About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Blog Post
IBM's Contributions at Open Source Summit North America 2024
Your guide to the different presentations from IBMers and co-presenters at the main conference and co-located events at Open Source Summit North America 2024
Video will open in new tab or window.
IBM will have a wide representation at the Open Source Summit North America 2024 in the AI/Machine Learning, Cloud, CI/CD, Quantum Computing, Security, and other areas. This post gives an overview of the IBMer presentations and can be used as a guide for attending the various IBM accepted talks.
Open Source Summit is the premier event for open source developers, technologists, and community leaders to collaborate, share information, solve problems, and gain knowledge, furthering open source innovation and ensuring a sustainable open source ecosystem. It is the gathering place for open-source code and community contributors.
Open Source Summit is a conference umbrella, composed of a collection of events covering the most important technologies, topics, and issues affecting open source today.
In this post, we present a brief overview and guide for the different presentations from IBMers and co-presenters at the main conference and co-located events. The goal is to help our existing and prospective partners and clients quickly decide and build their schedule to have a more fulfilling experience.
Also, we invite you to join the after hours AI Meetup happening on April 16 evening. The IBM speakers are helping with the event and will be honored to meet you.
IBMer Sessions
Now, let's explore the accepted talks from IBM speakers. All times are presented in Pacific Time (US/PT). The full schedule can be found at the summit website.
Tuesday, April 16
Panel Discussion: Improving Supply Chain Integrity with OpenSSF Technologies (11:20am - 12:00pm) – by Arnaud Le Hors, Jay White, Isaac Hepworth, Michael Lieberman, Marcela Melara
OpenSSF has been developing a series of technologies aiming at improving the security posture of open source and the software supply chain. This panel will give attendees a chance to hear from the very people involved in the development of these technologies what's behind names like SLSA, S2C2F, and GUAC, the status of these technologies and their implementations in the industry. Attendees will leave the session with the latest info on what they can do to leverage these technologies and improve their security posture.
Adopting CDEvents and Embracing Interoperability – by Andrea Frittoli (11:40am - 12:00pm PDT)
The software delivery lifecycle landscape (SDLC) is rich with tools and services that help engineers automate every step and aspect of the software production process: configuration management, testing, build tools, artefact storage, software supply chain security, deployment and monitoring. How to connect all these tools together and how to audit them consistently from beginning to end? The CDEvents project is on a mission to help solve this problem through standardization and interoperability. In this talk, the speaker will introduce CDEvents, its latest news and roadmap; he will present how the project’s shared event format is being adopted by various tools across the SDLC: Jenkins and Tekton for CI, TestKube for Testing, ArgoCD and Spinnaker for Gitops and Continuous Delivery, Harbor for artefact storage, and the list keeps growing. He will present the challenges to adoption and the successes achieved and demonstrate an example of interoperability within the SDLC through CDEvents.
Introducing the Post-Quantum Cryptography Alliance - by Michael Maximilien, Hart Montgomery (12:15pm - 12:55pm)
There is a looming threat to all on the horizon. Today’s data and communications are secured using various forms of public-key encryption. These schemes are all (principally) based on the surprising complexity of factoring large numbers. The issue with modern-based cryptography is that, in 1994, Peter Shor discovered a quantum algorithm that can break modern encryption when executed on large enough quantum computers (QCs). What can we do today to protect from this looming threat? The QC and cryptography communities have been hard at work on devising new encryption algorithms that can be resistant to QCs. Working closely with the Linux Foundation and leaders of the cryptography and OSS community the Post-Quantum Cryptography Alliance (PQCA) was created to host and lead a collection of initial post-quantum projects that can be used to make the world’s software quantum safe. As part of the original representative members of the PQCA, Hart and Max have seen the progression of the alliance from its inception at the LF Member’s Summit 2022 to its current form. In this talk they will present the foundation and its charter along with an overview of the current projects and algorithms.
Software in Space: Lessons Every Developer Can Learn From - by Joe Winchester (12:15pm - 12:55pm)
This talk covers how software is used in space missions focusing on the four most high profile failures, and mission rescues. Ariane 5, Cassini Huygens, Mars Polar Lander, and Spirit Rover. These were all struck down by lack of testing, software not being switched off when it was no longer required, failure to understand metric and imperial conversion, and race conditions writing to memory. While these had catastrophic results in two of these, the other two were rescued through a combination of brute force, raw ingenuity, and brilliant innovation. This talks will cover each of the space missions and discuss how the lessons learnt can and should be applied to day to day programming and testing and architecture of all software packages, especially as shops rush to move to adopt agile results without fully understanding the risks.
Wednesday, April 17
Get to Know PyTorch - A Cutting Edge Open Source AI Framework for Deep Learning - by Sahdev Zala (11:00am - 11:40am)
PyTorch has emerged as a leading open source framework for AI research and commercial production for key facets of deep learning. Created initially at Meta, it has moved under the Linux Foundation umbrella as the PyTorch Foundation to accelerate progress in AI. The foundation was created in September 2022, the project continues to evolve, and many exciting things are happening in the project. In this talk we provide an overview of deep learning, PyTorch fundamentals, and the latest developments in the community. We also provide a tour of the many repositories in the PyTorch project, discuss how you can become a contributor, and show how you can leverage PyTorch to create neural network models for your own needs.
Application-Aware Layer-7 Security Framework for Cloud APIs Using Large Language Models - by Julian Stephen, Shriti Priya (2:00pm - 2:40pm)
Organizations today increasingly deploy cloud based APIs for their internal and external operations. These deployments deal with an ever-increasing number of complex threats, leading to data breaches, unauthorized accesses and other forms of abuse. Prevention and mitigation measures against such threats need application specific semantics to be considered while defining policies, posing a challenge to security administrators. This talk will show how we can leverage advancements in large language models (LLMs) to prevent application layer threats against cloud API workloads. We will present the design and implementation of a security framework that allow administrators to easily define and enforce policies capable of preventing layer-7 threats against APIs. The framework utilizes LLMs to identify common API flows , making it easy for administrators to define cross application policies. Policies are expressed and evaluated in Open Policy Agent (OPA) and enforced by customized web assembly plugins within envoy proxies. This talk will show how you can build your own API security policies that are sensitive to application semantics but work across applications.
How Our Mainframe-Focused Working Group Solved Our Linux Distribution Maintainer Isolation Problem - by Elizabeth Joseph (2:00pm - 2:40pm)
When you're the only maintainer caring for a somewhat niche part of your project, it can be very isolating. This was happening with maintainers of the s390x (mainframe) port of a number of Linux distributions, and so in 2021 we founded The Open Mainframe Project Linux Distributions Working Group to try and solve this. The working group brought together maintainers of the s390x port of openSUSE, Debian, Fedora, Rocky Linux, and more to discuss and collaborate on shared issues, future planning, and access to hardware resources for development and testing. This talk will provide a basic introduction to the s390x architecture to provide context to why collaboration is required and why maintainers sometimes struggled. Then we'll dive into some of the specific technical success stories the distributions have from this working group, and how that's managed to knock down those walls that were causing us to feel so isolated, and create a friendly, collaborative team.
Panel Discussion: The 5 Ws and H of Open Source Community - by Lori Lorusso, Jeremy Meiss, Andrea Frittoli (4:20pm - 4:40pm)
The term 'community' is used throughout tech conversations, articles, websites, marketing collateral, etc. The list is endless but what exactly is an open source community? This panel will discuss the 5 Ws: who, what, where, why, when, and the H: how - of open source community. We'll dive into each question and give real world examples of our experience getting to the bottom of 'open source community.' We'll discuss the who, the people that dedicate their time to community, the what: technology and projects, when things go well, why things maybe don't go so well, and how to join and get involved!
BOF: Trusted AI - Discussion of Model Evaluation Tools, Guidelines, and Geographical Variations - by Susan Malaika (4:55pm - 5:35pm)
This session will energize and grow the community around Trusted AI and increase the number of contributors to the materials the LF-AI and the Generative AI Commons are working on. The discussion will extend to include elements of Responsible AI, Security and Privacy.
Thursday, April 18
Clusterlink: Enabling Fine-Grained and High-Speed Application-Level Connectivity Spanning Clusters - by Pravein Govindan Kannan (2:00pm - 2:40pm)
While current application deployments tend to span multiple clusters across cloud, rapid application connectivity across clusters still remains an infrastructural concern which tends to remain static and changes often require processes such as compliance, identity, asset protection, etc. However, what application requires is programmable, fine-grained and secure network connectivity between application modules which enables applications to be scaled beyond clusters without requiring infrastructural changes to the underlying platform. We propose ClusterLink, which is designed as a building block for providing application-level multi-cloud connectivity for cloud applications. The main design principles of Clusterlink are : Programmable, Open & Extensible and Connection-orientedness. ClusterLink is realized as an in-cluster gateway responsible for handling application traffic according to definitions and policies specified through declarative APIs. In this talk, I will explain the internal design rationale of ClusterLink, provide a live demo of ClusterLink’s fine-grained connectivity, illustrating use-cases, and future developments.
“Harvest Now, Decrypt Later” - Addressing Quantum-Safe Cryptography in Open Source Development - by Alex Bozarth & Mariam John - (4:10pm - 4:50pm)
With the introduction of quantum computers, current encryption algorithms will no longer stay secure. To address this impending problem, encryption software must start using new quantum-safe algorithms. The switch to quantum-safe needs to happens quickly to address the “harvest now, decrypt later” problem, where encrypted content can be saved now and then decrypted once the quantum computers have caught up. This session goes over what quantum-safe cryptography is and why it’s important, including the predominant open source initiatives implementing it. It will then demonstrate how to set up and use OpenSSL with quantum-safe algorithms to address quantum security, setting up a local development environment with quantum-safe OpenSSL and showcasing show some practical examples for using quantum-safe OpenSSL such as cURL and HAProxy. Attendees should walk away with a understanding of what quantum-safe is, why it’s important now, how the open source community is addressing it, and what a quantum-safe implementation looks like in OpenSSL.
Secure Open Source Software (SOSS) Community Day
The SOSS Community Day is happening on Monday, April 15 alongside the Open Source Summit. Join IBM’s Mo McElaney for a panel discussion featuring key members of the Open Source Security Foundation (OpenSSF) DEI working group.
Conclusion
Open Source Summit North America 2024 will most certainly continue its long tradition of top tier open source conference. IBM is proud to participate in this prestigious conference and will have presentations on variety of topics from various speakers, leaders, and executives. We hope this post helps you to make the most of the various IBMer presentations and activities. We hope to meet you at the conference!
Explore more articles and tutorials that IBM has published on open source AI topics.