Open Source Summit North America 2026

OpenSource Summit North America recap

OpenSource Summit North America is the Linux Foundation's flagship event for the open source community in North America, bringing together maintainers, contributors, project leaders, and the enterprises that depend on open source software. The 2025 edition convened thousands of attendees across multiple co-located events — covering Linux, cloud-native, AI, security, supply chain, and the governance and sustainability questions that increasingly define the open source ecosystem.

The program reflected how broad the open source conversation has become: technical talks on kernel internals and container runtimes shared the agenda with policy sessions on the EU Cyber Resilience Act, the OpenSSF's secure development frameworks, and the ongoing work to make open source software supply chains genuinely trustworthy.

Echo at OpenSource Summit North America

Echo is built on open source — every Echo image starts from the same upstream sources the rest of the world pulls from, and our work is fundamentally about making that ecosystem safer to consume. That made OpenSource Summit a natural fit. The conversations at this event were not about whether open source matters; they were about how to operationalize it responsibly when every dependency is a potential supply chain risk and every CVE disclosure becomes someone's incident.

We focused our message on what Echo contributes back to the supply chain hygiene story: continuously rebuilt, CVE-free images of the open source projects everyone depends on, with full SPDX and CycloneDX SBOMs, cosign signatures, and in-toto provenance. For maintainers, that means downstream consumers have a cleaner default. For consumers, that means a verifiable, transparent base to build on — without giving up the openness that makes the ecosystem work.

The OpenSSF and SLSA-aligned attendees were particularly engaged on Echo's signing and attestation pipeline. The image provenance, build environment evidence, and SBOM outputs that Echo ships by default map cleanly to SLSA Level 3 expectations, giving downstream teams real evidence to point at — not just claims.

Highlights from OpenSource Summit North America

The sessions on supply chain security drew the largest and most engaged audiences of the event. Talks on sigstore, in-toto attestations, the OpenSSF's package security work, and the operational reality of running large open source supply chains at enterprise scale were consistently full. Policy discussions on the EU Cyber Resilience Act and its implications for upstream maintainers were standing room only — a reminder that the relationship between open source and regulation is now an active, urgent question.

The co-located events brought additional depth: cloud-native talks at the SOSS-adjacent gatherings, AI/ML open source discussions, and the security-focused OpenSSF Day. Across all of them, the through-line was the same: open source has won, and the work now is making it sustainable, trustworthy, and operationally manageable.

The OpenSource Summit audience

OpenSource Summit gathers an audience that is unusually representative of how open source is actually built and consumed — maintainers, contributors, foundation staff, enterprise users, policy leaders, and the security community. The conversations are technical, principled, and grounded in a shared sense that the ecosystem is a commons worth investing in. For Echo, that made every booth interaction not just a sales conversation but a peer-level exchange about how to make the supply chain work better.

Connect with Echo

If you are an enterprise consuming open source at scale and the supply chain risk has become unmanageable — or a maintainer thinking about how to make your project safer for downstream consumers — we would love to keep the conversation going. Reach out and we will share what we are seeing across our customer base and how Echo fits into the broader supply chain trust picture.