Open Source Software Superstream: Open Source Essentials for Enterprise
Published by O'Reilly Media, Inc.
Open source is a core component of successful industries, companies, and individual developers alike. Industry innovation comes when companies share how to tackle common problems. Rising company revenues depend upon the wise use of open source software. Developers’ professional success and growth is impacted by their knowledge of and interaction with open source projects. So, are you optimally incorporating open source into your business plan or career growth? These expert-led sessions will show you how to best work with open source projects and the essential community behind them.
About the Open Source Software Superstream Series: This event is packed with insights from innovators on how to harness open source in your own company, everywhere from internal software development to external community engagement to the handling and care of an open source project and more.
What you’ll learn and how you can apply it
- Learn how open source software is transforming enterprise software development and ways to approach it for your own business and software development
- Understand security challenges across all levels of open source software and anticipate ways in which your team will need to prepare for potential threats
- Optimize your understanding of the differences between open source and open core, and how to make the best choice between the two approaches for your company
This live event is for you because...
- You’re curious about the ways open source software will affect your enterprise business and security decisions.
- You’re a developer who wants to understand how shifts in open source software will affect your development practices, and how open source dependencies matter to your development.
- You want to learn more about different approaches your team can take when working with and around open source software.
Prerequisites
- Come with your questions
- Have a pen and paper handy to capture notes, insights, and inspiration
Recommended follow-up:
- Read Securing Open Source Libraries (report)
- Read Investing in Open Source: The FOSS Contributor Fund (report)
- Read The Value of Open Source in the Cloud Era (report)
- Read The Benefits of Open Source and the Risks of Open Core (report)
- Watch Case Study: Open Source at AWS with Adrian Cockcroft (video)
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Kelsey Hightower: Introduction (5 minutes) - 8:00am PT | 11:00am ET | 3:00pm UTC/GMT
- Kelsey Hightower welcomes you to the Open Source Software Superstream.
Nithya Ruff: Keynote—The Evolution of Open Source into the World’s Biggest Collaborative Innovation Engine (15 minutes) - 8:05am PT | 11:05am ET | 3:05pm UTC/GMT
- Open source has proven to be a persistent and powerful movement for innovation and collaboration across the world. Starting with humble beginnings surrounded by skeptics in the business world, it has become the way the world solves big problems, especially in technology. In this keynote, open source advocate and expert Nithya Ruff takes you on a journey from the early days of the free software movement to today, when it is powering digital organizations of all kinds. Along the way, you’ll explore what makes open source work for software, data, and collaboration, and why it is more than just a software movement.
- Nithya A. Ruff is the head of the Amazon Open Source Program Office, driving open source culture and coordination inside of the company and engagement with external communities. Previously, she started and grew Comcast’s and Western Digital’s Open Source Program Offices. An aspiring corporate board director and governance enthusiast, Nithya has been director-at-large on the Linux Foundation board for the last five years and in 2019 was elected the board’s chair. She works actively to advance the mission of the Linux Foundation around building sustainable ecosystems that are based on open collaboration. She’s a passionate advocate and speaker for opening doors to new and diverse people in technology and often speaks and writes on this topic. Nithya holds an MS in computer science from NDSU and an MBA from the University of Rochester’s Simon Business School. You can follow her on Twitter as @nithyaruff.
Raimon Ràfols and Francisco Herrero: The Path to Open Source for the Traditional Enterprise (Sponsored by AXA) (40 minutes) - 8:20am PT | 11:20am ET | 3:20pm UTC/GMT
- Adopting open source can be daunting for some departments or organizations, but failing to embrace open source can significantly impact time to market and innovation capabilities. Open source isn’t a "silver bullet," and adopting open source solutions doesn’t come risk-free. But the benefits are real and measurable, including attracting and retaining technological talent, driving increased adoption of the organization’s products, and achieving democratization through transparency and open collaboration models. Join AXA software engineering manager Raimon Ràfols and software engineering lead Francisco Herrero to learn why contributing and adopting open source can be highly beneficial for your organization. Along the way, you’ll explore techniques for mitigating the associated risks, including some of the most common security and legal issues that might arise. AXA’s journey is far from finished, but Raimon and Fran will fill you in on what’s worked for the organization so far along its journey.
- Raimon Ràfols is a software engineering manager leading the Engineering Excellence Group at AXA. Together with his team, he supports AXA companies on engineering and software development processes, security, quality, and engineering culture while promoting open collaboration. He had the honor of being the chairman of the Transforming Industries Summit at Mobile World Congress Shanghai, where he also spoke about enterprise transformation and engineering culture. Raimon has won several international awards and authored two software development books.
- Francisco Herrero is a software engineer and team lead at AXA. Since 2014, he’s led high-performance development teams in several digital programs across the organization and built global APIs using Node.js. Fran advocates for self-organized teams and open collaboration, using InnerSource and Open Source as the main success drivers within AXA. He enjoys his time with his newborn son, Luca, and his wife, Maria.
- This session will be followed by a 30-minute Q&A in a breakout room. Stop by if you have more questions for Raimon and Fran.
- Break (5 minutes)
Danese Cooper and Joseph Jacks: Open Source vs. Open Core (45 minutes) - 9:05am PT | 12:05pm ET | 4:05pm UTC/GMT
- No one debates that open source software is nearly universal to software development, but debates on “open source” versus “open core” approaches can get quite heated. Even definitions of “open source” and “open core” are disputed. Is open source truly “free,” and if so, what do we mean by “free”? Is open core simply a mix of open source and proprietary software or is there a different, deeper way of looking at it? And most importantly: what successes and challenges are associated with each approach? Open source expert and consultant Danese Cooper and OSS Capital’s Joseph Jacks make arguments for open source versus open core as options for enterprise approaches to software development. Kelsey Hightower moderates what promises to be a lively and informative discussion.
- Danese Cooper is a well-known leader and advocate for open source with over 30 years of experience in technology and 22 years contributing to the open source movement. Previously, she served as head of open source software at PayPal, Inc., and was the first chair of the Node.js Foundation as well as the founder of InnerSourceCommons.org and author of Adopting InnerSource for O’Reilly. She also served as the CTO of Wikimedia Foundation, Inc., the first chief open source evangelist (and founder of the world’s first open source program office) for Sun, and as senior director of open source strategies for Intel. She concentrates on creating healthy open source communities and has served on the boards of the Drupal Association, the Open Source Initiative, and the Open Hardware Association, and has advised Mozilla, the Linux Foundation, and the Apache Software Foundation. She also runs a successful open source consultancy which counts Bill & Melinda Gates Foundation, SETI Foundation, Harris Corporation, and Numenta as clients. She’s been known to knit in meetings.
- Joseph Jacks is the founder and managing director of OSS Capital, L.P., the first and only seed VC firm and platform dedicated exclusively to serving open source founders, founded in September 2018. Previously, Joseph was an EIR at Quantum Corporation in support of the Rook project, which was subsequently donated to the CNCF (its first storage project), and since its inception, has been involved at the board level, in various committees, and as an advisor. Joseph founded KubeCon (now also run by the Linux Foundation's CNCF) while also founding and building Kismatic, the first enterprise-focused commercial Kubernetes company (acquired first by Apprenda, and then by ATOS). Over the preceding several years, Joseph worked in various sales, engineering, product, and strategy capacities at Mesosphere (now D2IQ), Enstratius (acquired by Dell Software), TIBCO Software, and Talend.
Aeva Black and Ed Warnicke: GitBOM—Repurposing Git’s Graph for Supply Chain Security and Transparency (45 minutes) - 9:50am PT | 12:50pm ET | 4:50pm UTC/GMT
- In the last few years, concern about software supply chain security has grown, but it shouldn’t have come as a surprise. While widespread impact from vulnerabilities like Log4Shell highlighted the risk, the hazards weren't new: 10 years ago, Heartbleed caused a similar reaction across the industry. Failing to react, or not knowing how to react, to critical supply chain risks can be very costly—in more ways than one. Enter GitBOM, a tool built to improve software identification and vulnerability management. Aeva Black and Ed Warnicke share why they're excited about GitBOM and why they believe it should be an automatic part of open source build tools. You’ll learn what GitBOM is (hint: it's not Git and it's not an SBOM), see how to generate a GitBOM with a simple command-line tool, and discover why you won't have to. If you want to add support for GitBOM to your favorite tool or language, this talk will get you started.
- Aeva Black is an incurably queer geek, passionate about privacy and ethics in tech. They're an open source hacker in Azure's Office of the CTO, focusing on community safety and supply chain security, and they currently serve on the OSI Board of Directors and the OpenSSF TAC and as a CNCF board shadow. In a previous life, Aeva founded the OpenStack Ironic project, served on the board of the Consent Academy, managed a few small MySQL databases, and lived on a tiny farm in the Olympic Mountains.
- Ed Warnicke is a distinguished engineer at Cisco Systems. He’s spent for two decades working in many areas of networking and open source. Ed is a cofounder of and active contributor to the GitBOM and Network Service Mesh projects. He has a master’s degree in physics (string theory) from Rutgers University.
- Break (5 minutes)
Tim Banks: From Labor of Love to IPO—Business Models and the Spirit of Open Source (45 minutes) - 10:40am PT | 1:40pm ET | 5:40pm UTC/GMT
- At what point is the ideal behind the open source community at odds with the drive to have a profitable product? It wasn't that long ago that open source projects were developed, discussed, and maintained using distribution lists, news groups, and BBSs. These communities moved slowly but steadily toward the technological ecosystem that built the foundation of what we know today. The idea that an open source project would be the sole IP of a for-profit company was unheard of. Today the development speed and distribution of open source contributors would be beyond the imagination of those 30 years ago, but that speed is significantly driven with the end goal of profit. Join Tim Banks to consider whether this push for profit robs open source contributors of their share of the spoils, and, more to the point, whether it violates the original principals behind open source software in the first place.
- Tim Banks is a principal cloud economist with the Duckbill Group. His 20+-year tech career started in the US Marine Corps: he originally joined to be a musician but was later reassigned into an avionics specialty. Upon leaving the Marine Corps, he went on to work for hardware manufacturers, defense contractors, other large corporations, and small startups, where he honed his skills in systems administration and operations for large Unix-based datastores. Today Tim leverages his years in operations, DevOps, and site reliability engineering to advise clients. Tim is a husband and a father of five children. He’s also a competitive Brazilian Jiu-Jitsu practitioner and has won medals in several IBJJF open tournaments and both American National and World Championships. Currently, he’s the reigning four-time Pan-American Brazilian Jiu-Jitsu champion in his division.
Luke Hinds: Sigstore—An Open Source Solution to Supply Chain Security (30 minutes) - 11:25am PT | 2:25pm ET | 6:25pm UTC/GMT
- Sigstore is a new standard for signing, verifying, and protecting software. Using the latest cryptographic technologies, Sigstore allows both open source communities and enterprises to sign and store a provenance record of the software supply chain. It’s run as a free public service or as enterprise-grade software. Sigstore is community funded under the Open Source Security Foundation, with backing from Google, Red Hat, and many other tech companies. Join Sigstore founder Luke Hinds to learn about the project and its positive impact on improving the supply chain security of both open source projects and enterprise software.
- Luke Hinds is the security engineering lead in Red Hat's Emerging Technologies Group in the Office of the CTO. He leads a team of engineers focused on the development of new cutting-edge security technologies centered on cloud and trusted/confidential computing. He’s a member of the Kubernetes security response team and a founding member of sigstore and many other projects in the security domain.
Kelsey Hightower: Closing Remarks (5 minutes) - 11:55am PT | 2:55pm ET | 6:55pm UTC/GMT
- Kelsey Hightower closes out today’s event.
Your Host
Kelsey Hightower
Kelsey Hightower has worn every hat possible throughout his career in tech and enjoys leadership roles focused on making things happen and shipping software. Kelsey’s a strong open source advocate focused on building simple tools that make people smile. When he isn’t slinging Go code, you can catch him giving technical workshops covering everything from programming to system administration.