The Linux Foundation Member Summit

The success of an open source project is directly related to the utility it provides its community and to benefit from a project, people must know of it as well as how to either contribute to or use it. Many projects are launched with great promise but die a painful and public death from a dearth of developers and/or users. In this talk we take a pragmatic look at growing open source project success through education programs. We cover the ways training can drive awareness and create 'pull' for people to get involved as users or developers. This talk will expose attendees to the open source training and certification landscape, discussing resources available to projects, such as courseware development, self paced learning, open enrollment, and, in more mature projects, skills testing and certification. Upon completion, attendees will have a clear understanding of the possibilities and benefits of having a comprehensive education agenda for their open source project.

For members of the Linux Foundation, open-source software is recognized as critically essential to modern software development. Without it, the breadth and pace of innovation would plummet, and the costs to develop products and services based on software would skyrocket. Over the past several years, we've seen a destabilization of the open-source supply chain. Projects with poor security practices, malicious repo takeovers, and license rug-pulls are a small sample of the growing list of threats facing open-source users. As the largest commercial benefactors of this software supply chain, we have the most to lose. Efforts to address these issues have begun but are under-resourced and moving slowly. This is a Prisoner’s Dilemma & Free-Rider problem that needs a solution, or we are all worse off. This presentation will explore what methods can be brought to bear to increase development, oversight, and quality assurance in the open-source software supply chain to break out of the prisoner’s dilemma. How do those who invest in such work get an appropriate ROI? Can industry and governments work together to find a solution?

Picture the WHOLE software supply chain, beginning to end; it's a little like that olde tyme classic, "Candyland". Designed NOT with preschoolers in mind, AI Supply Chain Candy Land is for everyone interested in learning about the software supply chain for AI/ML. Travel through exotic locations like The Peppermint Forest of swirly-twirly dependencies, The Fudgy Swamp of Compliance, and much more! AI/ML is a fast-moving space within technology. However, everything we've learned in software engineering of the last few decades ALSO applies to this "new" world of AI/ML. We'll apply traditional software supply chain security techniques and, wherever able, tools to help developers and consumers win AI Supply Chain Candyland. Through an enjoyable and colorful game, with useful examples taken from standards and frameworks, the audience will have a better appreciation and ability to apply supply chain security concepts and tools to the development and support of AI/ML-based solutions.