wider community.

Speakers

Anna Aitchison

Senior DevOps Engineer, Callcare

Anna is a Senior DevOps Engineer at the British callcentre outsourcer Callcare, working with their Kubernetes private cloud and Linux infra as well as supporting their introduction of AWS into the estate. She is an experienced and passionate speaker, having given 15+ talks, at events... Read More →

Tuesday October 29, 2024 11:10 - 11:50 JST
Hall A (4)

LinuxCon

Audience Intermediate

11:10 JST

Surviving Project Abandonment: Meteor.js Case Study - Jan Dvorak, Literary Universe

Tuesday October 29, 2024 11:10 - 11:50 JST

Hall A (1)

When a project is abandoned by its inventors, core contributors, and the most prolific community members, it often spells the end. Yet, Meteor.js managed to rebound from the brink of oblivion. This talk explores the critical factors that led to Meteor's fall from being one of the hottest new projects to its near-demise and the remarkable turnaround. We'll delve into the issues that created the crisis, and more importantly, the strategies and actions that enabled a successful comeback. The discussion will cover the pivotal errors that contributed to the project's initial decline and the challenges faced by the community in reviving Meteor, including the lack of comprehensive internal documentation. We will examine the solutions that facilitated the recovery, while also addressing the ongoing challenges and unresolved issues within the Meteor community. Finally, we will explore practical steps and tools you can employ to safeguard your own open-source projects from similar pitfalls.

Speakers

Jan Dvorak

Founder & CEO, Literary Universe

Born in Prague, Czechia, Jan finished his Masters in IT at Rochester Institute of Technology in 2016 and shortly thereafter became involved in the Meteor.js community and OSS in general. Since then, he has been increasingly involved in OSS (Meteor in particular) as a contributor... Read More →

Tuesday October 29, 2024 11:10 - 11:50 JST
Hall A (1)

Open Source Leadership Summit

Audience Beginner

11:10 JST

What's Happening in Japan? The Current Situation of SBOM - Ayumi Watanabe, Hitachi Solutions, Ltd.

Tuesday October 29, 2024 11:10 - 11:50 JST

Main Hall

This is an updated version of my previous CFP for OSS Summit EU. I will add deeper analysis of unique supply chain issues of Japan and SBOM best practice of Japanese companies. It would be a special insight of current SBOM practice of Japan. I believe this is a best topic to be discussed at OSS Summit Japan. Three years have passed since the issuance of the U.S. Executive Order (EO #14028), the adoption of SBOM in Japan has gradually progressed. Japanese companies are learning the minimum elements of SBOM which was published by NTIA, and are converting to a development process that takes automated SBOM generation into account. In July 2023, the Ministry of Economy, Trade, and Industry (METI) published a guide on the introduction of SBOM for software management, then the second version is scheduled to be released this summer. In this session, Ayumi Watanabe, a Japanese SBOM evangelist and an advisor to METI's SBOM PoC project, will discuss the status of SBOM in Japan, including the content of METI's guidelines, and the maturity and challenges of SBOM implementation in Japanese companies.

Speakers

Ayumi Watanabe

SBOM Evangelist, Hitachi Solutions, Ltd.

Ayumi Watanabe is a Senior OSS Specialist of Hitachi Solutions, Ltd.. She is also a core member of OpenChain Japan and known as a SBOM evangelist appointed by the Linux Foundation Japan. Her strong point is a knowledge of many tools for SBOM generation and management, a wide range... Read More →

Tuesday October 29, 2024 11:10 - 11:50 JST
Main Hall

SupplyChainSecurityCon

Audience Any

12:00 JST

Exploring Pillars of Trustworthy AI: Robustness and Fairness - Niharika Shrivastava, Workforce Optimizer

Tuesday October 29, 2024 12:00 - 12:40 JST

Hall B (4)

Due to the ever-increasing adoption of AI into the lives of daily users, trustworthy AI is of utmost priority. Even though advocates of AI globally have started talking about ethical considerations during ML model building, in reality, very few people know how to create robust, privacy-preserving, and fair AI models. In this talk, I'll explore 2 concrete technical concepts of trustworthy AI, namely ensuring robustness and fairness in ML models. Robustness: 1. Attendees will go through an in-depth understanding of critical vulnerabilities of common AI models and how to exploit them to adversarially attack the model (e.g., inference attacks, data poisoning). 2. This will be followed by simple defence strategies to increase robustness (e.g., gradient obfuscation, transformations). 3. This will be further followed by adaptive attacks on previous defence strategies thereby motivating the concept of certified robustness of AI models. Fairness: 1. Attendees will get to know how they can unconsciously encode bias (representational bias, model bias, etc) during training AI models. 2. This is followed by strategies to correct this bias using domain knowledge to create fair AI models.

Speakers

Niharika Shrivastava

Data Scientist, Workforce Optimizer

Niharika's current interests lie in NLP and Applied Data Science. She holds a Master's in AI from the National University of Singapore. She was also an Outreachy fellow for The Fedora Project and has been the recipient of multiple awards such as the Red Hat Women in Open Source Award... Read More →

Tuesday October 29, 2024 12:00 - 12:40 JST
Hall B (4)

AI_dev

Audience Intermediate

12:00 JST

Volvo Cars' OSPO Journey - Drive OSS Maturity Level - Mary (Meixia) Wang, Volvo Car Corporation

Tuesday October 29, 2024 12:00 - 12:40 JST

Hall B (3)

we would like to share with audience about volvo cars' open source journey, and how we drive open source maturity within Volvo Cars.

Speakers

Meixia Wang

Director of Open Source Ecosystem, Volvo Car Corporation

Mary Wang is the Director of Open Source Ecosystem of Volvo Car Corporation. Her professional accomplishments include initiating open source project, forming and built OSPO for Volvo Cars. Before this, Mary was a subject matter expert configuration manager and was responsible for... Read More →

Tuesday October 29, 2024 12:00 - 12:40 JST
Hall B (3)

Automotive Linux Summit

Audience Beginner

12:00 JST

A Case Study in API Cost of Running Analytics in the Cloud at Scale with an Open-Source Data Stack - Bin Fan & Hope Wang, Alluxio

Tuesday October 29, 2024 12:00 - 12:40 JST

Hall A (3)

The migration of data-intensive analytics applications to cloud-native environments promises enhanced scalability and flexibility but introduces complex cost models that pose new challenges to traditional optimization strategies. While on-premises setups focused on speed, cloud deployments require a more nuanced approach, factoring in cloud storage operations costs, which can escalate rapidly in real-world scenarios. In this presentation, Bin will analyze these challenges through a case study on Uber's large deployment analytics SQL platform on HDFS and GCS. They will show their findings of unexpected cost implications with standard I/O optimizations like table scans, filters, and broadcast joins when implemented in cloud environments. He will also highlight the need for a paradigm shift in optimizing data-intensive applications for the cloud and advocate for developing new I/O strategies, balancing performance and costs while tailored to cloud ecosystems' unique demands.

Speakers

Hope Wang

Developer Advocate, Alluxio

Hope Wang is a Presto Contributor and a Developer Advocate at Alluxio. She has a decade of experience in Data, AI, and Cloud. An open-source contributor to PrestoDB, Trino, and Alluxio, she currently works at Alluxio as a developer advocate and previously worked in venture capital... Read More →

Bin Fan

VP of Technology, Alluxio

Bin Fan is the founding engineer and VP of Technology at Alluxio, Inc. Prior to Alluxio, he worked for Google to build the next-generation storage infrastructure. Bin received his Ph.D. in Computer Science from Carnegie Mellon University on the design and implementation of distributed... Read More →

Tuesday October 29, 2024 12:00 - 12:40 JST
Hall A (3)

CloudOpen

Audience Beginner

12:00 JST

Running Containers on a Resource Constrained Embedded Device - Jeff Shaw, Digi International

Tuesday October 29, 2024 12:00 - 12:40 JST

Hall A (2)

Security is paramount in today's online world. To enhance security, most small routers have a read only operating system and read write storage for configurations and general storage. Adding functionality usually requires uploading new firmware to the device which can be costly in both data charges and time. Wouldn't it be great to be able to maintain the security of a read only filesystem, but still be able to install new features? Containers are isolated from the host system, maintaining security, but are able to be installed in the read write portion of storage, or even run completely in RAM. The problem with containers is the resource requirements just to run said container. In this talk, we will demonstrate how a minimal, but fully functional container subsystem can be run on a small, resource constrained embedded device. We will show how containers enable edge computing where the user can run their own software on the device without compromising security, or needing to integrate their application with the host operating system. Containers can turn even the meekest of devices into an edge computing powerhouse!

Speakers

Jeff Shaw

Senior Principle Engineer and SoftwareAarchitect, Digi International

Jeff first started running Linux after an unknown student posted a message in the minix newsgroup asking for people to have a look at his minix clone. He hasn't looked back since. He has spent his entire career using Linux, which has culminated in his current position as senior principle... Read More →

Tuesday October 29, 2024 12:00 - 12:40 JST
Hall A (2)

ContainerCon

Audience Any

12:00 JST

Analyzing Your System with Tracing Libraries - Steven Rostedt, Google

Tuesday October 29, 2024 12:00 - 12:40 JST

Hall A (4)

trace-cmd is a front end tool to the tracefs infrastructure as well as ftrace (the mechanism that supplies function tracing). But like all tools, it's limited in what it can provide by the interface it has. Luckily, the guts of trace-cmd is being extracted into libraries. The libtracefs library is an interface to facilitate any application to access the tracefs kernel interface. This makes it easy for applications enable tracing of various events with various filters. Then there's the libtracecmd library that can be used for creating and reading the trace.dat file (the file that trace-cmd creates). By using this library, you can enable tracing on a system and then do offline analysis. Finally, there's a new library called libtraceeval that is used to help keep track of the interactions of various trace events. This talk will show some simple tools that utilize these libraries (for example, a tool that shows how much tasks are sleeping, blocked, running, and preempted). And also show i bit of the interface of the libraries to demonstrate how simple they really are.

Speakers

Steven Rostedt

Software Engineer, Google

Steven Rostedt currently works for Google on their ChromeOS team. Steven is the main developer and maintainer of ftrace, the official tracer of the Linux kernel, as well as the user space tools trace-cmd, the ftrace tracing libraries and co-maintainer of KernelShark. Steven is one... Read More →

Tuesday October 29, 2024 12:00 - 12:40 JST
Hall A (4)

LinuxCon

Audience Intermediate

12:00 JST

The Role of Open Source in the Telco Domain: How to Accelerate the Adoption? - Anuradha Udunuwara, Sri Lanka Telecom PLC

Tuesday October 29, 2024 12:00 - 12:40 JST

Hall A (1)

Telco operators/SPs are going through a massive transformation. This includes the imperative of DT & softwarization (SDN, NFV & cloud). While de-facto std. developing orgs. dominated the stds. space for telcos for years, lately we've seen the open source (OS) projects taking the lead in many of the nwk virtualization, automation, orchestration & telco cloud-related activities. As more control & programmability are abstracted towards SW layers in the telco stack, the use of cloud-native (CN) tech & tools has become unavoidable. But, unlike the OS communities, vendors, or enterprises, the telco adoption of OS and CN is much slower due to multiple reasons. These include cultural, educational & organizational challenges. I'd like to openly discuss these challenges & propose some solutions so that we all can collaborate to accelerate the OS and CN adoption in the Telco domain. My objective is to make OS and CN general & universal in the Telco domain for all operators/SPs, especially in developing economies.

Speakers

Anuradha Udunuwara

Sr. Engineer, Sri Lanka Telecom PLC

Anuradha is an expert in the field of Telecom & Tech and currently working as a Senior Engineer at Sri Lanka Telecom. He has 20Y+ of industry experience in strategy, architecture, engineering, design, planning, implementation, & maintenance of CSP/DSP Networks. He is actively involved... Read More →

Tuesday October 29, 2024 12:00 - 12:40 JST
Hall A (1)

Open Source Leadership Summit

Audience Any

12:00 JST

Trials and Tribulations of Updating Dependencies for Vulnerability Remediation - Xueqin Cui & Michael Kedar, Google

Tuesday October 29, 2024 12:00 - 12:40 JST

Main Hall

Developers are often faced with an overwhelming number of vulnerabilities reported against their dependencies. The best way to deal with this is to keep all dependencies up to date, however, this is not possible for everyone. There is a lot of work to get all dependencies up to date for older projects, or to figure out what dependencies and versions to update in response to vulnerabilities. The open source OSV project built a feature called “guided remediation” to automatically update dependencies while minimising breakages. Upgrades with greater number of vulnerabilities fixed at once are prioritised. Mechanisms such as vulnerability dependency depth are also developed to further help prioritise the work. While developing these functionality to tackle these problems, we discovered that this is not as easy as it sounds. There are complexities in every step of the whole process - from scanning project files, to resolving dependencies in ecosystems with complicated rules, to determining possible updates, to writing back to the files. This talk explores the many challenges faced within npm and Maven, their complicated rules, and potential solutions for wider ecosystem support.

Speakers

Xueqin Cui

Software Engineer, Google

Xueqin is a Software Engineer working on Google's Open Source Security team.

Michael Kedar

Software Engineer, Google

Michael is a Software Engineer working on Google's Open Source Security Team.

Tuesday October 29, 2024 12:00 - 12:40 JST
Main Hall

SupplyChainSecurityCon

Audience Intermediate

12:40 JST

Lunch Break

Tuesday October 29, 2024 12:40 - 14:00 JST

Special Events / Exhibits / Breaks

14:00 JST

Building a Thriving Open-Source AI Community with LF AI & Data Foundation - Vini Jaiswal, TikTok

Tuesday October 29, 2024 14:00 - 14:40 JST

Hall B (4)

Ever feel like contributing to groundbreaking AI projects but unsure where to start? Have a cool project that you are looking to find a neutral entity for? Through the session learn how the LF AI & Data foundation empowers open-source projects. Discover the framework to support for open development, governance models, and resources like legal assistance, marketing, and events. Gain exclusive updates from the LF AI and Data Technical Advisory Council (TAC). Learn about their vision, technical roadmap, success stories and how you can contribute. The session will cover practical tips and tricks to dive into project contributions, navigate the initiation process, and ultimately guide you towards project graduation. Also discover the diverse work streams within LF AI and Data foundation and how you can leverage your skills to make a real difference in the open-source AI community.

Speakers

Vini Jaiswal

Chair of Technical Advisory Council, Linux Foundation AI & Data

Vini Jaiswal is a renowned expert in AI and Data, acclaimed for her significant contributions to Apache Spark, MLflow, PrivacyGo and, notably, Delta Lake. Holding pivotal roles such as Chair of the Technical Advisory Committee (TAC) at Linux Foundation Data and AI, Governing Board... Read More →

Tuesday October 29, 2024 14:00 - 14:40 JST
Hall B (4)

AI_dev

Audience Beginner

14:00 JST

Possibility of Dynamic Rebalance in Multi-node HPC Vehicle Environment for SDV - Bucci Kawabuchi, EPAM

Tuesday October 29, 2024 14:00 - 14:40 JST

Hall B (3)

As SDV gains popularity, the importance of edge orchestration is being addressed. However, the automotive oriented limitation makes this pursuit difficult, as cloud-native technologies sometimes might not be so suitable in such context.

In this session, I'd like to highlight our case with the years of building AosEdge (https://aosedge.tech/), where we started from noticing the need of vehicle-limitation-oriented orchestration tool, enabling mixed-criticality orchestration with unikernel realized by Zephyr RTOS and Xen hypervisor, and then on to adhering the operational scalabity needed from industry perspectives.

Especially, the dynamic rebalance in multi-node vehicle environment opens more possibilities foreseeing the upcoming SDV era, where user experience demand would increase while the vehicle resource would still be limited to some extent.

This session would be inspired by EPAM's Artem Mygaiev's previous presentations, adjusted to the local/global audience, with latest activity updates.

Speakers

Bucci Kawabuchi

Senior Business Analyst, EPAM

Previously a project manager at Japanese eVTOL startup, utilizing agile practices and team engagement to manage develop the new mobility platform of which the expertise ranges from structure, power train, avionics, aerodynamics to embedded software.

Tuesday October 29, 2024 14:00 - 14:40 JST
Hall B (3)

Automotive Linux Summit

14:00 JST

Careless Use of Memory-Backed Ephemeral Disks in Kubernetes Can Result in Node Crashes - Shu Muto, NEC Solution Innovators, Ltd.

Tuesday October 29, 2024 14:00 - 14:40 JST

Hall A (3)

Modern applications increasingly require the output of large files such as videos and images, and the generation of more comprehensive logs. As a result, the use of RAM disks - ephemeral disks backed by memory, which are faster than traditional HDDs and SSDs - has become more common. In Kubernetes, RAM disks can be utilized through the abstraction of memory-backed emptyDir, which is based on tmpfs. However, if used carelessly, memory-backed emptyDir can pose significant risks to the stability of the Kubernetes cluster. When used as storage, the use case differs from typical memory usage by applications. Sharing files between different applications can obscure the responsibility for file garbage collection, increasing the risk of files not being deleted. If tmpfs usage excessively consumes node memory, the application containers using this tmpfs may be killed. In some cases, the deletion of tmpfs might not be timely, leading to memory exhaustion and potentially causing node crashes. This talk will share risk mitigation strategies for node crashes from the perspectives of cluster administrators, namespace administrators, and application developers.

Speakers

Shu Muto

Open Source Strategy Professional, NEC Solution Innovators, Ltd.

Shu Muto is a maintainer for the Kubernetes Dashboard since Autumn 2019 and a chair for SIG UI. Previously, he contributed to the OpenStack Dashboard and its plugins as a core developer from 2015. Shu also develops WebRTC applications. He organizes Kubernetes Upstream Training Japan... Read More →

Tuesday October 29, 2024 14:00 - 14:40 JST
Hall A (3)

CloudOpen

Audience Intermediate

14:00 JST

Dynamic Scaling of GPUs for Container Apps with Composable Disaggregated Infrastructure for AI Era - Jin Hase & Lei Zhang, Fsas Technologies Inc.

Tuesday October 29, 2024 14:00 - 14:40 JST

Hall A (2)

As AI and ML become popular in container (K8s) environment, enormous computational resources are required more and more. On the other hand, efforts toward energy efficiency are also required for the realization of a sustainable society. It is expected to achieve the conflicting requirements that providing higher performance and reducing power consumption simultaneously. Recently, a new server architecture called Composable Disaggregated Infrastructure (CDI) is emerged. CDI can provide custom made servers by composing devices such as compute, memory, storage and GPU connected to PCIe or CXL switch fabric as a resource pool on demand. CDI can provide appropriate type and number of devices on demand depending on container workloads, therefore it would be a solution for this requirement. However, there is currently no standard way to control CDI from K8s. In this talk, we show how K8s and CDI could be a solution. We provide CDI operator and its Custom Resource Definition. Also, we introduce advanced vertical and horizontal cluster auto scaler for CDI. We demonstrate how K8s dynamically attach or detach devices to nodes combined with Dynamic Resource Allocation (DRA) function.

Speakers

Jin Hase

Manager, Fsas Technologies Inc.

Jin Hase has been tuning the performance of servers and operating systems, designing and building systems for K8s. In recent years he has led the OSS development teams for K8s and Linux. For a new architecture called Composable Disaggregate Infrastructure, he tries to establish how... Read More →

Lei Zhang

Engineer, Fsas Technologies Inc.

Lei Zhang is an engineer at Fsas Technologies Inc. Core Product Business Unit., where he is involved with system software development for high performance computing. He has been participated in the development of the Fugaku supercomputer, Japan’s latest flagship supercomputer. For... Read More →

Tuesday October 29, 2024 14:00 - 14:40 JST
Hall A (2)

ContainerCon

Audience Intermediate

14:00 JST

Lessons Learned on Following Security Best Practices in Zephyr - Kate Stewart, The Linux Foundation

Tuesday October 29, 2024 14:00 - 14:40 JST

Meeting Room 1

When the Zephyr project(https://zephyrproject.org/) launched in 2016, the lack of standardized security best practices in the IoT market segment was a known problem. It was one of the goals the project wanted to address, and started working on from before day 1. This talk will go through the journey of the last 8 years of applying known best security practices to an open source project, including becoming a CVE Numbering Authority, and forming a PSIRT team from volunteers from different companies. This team has been managing embargo windows, bulk vulnerability reports as well as the occasional vulnerability reported from the community. It is possible for open source projects to follow Security Best Practices and this talk will let others leverage the key lessons that Zephyr has learned over time.

Speakers

Kate Stewart

VP Dependable Embedded Systems, Linux Foundation

Kate Stewart works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. Since joining The Linux Foundation, she has launched the ELISA and Zephyr Projects, as well as supporting other embedded projects... Read More →

Tuesday October 29, 2024 14:00 - 14:40 JST
Meeting Room 1

Embedded IoT Summit

Audience Intermediate

14:00 JST

The Year in Open Source Security - Marta Rybczynska, Ygreky

Tuesday October 29, 2024 14:00 - 14:40 JST

Hall A (4)

This year, we have seen several events related to Open Source security. Marta will inventory the main events and show us what we have learned. - The xz backdoor scandal shed light on sole maintainers and the risks to their projects yet again. - The Linux kernel and several other projects have become CVE Numbering Authorities (CNAs). At the same time, the National Vulnerability Database (NVD) database is facing difficulties. - The SBOM generation is rising, and people are discussing how to actually use that generated data. And SPDX3 has been released. - The European mandatory cyber security regulation Cyber Resilience Act is reaching completion, with similar laws showing up around the world - Without forgetting a list of vulnerabilities, exploited or not

Speakers

Marta Rybczynska

Founder, Ygreky

Marta Rybczynska has a network security background, with 20 years of experience in Open Source. She has worked with embedded operating systems like Linux and various real-time OSes, and with system libraries and frameworks up to user interfaces. She has been involved in various Open... Read More →

Tuesday October 29, 2024 14:00 - 14:40 JST
Hall A (4)

LinuxCon

Audience Intermediate

14:00 JST

Empowering Growth: The Community-Driven Roadmap for Open Source Companies - Khushboo Verma, Appwrite

Tuesday October 29, 2024 14:00 - 14:40 JST

Hall A (1)

Are you struggling to scale your open-source product? You're not alone. Traditional business models don't always fit the community-driven world of open source. Join me in this talk as we explore the essential components of a community-driven roadmap for open-source companies. We will discuss the importance of inclusivity, clear communication, and creating a welcoming environment for contributors through engaging initiatives and effective use of platforms. We will evaluate different options for community platforms and explore how community appreciation initiatives like awards and giveaways can be more than just token gestures, serving as powerful tools to incentivise participation and foster a sense of appreciation among community members. Moreover, we'll discuss the art of incorporating valuable feedback from the community into the development process, leading to more robust projects and a shared sense of ownership. Drawing on real-world examples and experiences, this talk will equip you with actionable insights to chart a course for your open-source company's success through a community-driven approach.

Speakers

Khushboo Verma

Platform Engineer, Appwrite

Khushboo is a Software Engineer and is passionate about technology and building communities. She has previously worked at Microsoft and Adobe. Having a passion for public speaking, she has delivered talks at over 100 events, including Microsoft Build and PyCon India and has a solid... Read More →

Tuesday October 29, 2024 14:00 - 14:40 JST
Hall A (1)

Open Source Leadership Summit

Audience Beginner

14:00 JST

Analysis of and Lessons from the Xz-Utils Vulnerability – What Might Come Next? - Taku Shimosawa & Atsuya Kato, Hitachi, Ltd.

Tuesday October 29, 2024 14:00 - 14:40 JST

Main Hall

The xz-utils vulnerability has attracted attentions from every person who are involved in not only open-source software but also any form of software that is built with a collaboration of developers. The vulnerability, or rather the social engineering attack has combined multiple attack techniques: maintainer takeover, obfuscated trigger code, and binary files pretending sample archives, and targeted Linux distributions, which are fundamental in the current software supply chain. In this session, Taku aggregates multiple existing analyses about the vulnerability, and explains how the attack was performed with a progress of the incident as well as technology details of the malicious source code and binary. Taku also presents a potential risk of similar incidents in open-source repositories by using some utilities including OpenSSF’s Scorecard and Criticality Score. This session would suggest what kind of attacks would come next for the software industry and would be mitigated or coped with.

Speakers

Atsuya Kato

Researcher, Hitachi, Ltd.

Taku Shimosawa

Chief Researcher, Hitachi, Ltd.

Taku Shimosawa is a chief research at Hitachi, Ltd. He has contributed to the Hyperledger community, and has recently joined OpenSSF.

Tuesday October 29, 2024 14:00 - 14:40 JST
Main Hall

SupplyChainSecurityCon

Audience Any

14:50 JST

Bringing AI on-Device: From Cloud to Edge - Catalin Vasile, Adobe

Tuesday October 29, 2024 14:50 - 15:30 JST

Hall B (4)

Step into the future of AI as we break free from the constraints of cloud-based processing and unlock the immense potential of edge computing. This cutting-edge talk explores the revolutionary shift of AI from centralized data centers to the devices in your pocket, on your wrist, and all around you. Discover how this paradigm shift is not just changing the game – it's rewriting the rules. We'll journey through the landscape of on-device AI, revealing how it's transforming user experiences, supercharging privacy, and pushing the boundaries of what's possible in real-time applications. From smart homes to autonomous vehicles, from augmented reality to personalized healthcare – learn how on-device AI is the key to unlocking a world of intelligent, responsive, and secure applications.

Speakers

Catalin Vasile

Senior Computer Scientist, Adobe

Catalin is a Senior Computer Scientist at Adobe, surfing the clouds in the world of distributed systems and managing resilient high-scale solutions as part of the Cloud Platform team.

Tuesday October 29, 2024 14:50 - 15:30 JST
Hall B (4)

AI_dev

Audience Intermediate

14:50 JST

AGL VSS Proxy and Gateway Demo Walkthrough - Scott Murray, Konsulko Group

Tuesday October 29, 2024 14:50 - 15:30 JST

Hall B (3)

The AGL vehicle to cloud (V2C) expert group has been working for the past year towards the creation of a Vehicle Signal Specification (VSS) to MQTT proxy. This presentation will walk through the architecture and features of the new agl-vss-proxy daemon, as well its integration into the gateway demo that was shown at Embedded World 2024.

Speakers

Scott Murray

Principal Software Engineer, Konsulko Group

Scott has been a Linux user for almost 30 years, and has developed Linux based embedded products for almost 25 years at a variety of companies large and small. Currently, he works for Konsulko Group as a Principal Software Engineer, providing embedded Linux engineering services for... Read More →

Tuesday October 29, 2024 14:50 - 15:30 JST
Hall B (3)

Automotive Linux Summit

Audience Intermediate

14:50 JST

Computing Infrastructure for 2024 - Haruhisa Fukano, Fujitsu

Tuesday October 29, 2024 14:50 - 15:30 JST

Hall A (3)

Edge computing is an important technology for a data-driven society that makes decisions in real time from data. LF Edge, a project of The Linux Foundation, is working to establish an open and interoperable edge computing framework that is independent of hardware, processor, cloud, and OS. LF Edge is also focused on enabling edge AI because of the growing need for real-time AI processing. However, there are challenges to achieving an infrastructure that is both energy efficient and flexible, such as increasing data volumes, increasing the computational complexity of AI models, and meeting application-specific requirements. So we need innovation in infrastructure technology. Therefore, The Linux Foundation and THE IOWN GF signed a basic agreement in June 2023 to integrate the Linux Foundation’s software on the infrastructure proposed by IOWN GF to develop a common infrastructure that improves performance, reduces latency, and improves energy efficiency. Based on this agreement, we planned the IOWN GF/LF Edge Joint PoC to demonstrate the convergence of the two technologies and the performance improvements. This presentation describes the content of the PoC.

Speakers

Haruhisa Fukano

Manager, Fujitsu

Haruhisa Fukano is an architect and business planner for edge computing at Fujitsu. He leads the PoC project to develop the edge computing market. He also contributes to the ecosystem and open community for the spread and evolution of edge computing. He currently serves on the Technical... Read More →

Tuesday October 29, 2024 14:50 - 15:30 JST
Hall A (3)

CloudOpen

Audience Any

14:50 JST

Building Better CI/CD Pipelines with Buildpacks - Unnati Mishra, VMware by Broadcom & Akshat Khanna, Astuto.ai

Tuesday October 29, 2024 14:50 - 15:30 JST

Hall A (2)

Imagine a world where the hassles of configuring dependencies disappear, replaced by a streamlined and automated process. Buildpacks enable developers to focus on writing code instead of dealing with complex configurations. This session will unveil the secrets of Buildpacks, highlighting their capacity to seamlessly manage various languages, frameworks, and runtime environments. Discover how Buildpacks revolutionize your development pipeline, fostering consistency and efficiency. A sneak peek to our session: *Core principles & benefits of Buildpacks *Application packaging/deployment *Using Buildpacks to enhance collab across development teams Whether you're a seasoned CI/CD practitioner or a DevOps enthusiast, this session equips you with the knowledge to transform software development with Buildpacks. Join us to explore the exciting future and the impact of Buildpacks on the CI/CD landscape.

Speakers

Unnati Mishra

R&D Engineer Software 2, VMware by Broadcom

Unnati is working as a R&D Engineer Software 2 at VMware by Broadcom, India. Currently working with the Release Engg team of the Tanzu Kubernetes Grid. She has been active in Open Source community since 2019 and has also participated in many Hackathons, bagging prizes in few of them... Read More →

Akshat Khanna

Software Development Engineer 2, Angel One

Akshat Khanna is currently working as SDE 2, building Angel One Stock Trading Platform and previously worked as MTS 2 at VMware Tanzu. He has been working on Kubernetes solution for the edge and also actively contributing to open-source. He has good experience of developing products... Read More →

Tuesday October 29, 2024 14:50 - 15:30 JST
Hall A (2)

ContainerCon

Audience Beginner

14:50 JST

Secure and Encrypted Boot in Zephyr RTOS - Parthiban N, Linumiz

Tuesday October 29, 2024 14:50 - 15:30 JST

Meeting Room 1

MCUboot enables secure booting of Zephyr RTOS using asymmetric cryptographic signature verification with a public key. Typically, the hash of the public key is embedded within the MCUboot binary, ensuring its integrity. For enhanced tamper protection, this hash can also be securely stored and retrieved using hardware keys. Embedded SoCs, such as the i.MX RT, offer advanced security features like High Assurance Boot (HAB), Data Co-Processor (DCP), and Trusted Firmware-M (TF-M) for implementing TrustZone in SoCs like the nRF91. These features enable secure storage with hardware crypto acceleration or external security modules (e.g., TPM, EdgeLock) to store keys in a hardware vault. This presentation will explore MCUboot secure booting with hardware keys, using the NXP i.MX RT as an example. We'll delve into HAB for booting signed and encrypted MCUboot, establishing a hardware root of trust, and booting Zephyr RTOS using keys from OTP for verification. Additionally, we'll discuss using the TF-M backend and OTP for securely booting TrustZone-enabled SoCs.

Speakers

Parthiban

Engineer, Linumiz

With over 14 years of experience in software engineering, Parthiban founded Linumiz, a company that provides domain-neutral software services for U-Boot, Linux, and Zephyr, ranging from board bringup, board supported package, customization, device drivers, to over the air software... Read More →

Tuesday October 29, 2024 14:50 - 15:30 JST
Meeting Room 1

Embedded IoT Summit

Audience Beginner

14:50 JST

How to Make Open Source Work for Your Career - Sujata Tibrewala, Bytedance

Tuesday October 29, 2024 14:50 - 15:30 JST

Hall A (1)

If you're seeking visibility and recognition for your merits, there's no better place than open source to invest your time and energy. As the saying goes, 99% of bright minds are outside of your organization. Thus, by engaging with the right open source community, you increase your chances of collaborating with them. In this session, we'll discuss how you can leverage the visibility and relationships you cultivate in open source to secure your next job or achieve your career goals, whether it's transitioning into new technology, advancing in your current field, or refining your leadership skills.

Speakers

Sujata Tibrewala

Open Source Community and Ecosystems manager, Bytedance

Sujata leads a cross-functional, forum of open source leaders to ensure Alignment and a positive presence in communities for their 50+ Open source projects. She has grown developers' communities from scratch from 0 to thousands into vendor-neutral communities like Linux Foundation... Read More →

Tuesday October 29, 2024 14:50 - 15:30 JST
Hall A (1)

Open Source Leadership Summit

Audience Beginner

14:50 JST

Revolutionizing Container Security: Automated Vulnerability Patching with Copa - Anubhav Gupta, Akuity

Tuesday October 29, 2024 14:50 - 15:30 JST

Main Hall

Container image vulnerabilities pose significant security challenges. While tools like Grype and Trivy identify issues, efficient remediation remains a hurdle. Enter Copa, a groundbreaking CNCF project designed to automatically patch vulnerabilities within container images. Copa enables swift OS-level vulnerability remediation without upstream rebuilds, crucial for complex supply chains and third-party sources with delayed updates. It works with existing vulnerability scanners to streamline patching processes, reducing complexity and turnaround time. In this session, we’ll explore Copa’s integration with current workflows, its ability to patch images without requiring specific customizations, and support for containers without package managers, including distroless containers. Attendees will learn how Copa empowers DevSecOps teams to deploy secure containers faster and with greater confidence, minimizing exposure to potential threats. Join us to discover how Copa transforms container security, making automated patching accessible and effective for all practitioners.

Speakers

Anubhav Gupta

Software Engineer, Akuity

Anubhav works as a Software Engineer at Akuity. He is a graduated Summer 2023 batch LFX Mentee with the CNCF, where he worked on the Kubescape project. He is an active contributor to various CNCF projects including Kubescape and Copa. Anubhav has previously spoken at the Open Source... Read More →

Tuesday October 29, 2024 14:50 - 15:30 JST
Main Hall

SupplyChainSecurityCon

Audience Any

15:30 JST

Kate Stewart

VP Dependable Embedded Systems, Linux Foundation

Tuesday October 29, 2024 16:40 - 17:20 JST
Hall B (4)

AI_dev

Audience Intermediate

16:40 JST

The Emulation of AD Sensors in IVI Domain Over PCI Express (Ghost Device) - Kim Rain Woosung & Dongwoo Han, LG Electronics Inc.

Tuesday October 29, 2024 16:40 - 17:20 JST

Hall B (3)

[ How to extend AD Sensors to IVI Domain ] 1. Why we extend AD sensors to IVI Domain Can you image that AD sensors can be safely and securely used for IVI Domain, as well as Autonomous Driving ? 2. 3rd party eco system on AD Vehicle AD vehicle has more sensors then the one of smartphone, using them, we can create the more rich application in AD vehicle. 3. E/E Architecture and HPC for the future The communication between SoCs in HPC needs to have very high performance bus, and, now PCI Express is the best candidate. 4. Sensor Sharing and Functional Safety Ghost Device cannot control the physical sensor directly. So, basically there is no way for the cracker to make the high-level Security System harmful. 5. The concept of Ghost Device When numbers of SoC are weaved, a SoC needs to deal with another SoC as a kind of peripheral, because SoC is generally designed as a host of whole system. So, we need to define another SoC as a kind of peripheral, or abstract and emulate data from another SoC as one from peripherals. 6. How to implement it Using ntb_transport, NTRDMA, and ,Infiniband core, Ghost Device is implemented. 7. The example, Camera Sensor (demonstration is ready)

Speakers

Dongwoo Han

Researcher, LG Electronics Inc.

over 20 years, I has been system s/w engineer. Now, I'm working as IVI developer for LGE.

Woosung Kim

Task Leader, CTO div., LG Electronics

Software architect and task lead of the automotive high-performance computing and consolidation system at the vehicle onboard. Also digital twin and orchestration by cloud and multi-application processor on off-board. Currently, active at advanced technical PoC with SoC vendors and... Read More →

Tuesday October 29, 2024 16:40 - 17:20 JST
Hall B (3)

Automotive Linux Summit

Audience Intermediate

16:40 JST

Decoding Serverless and FaaS: Knative Vs. OpenFaaS Vs. Kubeless Vs. Pulumi - Nitin Rathee, Microsoft

Tuesday October 29, 2024 16:40 - 17:20 JST

Hall A (3)

"Decoding Serverless and FaaS: Knative vs. OpenFaaS vs. Kubeless vs. Pulumi" delves into the complexity of serverless computing and highlight the strengths of today’s most compelling open-source tools. We’ll dive deep into Knative’s seamless Kubernetes-native integration that automates scaling and manages workloads effortlessly, OpenFaaS’s intuitive interface that empowers developers to deploy multi-language functions, Kubeless’s straightforward approach to deploying functions as Kubernetes objects, and Pulumi’s innovative infrastructure as code that merges serverless capabilities with familiar programming languages. We will also compare these tools in real-world scenarios, providing clear guidance on when and why to choose each one based on specific project needs and operational goals. Whether you’re looking to streamline microservices, handle event-driven workloads, or simply enhance your development efficiency, this talk will provide you with the insights and practical comparisons you need to choose the right tool for your serverless journey. Let’s navigate the future of serverless together and empower our next big project!

Speakers

Nitin Rathee

Software Engineer 2, Microsoft

Nitin Rathee is a Software Engineer II at Microsoft and he graduated with distinction from the esteemed National Institute of Technology, India. His professional trajectory is marked by transformative contributions to cutting-edge projects that redefine the boundaries of technology... Read More →

Tuesday October 29, 2024 16:40 - 17:20 JST
Hall A (3)

CloudOpen

Audience Any

16:40 JST

Kubernetes WG-LTS: Why We Need LTS? - Yuiko Mori, NEC Corporation

Tuesday October 29, 2024 16:40 - 17:20 JST

Hall A (2)

Today, many companies are using Kubernetes in production environments, but there are various challenges in commercial use. One of the challenges is managing the Kubernetes cluster. Many companies are facing challenges related to Kubernetes version upgrades. According to a 2022 survey, most host systems run Kubernetes versions that are 18 months or more out of support. In this situation, the Kubernetes community launched the WG-LTS (Long Term Support Working Group) to promote Kubernetes LTS (Long Term Support). In this session, I will introduce the background, purpose, and activities of the WG-LTS. I will also explain why as a System Integrator, NEC needs Kubernetes LTS. On the other hand, (This is not just in case of Kubernetes, but) there is gap between community developers and users in open source community. I will discuss such gap also. I will also discuss the barriers(human resources, cost, etc…) to advancing LTS in Kubernetes community.

Speakers

Yuiko Mori

Manager, NEC

Yuiko Mori is a software engineer at NEC Solution Innovators, Ltd. on a wide range of software projects, and developing open source software. She's been an active technical contributor to Kubernetes, and also previously she had worked for OpenStack.

Tuesday October 29, 2024 16:40 - 17:20 JST
Hall A (2)

ContainerCon

Audience Intermediate

16:40 JST

Device Management and Delta Update for Embedded Devices with SWUpdate and TUF - Koshiro Onuki, Toshiba Corporation

Tuesday October 29, 2024 16:40 - 17:20 JST

Meeting Room 1

Secure and efficient software updates are crucial in infrastructure. Our research integrates SWUpdate with The Update Framework (TUF), which enhances security by ensuring update integrity and improving resistance to well-known attacks. However, there are challenges in the TUF verification process for embedded devices. It requires downloading the entire target images and verifying its size and hash values. This process may be difficult to execute on devices with limited resources. Therefore, we have developed a device management function that manages unique information such as device version information, in addition to integrating with TUF. This function enables the generation of delta update images considering the target device information. As a result, it is believed that updates can be made even within limited resources by transmitting only delta. Furthermore, it becomes possible to meet specific needs of each device, such as reducing bandwidth and update time, customizing update images, and enhancing image encryption. In this presentation, we will showcase the practical implementation of our function that integrates TUF and delta update.

Speakers

Koshiro Onuki

Engineer, Toshiba Corporation

Koshiro Onuki has been working as a Software Engineer at TOSHIBA Corporation since 2022. His main role is to develop Linux for various industrial embedded products. He is mainly involved in research and development of software updates.

Tuesday October 29, 2024 16:40 - 17:20 JST
Meeting Room 1

Embedded IoT Summit

Audience Intermediate

16:40 JST

Real-Time Scheduling Fault Simulation - Ben Dooks, Codethink

Tuesday October 29, 2024 16:40 - 17:20 JST

Hall A (4)

There is a lot of work around how to achieve good real-time on Linux, but not as much on how to simulate faults such as jitter in the system, deadline misses or other faults. Without this it is difficult to test how your application or entire system copes with these problems. As part of work with a number of clients, especially in the safety sphere, questions have come up on how to test processes which rely on real-time scheduling. If we have a way of injecting faults we can reliably test error handling and other mitigations. Mitigations such as throttling, restarting or some measured shutdown of services. We will go through some methods we evaluated for fault injection via both user and kernel space. How existing kernel features can be used and what needs to be done in the way of either configuring or extending kernel features. There will be discussion about how each method works and the comparative merits where overlaps exist. We hope that this can help to promote thinking and improvements on how the scheduler and particularly real-time scheduling is tested under Linux.

Speakers

Ben Dooks

Senior Engineer, Codethink, Codethink

Senior open source consultant at Codethink and long-time contributor to various projects such as the Linux Kernel.

Tuesday October 29, 2024 16:40 - 17:20 JST
Hall A (4)

LinuxCon

Audience Intermediate

16:40 JST

The Telemetry of Trust, Using Attestations to Secure Your SDLC with Open Source Tools - Jesse Sanford & Jagadish Ramidi, Autodesk

Tuesday October 29, 2024 16:40 - 17:20 JST

Main Hall

Let’s be honest, delivering software can be a dirty business. Especially if you are in the critical path of delivering legacy software, or software born from mergers and acquisitions. How can we secure so many differences at scale? How can we build trust into everything we do so that we can delay evaluation until we have enough trust later? In this talk, Jagadish and Jesse show you how Autodesk is thinking about solving both of these problems simultaneously. Through the use of “attestations”. Simple, cryptographically verifiable bits of telemetry that when combined, equal a whole lot more than the sum of their parts. Get enough of them and they build a story of trust. By weaving a software lifecycle tale through a series of verifiable inputs, actions and outcomes we can decide for example, when to allow a build be deployed. Or better, decide when it’s to be deployed to a secure and compliant location. Autodesk is starting to tell those software lifecycle stories using open source software weaved into our platform, making the software we build safer for all, despite our diversity.

Speakers

Jagadish Ramidi

Software Engineer, Autodesk

Works as a security software engineer at Autodesk focusing on software composition analysis and supply chain security.

Jesse Sanford

Software Architect, Autodesk

Jesse is a lifelong software engineer focused on site reliability and Infosec. Currently architecting the juncture of platform engineering and security/compliance for Autodesk's Developer Enablement team. He regularly contributes to open source and frequently speaks about his work... Read More →

Tuesday October 29, 2024 16:40 - 17:20 JST
Main Hall

SupplyChainSecurityCon

Audience Intermediate