Katherine Druckman
Connecting people to the open source security and AI work shaping what comes next.
Actions
Katherine Druckman is a senior technologist, speaker, and longtime advocate for open ecosystems. Currently Head of Community and Partnership Engagement at JetBrains, she specializes in developer experience, combining software ecosystem strategy, content strategy, and community building, grounded in a foundation of hands-on software engineering experience and proven leadership. She is a long-time open source advocate, developer, and podcaster, and is currently the host of the Reality2.0 podcast.
Badges
Area of Expertise
Topics
Security Things: How OpenSSF’s Technical Initiatives Keep You Safe from the Upside Down!
As a sister foundation to the Continuous Delivery Foundation (CDF) under the auspices of The Linux Foundation, the Open Source Security Foundation’s (OpenSSF) mission is to make it easier to sustainably secure the development, maintenance, release, and consumption of open source software (OSS). This includes fostering collaboration within and beyond the OpenSSF, establishing best practices, and developing innovative solutions.
In this hour long session, we’ll connect real problems to OpenSSF solutions, then invite OpenSSF Working Group Leads and Project Maintainers to demo their respective projects in shortlightning rounds that show you how they’ll make your DevOps, CI/CD, or Platform Engineering lives easier to secure!
Navigating Security in Generative AI Development
As generative AI moves rapidly into production environments, developers face security challenges that traditional application security frameworks cannot fully address. This talk explores the fundamentals of AI security and compares how different communities—from security practitioners to AI researchers—are developing solutions through collaborative initiatives and open source communities and working groups.
Attendees will gain a clear understanding of how different communities, such as OpenSSF and OPEA and others, are addressing AI security challenges through complementary approaches, providing a foundation for implementing appropriate security controls in their own AI applications.
Topics Covered
* overview of AI security challenges vs traditional app sec
* Comparison of approaches from OpenSSF, OPEA Security Working Group, and other industry collaborations
Simplifying Generative AI App Development: Why Standards Matter
Demand for generative AI development is moving like a bullet train! Rapid innovation can move lightning-fast and produce exciting projects. Now is the time to embrace open development, refine best practices, and collaborate on standards for all to benefit.
This session will outline common pain points involved in building LLM-based generative AI applications, especially those using RAG techniques, and connect them to open solutions. We will share reference architectures to help shorten developers’ paths to releasing performant AI applications to meet the needs of stakeholders and users. Finally, we’ll share community efforts, such as the Linux Foundation’s Open Platform for Enterprise AI project, to advance this critical work.
Join us to explore ways to discover the untapped potential in generative AI development workflows.
Critical Conversation: Consuming Open Source Securely
With the number of available open source projects seeing exponential growth, including the number of single-maintainer projects, evaluating and safely consuming open source software has never been more critical or challenging. Join Katherine Druckman, Open Source Security Evangelist at Intel, in conversation with Ryan Ware, Director of Open Source Security at Intel, to unpack the basics of secure open source consumption.
Join us as we explore the fundamentals of evaluating open source projects against maintenance best practices and overall health, and cover the significance of CVEs and how they are addressed within open source projects. We will highlight the roles of project maturity and governance, documented expectations about code contributions, and clearly outlined bug-reporting processes, and how all these factors build confidence in the integrity of our software.
Finally, we’ll touch on the use of tooling to help harden the development process and initiatives from the broader open source security community, like the OpenSSF and its projects, that aim to make secure open source software consumption ubiquitous.
Connecting Supply Chain Security Projects to the Community - Exploring OpenSSF’s DevRel Mission
Under the hood of most software is a complex system of tooling, processes, and, ultimately, humans. Ensuring the system's integrity and hardening our software supply chain requires careful configuration at countless steps along the pipeline. Similarly, community efforts to develop standards, tools, and education also require contributions from a diverse group of technologists and communicators to keep projects, conversations, and outreach moving forward.
The new OpenSSF DevRel community was formed to advance the mission of the OpenSSF by evangelizing its projects. This panel of DevRel Community volunteers will share the many ways we leverage our varied experiences to fill the critical gap between code and communication. We will further outline the many values of non-code contributions in organizations like the OpenSSF and share tips for getting involved.
Back to Security Basics: Evaluating, Consuming, and Contributing Open Source Software
We won! Open source software is everywhere... so now what? Shifting left starts at the beginning – ensuring the security of open source software requires careful evaluation, use, and contribution.
This talk will cover some important challenges in securely consuming open source software. Attendees will learn to evaluate projects based on active maintenance, patch cycles, and vulnerability management. We will explore the role of project documentation, code contribution expectations, and community involvement in project maturity and code quality, as well as tools and community guidance. Walk away with the beginnings of a practical framework and checklist that you can mold to your own needs.
Secure Consumption of Open Source Software: Evaluating, Utilizing, and Contributing Safely
The consumption of open source software is ubiquitous, offering immense opportunities for innovation and collaboration. However, ensuring the security of open source software requires careful evaluation, utilization, and contribution.
This talk will cover the key considerations for securely consuming open source software. Attendees will learn to evaluate projects based on active maintenance, patch cycles, and vulnerability management. We will explore the role of project documentation, code contribution expectations, and community involvement in project maturity and code quality.
Key Points:
- Evaluating projects based on active maintenance, patch cycles, and vulnerability management.
- Understanding the significance of project documentation and community involvement.
- Challenges in consuming open source software and managing dependencies.
- Utilizing tooling and static analysis to enhance security during development.
- Open source security community activities and important developments, such as OpenSSF projects and ways to get involved.
(Note: this could also be shortened to a lightning talk hitting the basics)
Open Source Summit + Embedded Linux Conference North America 2026 Sessionize Event
OpenSSF Community Day North America 2025 Sessionize Event
All Things Open AI 2025
Security and AI: The Strategic Imperative
Southern California Linux Expo 2025
A Hitchhikers Guide to the CNCF Landscape
Navigating Security in Generative AI Development
Taming the Chaos: What's Next in Engineering
All Things Open 2024
Critical Conversation: Consuming Open Source Software Securely
Simplifying Generative AI App Development: Standardization Matters
SOSS Fusion 2024 Sessionize Event
Grace Hopper Celebration 2024
Secure Consumption of Open Source Software: Evaluating, Utilizing, and Contributing Safely
Open Source Summit Europe 2024 Sessionize Event
Open Source Summit North America 2024 Sessionize Event
SOSS Community Day North America 2024 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top