Thank you to each of you for making Cloud Native Zürich a resounding success. Our sincere thanks also go to our sponsors. Your support played a crucial role in the success of this event.
Open source is under assault. Expansive AI vulnerabilities and supply chain attacks, targeted maintainers, and frontier models from nation state adversaries bring us to ask: is open source software safe to use?
The contract is clear: free, zero-liability software wins on merit; the commons is the greatest marketing engine in software; and we can develop transferrable skills between our employers. But how can we do so without getting hit by an AI-enhanced zero day attack?
In this talk, we: - analyze and classify recent and historical open source AI attacks - threat model the OSS supply chain - use CNCF and OpenSSF security tooling to reduce our risk - design systemic controls to secure the use of open source in today's climate
How do you transform a landscape of historically grown platforms and fragmented ordering processes into a scalable, standardized Developer Experience?
In this session, we share our journey of evolving from disconnected on-prem and portal solutions toward a true Internal Developer Platform (IDP) with curated Golden Paths at Raiffeisen. Our starting point was a heterogeneous Selecta "vending machine" landscape: multiple entry points and redundant implementations for basic needs like database provisioning or core infrastructure.
We’ll dive into the friction of our legacy setup and the vision that drove us forward. You will get exclusive insights into our evaluation phase, where we benchmarked industry-leading tools like Kratix, and Backstage (including Red Hat Developer Hub with Orchestrator) using real-world prototypes.
A key takeaway from our journey: The portal is not the platform. We quickly realized that the secret to success lies in the orchestration layer, not the frontend. Today, our solution centers on: * Clearly defined Golden Paths to reduce cognitive load. * Self service and highly automated application setup including infrastructure. * A strict separation of concerns between application code and GitOps. * An architecture built on Kubernetes Operators. * Custom services that ensure our platform remains flexible and extensible.
This talk demonstrates why the portal is ultimately just an interchangeable interface - and what truly matters when building a sustainable developer platform. Join us for a candid field report filled with architectural decisions, practical learnings, and the inevitable stumbling blocks we encountered on our way to delivering "Golden Path as-a-Service"
Vibe code is flooding open-source projects with an ever-growing volume of pull requests and ideas. Banning AI contributions isn't the answer, yet it is difficult to resist.
How can open source projects survive and keep progressing despite the pressure?
This talk covers the project playbook we're building in CNCF Harbor and Harbor Satellite: defining a clear project direction so contributors, human or AI-assisted, know what's in scope before they contribute. Setting explicit acceptance criteria and guardrails. Using AI on the maintainer side to triage, review, and filter the growing volume of contributions. Deciding as a project where your boundaries are, what's core, what's an extension, and what's out of scope, so you stop drowning in well-intentioned feature PRs that slowly erode coherence.
We share what works, what fails, and how we are rethinking open-source, contributions, community, and project positioning as a whole.
Thanks to our sponsors for CNZ 2026
We would like to extend a special thank you to our sponsors for their support and commitment to the community. We couldn't do it without them! If you're interested in becoming a next year sponsor, please contact hello@cloudnativezurich.ch.
Gold
