Loading Events

« All Events

Open Source Summit 2026 – Seoul, Korea

August 11 - August 12
Open Source Summit 2026 - Seoul, Korea

Open Source Summit is the premier event for open source developers and contributors. It’s where maintainers, technologists, and community leaders come together to share knowledge, collaborate on solutions, and push open source projects forward. It’s the home for code, community, and the people driving the future of open source.

Open Source Summit is not a single-focus, niche event—it’s the big tent that unites the full spectrum of open source technologies and communities. Whether you work in cloud infrastructure, Linux kernel development, AI/ML, embedded systems, DevOps, security, or safety-critical systems, Open Source Summit offers a shared space to exchange ideas, make connections, and learn across domains. It’s where technologists who don’t typically land in the same room get a chance to collaborate.

At the same time, Open Source Summit brings in the leaders and practitioners who support the ecosystem from non-technical angles: open source program office (OSPO) staff, legal experts, policy advocates, standards organizations, equity champions, community managers, and foundation leaders. Together, they help shape the frameworks, culture, and strategy that make open source work.

This event serves as a strategic checkpoint for the open source movement. It’s where conversations happen about not only what’s being built—but how and why. From sustainability and funding models to licensing, AI alignment, security, and governance, Open Source Summit brings clarity and direction to a fast-changing open source landscape.

Whether you’re deep in code or focused on enabling the communities and structures that support it, this is where your work gains momentum and impact.

ELISA Project will be part of the Safety Critical Software Track. This track explores the intersection of open source and safety standards, covering best practices for regulatory compliance, security updates, and safety engineering. Sessions will delve into requirements traceability, quality assessments, safety analysis methodologies, and technical development for safety-critical systems.

Don’t forget to add these sessions to your schedule!

Tuesday August 11, 2026 11:00 – 11:30 KST – Sponsored Session: A New Security Standard for the AI Era: Zero-CVE and Real-Time Threat Response – SeungEll Lee, Red Hat

As Generative AI and Agentic AI continue to evolve, cyberattacks have become increasingly automated. With hundreds of new CVEs disclosed every day and AI-powered attacks are automated in zero-hour, traditional security and patch management approaches have reached their limits.

This session explores how organizations can build a lightweight hardened infrastructure and a trusted Zero-CVE environment with Red Hat AI on a proven platform that leverages the strengths of the open source ecosystem. It also examines the need for autonomous defense systems and approaches to implementing them, enabling real-time threat response while maintaining infrastructure stability through controlled AI-driven automation.

Wednesday August 12, 2026 15:55 – 16:25 KST – Case Studies of Existing Use of Linux in Safety-critical Domains – Nikita Verma, Individual & Harshita Varma, Independent

The automotive transition to Software-Defined Vehicles (SDVs) relies on mixed-criticality architectures, consolidating open-source infotainment (Automotive Grade Linux) alongside safety-critical Real-Time Operating Systems (RTOS). This virtualization boundary—often KVM/Xen—is assumed to be a secure airgap. However, guest-to-host communication requires hardware abstraction, primarily via the VirtIO standard.

This 40-minute session conducts a hardcore technical teardown of the virtqueue shared-memory mechanism, exposing how legacy C-based VirtIO backends (vhost-net) introduce critical vulnerabilities into the automotive supply chain.

We will dissect a hypervisor escape utilizing custom fuzzing. By crafting malformed descriptor chains to bypass frontend validation, a compromised guest can force the host’s backend into out-of-bounds memory corruption, effectively bridging the airgap into the control plane.

Finally, we will architect the open-source defense: migrating to memory-safe rust-vmm virtualization components to mathematically eliminate buffer overflows, and deploying zero-overhead eBPF probes for kernel-level I/O anomaly detection.

Wednesday August 12, 2026 16:35 – 17:05 KST – Using AI To Bridge the Gap Between Safety Standards and Open Source Development – Kate Stewart, The Linux Foundation

Popular open source operating systems like the Linux Kernel and Zephyr RTOS accept up to 9 commits per hour. Safety standards, like 61508, 26262, and others were developed without this rate of change in mind. Safety standards also expect the requirements to be explicit, which is not part of OS development processes. By using AI tools, we’re able to accelerate the analysis of OS code to derive the requirements and traceability to tests. By storing this info in tools that can import and export System Package Data eXchange (SPDX) 3.0+, we’re able to capture the requirements in a way that can be leveraged for wider system analysis necessary for safety. Associating integrity methods with the requirements and code snippets, also enables monitoring. Combining requirements traceability with precise build SBOM metadata, gives us a framework to keep a component compliant to a safety profile after a security fix.

This talk will provide a view on the latest experiments occurring with the Linux Kernel in the ELISA project, as well as in the Zephyr Safety Working group, and SPDX Functional Safety working group to extend SPDX to meet the needs of establishing these frameworks.

Learn more about the event and register here.

Details