Christopher “CRob” Robinson, CTO & Chief Security Architect, OpenSSF (The Linux Foundation)

CRob previews his OSFF NY session on why reliable, authoritative vulnerability metadata is critical for banks, regulated enterprises, and open source maintainers—and what upstream is doing about it. He walks through the recent CVE/NVD turbulence, why downstream teams (risk, OSPOs, product owners) struggle to meet regulatory obligations without stable data, and how the open source community is collaborating to deliver consistent, high-quality vulnerability information going forward. Expect clear context, practical takeaways, and a path from fragmented signals to trustworthy feeds.

Toni de la Fuente, Founder & CEO, Prowler

Toni shares his journey from maintaining open source in his spare time to helping the community align cloud security with real frameworks like CCC. He previews the upcoming OSFF workshop, where he and Pedro Martín will show how to translate CCC requirements into automated checks across AWS, Azure, and GCP, and how AI can help teams generate and test custom controls quickly. The session will also cover lessons learned: data modeling, compatibility challenges, and how to keep automation simple enough to adopt without adding more complexity.

Ihsan Saracgil, CPO, OpenBB

Tired of waiting on scarce engineering cycles for every integration? Ihsan shows how ODP gives data engineers a Python-native, local-first way to register extensions, wrap external sources as APIs, and serve them to downstream tools (copilots, notebooks, dashboards) with full control of credentials, execution, and access. He also breaks down why Model Context Protocol (MCP) is a game-changer: wire up tools to your AI copilot fast—so tasks that once required custom plumbing (even “send me that result via email”) become quick, safe, and auditable. With a lightweight GUI (Tauri) and standardized FastAPI/OpenAPI specs, ODP helps teams unify messy data pipelines without leaking business logic to third-party platforms.

Rakia Finley, Founder & Managing Partner, Copper & Vine Studio

Regulatory rigor and rapid innovation don’t have to clash. Rakia shares a battle-tested approach to embedding compliance into product design using zero-trust architecture and open-source components. She explains why leaders must clarify the “why” behind regulatory change, and why developers should start from existing regulations—auditing “digital beliefs” (data quality, infra, policies) before layering AI. Expect takeaways on aligning to DORA/ISO, secure-by-design patterns, proactive threat modeling, and how inclusive governance reduces risk by reflecting the communities you serve. Plus: a teaser case study of a fintech pipeline brought into compliance without slowing delivery.