 So, hey, everyone, welcome to OspoCon Europe. It's great to be here. Anna and I have the kind of opportunity of welcoming you to the event this time around. We've been doing these for a while and it's very excited to see everyone face to face. It's been a little bit long. So, we'll introduce ourselves first. So, Anna. Hi, everyone. My name is Anna. I'm the to-do program manager. And well, a little bit of myself, formerly, I was in another in Victoria. So, we're the analytics firm. And in there, I get a lot of knowledge on Ospo and inner source metrics and community health. And then now, one part of my time is making sure to grow and nurture the community to the group and help Ospo's advance in their Ospo journeys and build with the community guides, reports and other tooling to run successful open source program offices. Two years ago, I finished my master in data science, focusing on measuring the diverse success on open source projects. And I've also involved in other communities like chaos, inner source commons, open chain, diverse collective and diverse space. Thank you. Do a quick little intro before we go to Ospo news. So, you know, Chris Anizic had the fun job of helping build out and running the Ospo Twitter a while ago. Currently, I serve as CTO of the Cloud Native Computing Foundation, which I helped start about seven years ago now. And I'm involved in a lot of the bootstrapping of open source foundations within the Linux Foundation. I'm a co-founder of the to-do group in OspoCon and it's great to kind of see folks caring more about the professionalization of open source programs. Some of us who have been here for a while, like Nithya at the room, we've seen this evolve over the years and it's kind of just great to see more and more companies having open source offices and just professionalizing the practice across the industry. So, first off, Anna and I want to thank the OspoCon Europe Program Committee. Chris, Steven, Libby, Joseph, Jordan, Don, Anna, David and Courtney Liss were instrumental in helping us formalize a great program that we have for the next few days here. So thank you. If there's any folks in here that are interested in participating next time, let us know. We're always happy to kind of grow folks on the program committee side. So, we'll do this quick little presentation about the value of Ospo's. We'll talk a little bit about updates from the to-do group and some latest Ospo news and there's a little mascot. So, I don't have to explain this to hopefully folks in this room, but in general, most modern software that is developed these days is based on open source projects and technology. Every open source summit you go to, it's always like new foundation around climate, new foundation around this thing. Every industry, everything that we're essentially touching on a daily basis has software being embedded in it and more and more that is becoming open source. The challenge is not all open source are necessarily equal. Some projects may be a little bit more secure, more modern, more mature than others and I think the role of an Ospo and an organization is to basically, what are the risks for you when you potentially use open source incorrectly? Do you use a library that you may not comply with the license because your developers accidentally dragged into a build or a product because that's just the way it works. Developers are inherently lazy and just use what they could find. So, a lot of common issues out there around ensuring that we're making sure we're compliant and preventing those types of situations. Also, the question asks is what is the cost if your organization does this poorly or incorrectly? If you have open source that is not secure and you're using it, does that put your organization as risk? We've had some huge incidents recently in industry with log forge definitely caused all sorts of issues but there are more of the classic Ospo issues of you ship a GPL library and a mobile app that you didn't intend to dealing with those consequences and there's been a lot of court cases and other kind of ramifications here. So, these are just questions to kind of think about for your organization and this is not really a new concept. I always tell people a long time ago in the industry the security offices out there were formed in a reaction to people getting hacked, people running into issues and having their businesses basically severely penalized for that. So, the role of the CISO was created a little over 25 years ago and now we see almost every organization in this world having a basic CISO or security center of competence. The same thing is happening with open source in my perspective where open source now has become literally so pervasive. The formalization of an Ospo and open source kind of officer is happening throughout. So, the Tudor Group maintains this little Ospo definition which essentially just tells you what the role of an Ospo is. Here are some of the things we focused on. It's kind of a community-based things that we created but essentially an Ospo is very simple. It's really just the center of competency in your organization to handle open source operations. So, it's basically it. A lot of companies do it differently. Sometimes Ospos live in engineering departments. Sometimes they live in legal departments. There's kind of no one formula for this but this is something we maintain to kind of help grow the craft overall. The other thing that Ann and I talk about a bit and I've talked about with a lot of folks is literally you can't, adopting a strategic posture on open source is no longer optional. You have to have it. All the stuff that your company or organizations are building on, it depends on open source. You have to truly think about what business value you're getting, what organizations you need to support and so on so things continue to kind of hum along. Within a to-do group, we helped essentially build a couple models of how you could kind of think about this but a lot of times when you're starting your kind of Ospo, you're basically moving from, a lot of companies have some folks in the organization that care about open source. Maybe it's an engineer or whatever, program manager and these are very haphazard kind of ad hoc efforts. Starting an Ospo or a formal Ospo is basically moving this to a more strategic position that's funded in your organization that is properly staffed and pretty much delineates what clear business value and strategy that your organization gets from using open source. Ospo's always kind of help educate and fuse open source culture throughout the organization out there and generally help accelerate the adoption of open source software which is the default these days. We came up with this little model of how kind of Ospo's get formed. You kind of have the early stage zero of just like, we're just using open source and we may have no idea what we're actually consuming which is very common and then there's kind of other stages that go along from formalizing legal education and compliance efforts to more community outreach and engagement to actually leadership in producing open source software that you're collaborating with peers in industry. So lots of different things and we have a lot of these resources online of what Ospo's do, a lot of people ask but every Ospo's gonna be a little bit different based on kind of what your needs are for an organization. There's not one clear way to do this. Like you could learn from a lot of different Ospo's but it's always gonna be a little bit unique for your organization of what you actually kind of need and what you wanna prioritize. So with that coming up in time is I'm gonna go hand it off to Anna to talk a little bit about latest Ospo news from the Tudu Group and some of the new stuff that we've come up with. Thank you so much. Yeah, so over the past months the Tudu community has been working on new resources, some great initiatives and programs together and today I just wanted to give you some updates on what has been happening in the Tudu and the Ospo news so far. So the first announcement is that today we are launching the results from the past open source program office survey results and it's already in the Tudu blog so people can go there, download the report in PDF and also check the main cave findings that we have found. These are some of them. I just wanted to highlight two of them. The first one is around Ospo's success. So this year from all the respondents that had an Ospo, 80% said their organization's programs have a really positive impact on software practices. So we are seeing like clear results on what is to build an Ospo in some organizations. Also we're seeing that more than ever we're seeing how success is being measured. So organizations are investing also in measured success by the volume of contributors and contributors coming for outside organizations. We are seeing some constraints. We've tried to segment also across different regions like what is the Ospo adoption in Europe? What is the Ospo adoption in Asia Pacific? And for instance, in Asia Pacific we are seeing a big barrier to Ospo that is time and resource constraints. 49% said that was one of the main reasons of not having an Ospo. So as I said, you can see the dive into these insights and cave findings in the report with just launch. And also now that we are OspoCon in Europe I just wanted to highlight this finding. We had from European organizations that 44% of European organizations said they never required or hired developers to work on open source projects. So that is a big issue in terms of open source mentorship and training among organizations in Europe. I don't have the answer of how can we fix this? I would love to hear your input on that. But maybe an Ospo that is this place where the organization can rely on and this vehicle where they can translate the open source language and infuse this to the whole organizations might be a potential solution to this issue of open source mentorship and training. The next new is that, well, I'm sure some of you have heard about the Tudor guides. I know some Ospo's already knew about, have used it in there for building Ospo. So there is a new Tudor guide for Outbone open source. And we hope it's already also in the Tudor group.org. And it also, there is a link where people can add their feedback and keep growing this guide and create the version point too. So community feedback is more than welcome. And finally, we've been started a new series in person around tables and workshops called Ospo.live Sweden. The first one is hosted by Ospo at Ericsson and this is a collaborative effort co-organized with all the open source communities that are helping the Ospo movement, XPDX, Tudor group, Chaos, Open SSF and Open Chain. Also, I've dropped you the link to RSVP. The registration is now open and that will be in October. And finally, just to remind you that we are just starting the Tudor string committee nominations for next year. First of all, big shout out to the current Tudor string committee. They made my life way much easier. They've been great string committee. And there, if you go to the Tudor groups last governance GitHub repo, you will find everything about the Tudor string committee, responsibilities, what they do and how this is selected. And the application form will close September 13th to become one of the candidates. And I think I don't have too many times so this is gonna be really quick. We're an open community of Ospo practitioners that are willing to create knowledge, collaborate on best practices, tools and other ways to run successful open source program offices or similar open source initiative if you don't call it an Ospo. We are now more than 1,800 community participants and active and we are also supported by more than 80 general members, organizations, well-known organizations worldwide having an Ospo in place. And in a nutshell, we provide Ospo guidance and support in terms of tooling, network spaces, training, research and education. And since I don't have time, I'm just, person, yeah. So you can go to tudorgroup.org slash guides and communities and everything I'm sharing here, you're gonna find it for sure in order to advance in your Ospo journey. So thank you so much and welcome to OspoCon. Testing, maybe a little bit on Ospo life as well. The first one is gonna be in Sweden but we're actually organizing them all across in Europe. So the next one is gonna be in the Netherlands with our friends of Alexander and I'm already working on organizing them well in Germany and in the UK and actually since last night, probably France as well. So if you are interested in hosting an Ospo Live work session on your premises, just reach out to Anna and me. It's really the idea is basically that we're gonna have Ospo Live sessions on a 9 to 220 day cascade in all various countries making it easy for people to attend the event because it's like a nice and low cost which also helpful with COVID but it's really an in-depth knowledge sharing. Okay, let's start mind mapping. You wanna do? All right. So Anna and I are gonna take a little bit about the Ospo mind map that we have had to do. I think this is not necessary. You can go introduce yourself. All right, so I'll introduce myself. So my name is Thomas Thienberg and I was formerly at Here Technologies. Now I'm at E-PAM since April and I basically help organizations with all things regarding open source. Literally I help companies that are just starting at building Ospo to Ospo that have like an Ospo for 10 years. I'm involved in a lot of communities. People always get confusing but yeah. So yeah, I work on the software build material and SPDX. So I lead the security profile including vulnerabilities in S-bombs. I work on the tooling and ORT so that's basically how you can automate your open source policy. I work first to working to do. I do work in open chain lily. I was, the simply said I'd run my Ospo the open source way. So wherever possible, I basically go out to the communities and work with them as I progress basically in my Ospo because really there is in my way doing it the open source way is the way to run your Ospo. It's good for your company. It's good for the people involved and it's good for the community. Yeah, so this is gonna be the index we will be following today. So the first question is, okay why creating an Ospo mind map? Like how everything started here, right? So as some of you know there are a lot of Ospo benefits. People and organizations are now jumping into how to build an Ospo and let's build an Ospo because they've seen it's beneficial for the culture because it helps to break the cultural gap between traditional software development practices and the requirements for open source development nowadays. It also is education so can improve technical mentorship and also training across all different teams in our organization. It can also have the two automation of tools and it improves continuity. So many Ospos maybe they start and suddenly because they are unable to find the value and serve the value of the organization they just disappear. Sorry I said an Ospo, an open source initiative. So an Ospo that is a central place to catalyze these open source efforts might be a way to improve this continuity. So let's see it's from moving as we said in the keynote from opensource.hub to strategic decision making partners. But when people start in their Ospo journey when organizations decides to give the fundings to build an Ospo or similar opensource initiatives there are many questions. And some of the key questions that I've heard over the past years is what roles and responsibilities does an Ospo have? Because it's really difficult to navigate since they're really, they have so many different they have to pivot and so many different angles it's kind of difficult because Ospos are diverse and they are multidisciplinary and they are responsible of multiple tasks related to open source. So in order to try to have the community with this big issue, I initially think about okay how can we break down the big picture of all the things an Ospo could do? So initially I started a really early version of the Ospo mind map. I think I don't even call it a version. That was mainly to understand better all the different Ospo tasks and behaviors and roles in the ecosystem. And I just saw it on LinkedIn and Twitter and suddenly a lot of people started to give me feedback and saying we really need that as a project where people can collaborate and have it open sourced in a transparent way because this is something really valuable and can help a lot the Ospo community. So once I heard that I created a GitHub discussion in the Ospo forum to request, create a new rebel to work together on an Ospo mind map. So it was actually quite funny that so I hadn't missed the initial announcements but I said I'm on the to-do-go string committee and basically the mind map came up and I was like, hang on, hang on. I have been working on my own mind map. It's a little bit bigger than I will do. It's really where open source touches every bit on the organization from security to procurement and I had built this big mind map where it's like and I was using it basically to explain to people like, okay, these are kind of the roles and responsibilities. So then I was like, hang on, I have this thing. We already have this in to do. Why just not contribute and emerge them? And so my work basically was based on my own experiences and work that basically Ibram had done for many, many years. So I was literally taking all kinds of links from the research papers, taking bits out of that and I was just looking like, okay, how can I just make a new mind map and make it easy for people to understand what the roles are responsible for in OSPARs. So yeah, once I found the 1.0, I was like, well, let me make it pull work best. And then really, as you can see, well, I opened it. Then of course, other OSPARs, so Gregor Lee, Joseph, they also were like, hang on, I also know some things. We can make this better. So then basically as a community, we basically came together and basically we worked on it until we came to the 2.0 release. So yeah, and this is really the nice thing about how we're working to do basically again, you contribute back, others are like, oh, hang on, did you think about this? Did you think about it? And together we basically create something that we all can use. So the major update has been from 1.0 to 2.0 is that we more clearly define the OSPAR responsibilities. So that because basically the, we had it in 1.0 clearly, it was like, no, no, no, there are actually more things than OSPAR. So to be clear, it's not that we're saying an OSPAR should do everything here. Every OSPAR is different. It's just, these are the things that an OSPAR could do. And these helped you kind of like structure and communicate, for instance, to your management, like what have you done. So I think about this is how you can use the mind. So in your own organization, and I've been using it in ePen as well, this is what I use to basically to talk to people that have no clue about open source or basically are techno, know about open source, but want to understand what value does an OSPAR bring. So exactly by using the mind map, I can say like, these are all the topics that we work on. We already have this, this and this. I also use it actually between organizations. And there's always like, okay, so what do you do in OSPAR? Every organization has their own little language. They call things differently. So I talk to a lot of my clients and they have a particular structure. And then I use the mind map to basically say like, okay, so how do you oversee compliance? And then they just draw the line, okay, we have these people here do zero. So we get a common language, but that's also happening in the community. So again, I work on many different communities. I talk to open and open as a lot of the security people and they don't necessarily understand what an OSPAR does. But then I use the mind map and say like, look, this is how we do, this is how it's going. So it helps to kind of create a common language between even open source communities on what to do. Cause again, you have to understand not everybody knows what an open source program office does and how it works together. So that's kind of how you can use the mind map. Let's show the thing in action. So let's do, so I said, the idea is you can go to the URL above. So it's, OSPAR mindmap.todogroup.org and you basically get the division of four blocks so that the roles, behaviors, the size and the responsibilities. Maybe let's start with the roles. So here you see again, all the things an OSPAR could do. It said, it's from project management to licensing. I said, remember the stages in the previous presentation on where people are? This kind of follows exactly the same. Can we have worked on aligning all of the stuff? And so this is what, the next thing you can look at, what is the behavior? Again, you have OSPARs that really work on industry collaboration and that's the sole thing they do. The compliance bit is done somewhere else. You have OSPARs that do it also on technology strategies. So you really have different things then. And well, people that have been longer into do notice, we have on and off discussion, okay, how big should my OSPAR be? Do I have, we have people that have an OSPAR that are one-man armies. We have people that have an OSPAR that's one of the largest that I know is about 30 plus people. So really, it really depends. And finally, as we said, the overview of the responsibilities, you can click basically on every bit. So now it's a big one. And you can see, for instance, like, hey, how are we gonna work with, how do we basically promote more option work? Well, you can set up educational programs and then you can click it out again and then you see like, hey, good hygiene at all. So this is how it works. And there's also links in the entrepreneur. So you can actually click to the material. So it really helps you guide and navigate to all of the materials that are out there. Okay, so we will also like to give you some guidance on how to contribute to this project because this is open source and it's under the, the Tudor community is already keep working on the next version. So for this, we will need to introduce you the tool. The tool we are using is called Markmap. So it's kind of friendly format to ease community contributions because it's just simply Markdown. You don't need really to learn, have coding skills to contribute to that. You just need to know Markdown and it develops this nice and beautiful Markmaps, mind maps. The project, by the way, it's also open source project. I think it was GPL, the license. So, and then on top of that, there is the project destructor. So it has a content folder that includes the mind map as Markdown file and is where people can add their contributions and their additions to the Markmap. There is an image folder where it contains the vector image that is rendered from the Markdown file and then the interactive mind map. And there is additional info folder that contains like how this is started, like the story we have served. And there's also some useful links that you will be able to find in the slides in case you're interested to contribute. And the workflow to contribute is pretty as many open source projects. So you send a PR with requested changes to the Markdown file and maintain a review, a apology maintainer reviews the PR. We can approve it and merge it or request changes. If we approve it, this is not something that we need to automate. So if people knows, if there are contributions on how to automate this process of once the Markdown is done, automatically the HTML is rendered and updated, but right now we have to do it manually. So the same maintainer generates the HTML Markmap, make changes to the HTML file, and the changes will be visible as at OspoMindMapTutorGroup.org. So as I said, we welcome new contributors to contribute to this and all the Tutor Resources. If you go to TutorGroup.org slash community, you will get a nice onboarding list to get started into Tutor Community. Also, we have a calendar where you will be able to see all the different meetings we have over the month. And one of them is Workday Activities. And usually we have for EMEA and APAC and AMERD time zones. So usually in there is when people focus scatters together and work on the MindMap next versions and a common version. So you're welcome to join anytime. And this OspoMindMap is part of a rapport at the TutorGroup called OspoLogy. So OspoLogy is a mix of all together for Ospo. So if someone that are starting, willing to start their Ospo or thinking about how to build an Ospo and start advancing in their Ospo journey, they can go to OspoLogy and there they will find several resources. They will find networking spaces like community meetings, Ospo use case with OspoLogy thanks to OspoLogy webinars, the Ospo MindMap to know about the Ospo responsibilities and behavior that an Ospo can adopt. They can ask questions in the Ospo forum that are the OspoLogy GitHub discussions and join to Ospo news that gives overview of what has been going on in the Ospo verse over the past month. You want to talk about this? Okay. So yeah, why I have this slide. So actually is that we're on and I are organizing all social life. And funny enough, we post your life for the people that don't know it. It's a two day workshop events. One day's presentation, the second day is kind of an unconference style where we have like, we work together on the challenges that knows perhaps. So in these sessions, we're actually going to use the Ospo MindMap to guide the discussions. So we can use it to cluster all the various topics that people want to talk about it. So we can basically say like, oh, there's a group that wants to see about overseeing compliance. There is a group that wants to talk to strategy. So this is again, we're using the things that we develop in our own workshop. Because again, again, it helps to facilitate conversations between people. That's it. If you want to learn more about to do, you can find an upper station, all of the social media links, all the links to the posts. Do we have still some time for questions? Okay. So I'm going to repeat the question for the audience that is online. So you are asking how to convince the organizations to build an Ospo and how to see open source. How to convince your boss to start engaging in open source and not just consuming it, but contribute back. Okay. So there are a lot of different benefits. So first of all, I think we mentioned in the keynote and it's open source is everywhere right now. And even though you're not taking care of consuming it, of contributing back, your consuming or your developers are consuming open source. And if you're doing that without any thinking of, okay, I'm just taking it and not giving back, that can take potential risk, security risk and big damage for the organizations. So there are many approaches to justify the value of contributing back to open source. But I think this is for private organizations the most key one, like the highlighting the security vulnerabilities of not contributing back to open source. Also, it can drive innovation. So you are using open source, but maybe if you contribute back and you engage in the community, you can start getting into the community and maybe part of you can have voice in the ecosystem. So that can also accelerate innovation. And if you really invest in hospital talent in open source talent and have maintainers and people in this open source community, you can, the organizations can even reduce cost. So there are so many different benefits. And the next step of just not using, just not about contributing to open source, but having a dedicated team is that if you really care, or if the organizations really see this risk and really cares of open source, the organizations will be putting efforts on that, so they will be investing. If not, they are not caring about that. That is not serious. So NOSPO is that way to, it's when organizations goes and says, okay, it's time for me to invest on it, to have a dedicated team or a dedicated time of a group of people working on that, because this is serious, because if not, I'm gonna be behind. I'm gonna get behind, my competitors are gonna go ahead because they will be engaging in open source and try to understand how to do smart open source and you're gonna get behind. So that is a big issue usually for when you talk with many bus managers. So to add what Anna said, I actually get that question on a regular basis. If you wanna get some hard facts, I actually happen to build tooling that you can run over your entire company's code repository and show you exactly how much open source you're using. And it's fully 100% open source. It will show you exactly which open source you're using, which license your habitat, well not money as it's good enough. So don't expect like deep commercial grade that tooling that you normally have to pay 100,000 to a million bucks for, but basically it's the same tooling that was basically developed under, under also under the to-do group by several German automotive ausposts that were basically like, okay, we see this question over and over. Yes, we have the materials that you can use to make a nice powerful presentation and you can quote industry numbers at that like 80 to 90% of the stack. But now we can have also have tooling that you can run. You just need to have some compute power that you can use and then you can scan literally, I've did it for my own company, we scan 19,000 code repositories and we just show the balls like, hey, this is all the open source you're using. We actually used it for to hone our open source strategy. So then we knew like, okay, from these are the most built tools that are mostly used. So these are the most loose languages. So we can then focus, okay, this is where we as an as a company should invest in. These are the communities important to us and hopefully soon ish, we will also be able to figure out like, where are the weak spots in our infrastructure? So where are the packages with we call dependency robustness? So where in my stack are the packages where the community can actually use some help? The German government is currently forming one. I'm also, and I'm also talking to the Dutch government since I'm being in Dutch. So in the Netherlands, it's currently that several of the ministries are forming a hospital. It's only at the central one, but at least for instance, like the interior ministry, they're working hard to find our spots. It's in government, things are always a little bit more complicated, but you are seeing now that they recognize the importance of open source and then now basically should change again. But don't anything government also think cities like the city of Amsterdam actually has an hospital. City of Paris also has an hospital. The French genre Marie also has an hospital. So it's a little bit at every layers in the public sector basically. You see basically, all spots pop up. Yes, corporations were first to it, that they have more of them. But again, also in the public sector, they see the value of having an hospital. And I will say also that I've seen a lot of work in progress hospitals or even organizations that from the public sector that they don't feel confident calling it an hospital yet. So they call it open source center of excellence or they don't even want to call it anything. We have, in fact, we have into the group an hospital landscape. If you search hospital landscape, you will see an overview of all the hospital doctors that in a public way they say we have an hospital. Because as I said, I know a lot of hospitals that they are there, but they don't want to start the brand or they don't feel confident to see it. And there's also hospitals. So there has been at least in Europe from, I'm from Spain, by the way. So in the public sector in education, I've seen earlier states hospitals that they don't call it an hospital in universities. And they have been there for over the past decade, but they didn't call it an hospital. They've been there silence. So I hope that now that we have this common definition of the hospital, more organizations that initially they started to do something similar to that, align on common definition and characteristics and we have like better alignment with this because they have been this hiding open source initiative somewhere and there's a lot more to discover. But yeah, so this is also why, one of the reasons for me also when I was working on creation of hospital life. So this is the nice thing like because we're now going to do local Europe events, the people that normally don't come to a conference like this because it's local, literally it is at, well, some European countries are bigger than others, but they said I had a discussion in the Netherlands like, okay, if we do it in Amsterdam, the furthest away is like three and a half hours by train. The train ticket costs maybe 40 bucks. That's something that you can easily, so what we want to do is we want to get, by how organizations watch life, also get people that don't call themselves an hospital, give them a forum to basically said, well, I can just go to bus, oh, hey, I'm sure I'm actually working on this. There's now an event that's like in the next city over, can I have the train ticket to just go there? So you can come to conferences, maybe not affordable for everybody, but by having it locally. So it's again, it's small-sized locally, but in-depth knowledge sharing. So what we do is we basically bring, sort of for the first one in Sweden, where David E. Wheeler from OpenSSF is coming in, Shane from OpenChain is coming in. So we're literally bringing people that those people will normally never see because they won't necessarily, but then into the same room. And the idea is to basically help them shape their hospital. So just not, again, they use their public material, but there's lots of things that you learn by talking to other hospitals. I'll also do the advice to basically, it's on the chat-a-mouse rules, so you can probably openly speak and talk with others that also work in the hospital. And then in all the European countries, we hope to get this all kicked off to basically have people work together. And then hopefully we'll have, say, Dutch hospital community, we have a French hospital community, we have a Spanish hospital community. And so who knows, maybe in a couple of years, this room will be too big because we have so many hospitals that, yeah, we'll need to hire a football stadium, hopefully then. That's where we're going for. So that's why I said, we're really trying to build this up and basically get the knowledge sharing, get the knowledge going. For the people that worry, yeah, we're starting in Europe, we already have a quest to do it also in India and also in the US, so. But let us first let Anna and I first get the Europeans going and then we'll start doing the other continents. Yeah, so we have hospital cases studies in the website. And also we have every single month, we launch a apology webinars where we invite hospital leaders across different regions and sectors to talk about hospital experiences, like maybe they develop a new tooling or a new initiative or they serve their hospital journey. So that is available in the Ospo-Logy YouTube channel. Ospo-Logy, yeah, Ospo-Logy YouTube channel and also in the Tudor website at tudorgroup.org slash guides, yeah, slash guides and there you will see all the different resources. And of course the hospital landscape where you will find like an overview of the hospital ecosystem. Any, yeah. So the question is all the companies are doing basically license clearance, clearing the same open source packages because hey, everybody uses the same word. So can we not build a common pipeline where we do this work? Actually, yes. Actually, I'm already building it. It's already being done in the German car industry where basically we share this information. We have the tooling already. We will also publish, we have already some, but there will be more. I'm about to push about 5,000 clearance results that I have from my previous company that we cleaned up. So what we're now doing is we're giving new OSPOS. So the topic of compliance is usually, for a lot of us, was the first topic. And a lot of them people are either buying a tool and then they're not happy and that's because there's basically there's gap in commercial, there's gaps in open source. But a lot of people are like compliance is very, very complex. So we said like, okay, I would love to have people more contributing but compliance basically pulls down a lot of OSPOS. It's so complicated they can be assumed for like years. So we said like, well, let's fix this. So we open source the tooling, we open source the data and we're also giving you the reference policies. So we're giving you the open source policies that you can use to build upon. Basically giving you a full, everything that you need to basically do compliance out of the box for your developers. And but again, that doesn't solve the problem of doing license clearance. Because again, there's literally millions of open source packages with unclear license. So I have, I'm actually a co-founder of another project called Clearly Defined. We, the number starts there says that but depending on the ecosystem, it's up to 40% of all open source packages in an ecosystem were unclearly licensed. We need to fix this. Our way to fix this was like, no, no, no, we're not gonna be as companies to maintain a database and we're gonna share this. We're gonna do this for the things that were released. We want to fix things upstream. So that's why the tooling that I'm a co-developer one, it's fully open source. The idea is basically that we give this to the community and we haven't already our first success. So the Eclipse Foundation is gonna adopt OSS-Vedulkit or ORT and they're gonna use it to check all Eclipse packages. That's the idea. And then they will produce S-Bombs. And they will also contribute back to the project sharing the clearance data. It's really like I said, I remember being in an open chain meeting a few years back and basically in the room, I think it was like 90% of the people were all doing the same clearance for the same open source package. It's like, it doesn't make sense. Literally, we are not competing on licensed clearance unless you're a vendor. We're not competing. It's just cost for us. It's just something that we need to do. That's why let's share. I do know it takes a lot of time and a lot of convincing for people to say like, yeah, are you actually clear this? But again, we don't share companies opinions about licenses. We just share the facts that MIT is applicable to this license. And the nice thing is it's open source. So we already had one case. There was a package where it was unclear what the license was. Because it was open source, I literally just reached out to Red Hat and say like, hey, one of your guys contribute there. It's unclear what the licensing is. And he was like, oh yeah, I can find this out. Here you have the main, like some really random main list where it's like, oh yeah, here you can see we actually mean this. And then the original contributor who still was working for Red Hat actually contributed back and say like, this license actually means this. So we then also had the full provenance. Like normally as an OSPO, trying to figure out what the developer meant, what are things, it takes many, many hours. Doing this the open source way is for me the way. Because again, it's the open source community fixing things upstream. And it has some other benefits when we roll out the tooling. The problem was for me always, corporations are using commercial tooling. They figure things out. They clear things up, but they usually don't fix it upstream. So then the next corporation has to do exactly the same clearance. So this is why I'm very grateful that we're cleaning this up. And there's also other related space. So the Free Software Foundation in Europe has something called Reuse. And that's a specification that you can use as a developer to clearly indicate like with an SPX license identifier, this is the license application with the code. So instead of saying like writhing it out and people write all kinds of things there, my favorite sentence in clearance is, MIT is compatible with GPL. Yeah, Scanner doesn't understand that. All the Scanners sees is GPL. And a lot of my clients say GPL, big, big, no, no. That means that every time a developer writes that in their source code, the Scanner will flag it. A better way would be to just add code to say the SPX license identifier, MIT. It's human readable and it's machine readable and it's instantly clear. So in the Linux Foundation, there are big efforts. For instance, the Linux kernel has a lot of now SPDX license. So it's just very clear that if you use the Linux kernel and you have to do clearance for that, you can literally now much more easier figure out what the license was because for, we're talking about thousands of source file. Now proper SPX license IDs have been added to clarify like exactly what was the licensing for this file. Any final questions? So let me repeat the question for online. So does the to-do group have some guidance about S-Bomb tooling, basically, right? It's not under the to-do group. We are linking to it. So again, this is why we collaborate with all our other groups. So most of the work in the S-Bomb working group, this is actually happening in SPDX because that's the I system for S-Bomb. And in Open Chain, it's compliance problem. So again, as to do, we don't want to have everything under there. If there are already existing communities that are doing great work, we'll just link to them. And they say, here you can find it. Well, we will work on a S-Bomb to-do group and what we have materials, but I like to say, hey, the actual details of those things are over there. If you, how you can use this in an Ospo setting, that will be under the to-do group, right? Because that's really where the Ospo context where we say like, hey, this is how you could use it in an Ospo. Yeah, and I just wanted to add that part of one of the missions that we've been working with the string committee is being how to build this cross-community collaboration across other communities. For instance, we recently joined Open SSF to work on how to give guidance on Ospos on how to build more open source secure projects and having these guidance targeted to Ospo and focus it on an organizations that are building an Ospo. So this is a clear example of how can we collaborate with other communities, because Ospos are being everywhere. And as we said, there's a lot of responsibilities that deals with legal, with compliance, but also with community building, with assessing the metrics and strategy to measure the success. That is, for instance, measuring community health, chaos does a great work as well. So all this, it's useful information and it's already there, it's already in the communities. The main, the key part of this is how can we collaborate and share knowledge. Even within, I know it's everything about open source, but sometimes it's difficult to connect and to communicate even within all the open source communities and peers. So I think also one of the main reasons of building this OspoLogy live, as Thomas was saying, is to put everyone together into a single room and build common tooling and build common resources. Yes? Okay, thank you so much. Just for the online audience, they were saying that they have been using this Ospo MindMap to dive into all the responsibilities and formalize better all the different responsibilities and select which ones are relevant for the organizations based on their organizations goals, I guess. And thank you so much for all the community to keep this project alive and keep contributing to it. And yes, one last stop. Okay, you can, we can talk. I mean, we will be around. Thank you so much.