 Software security is no longer an afterthought. With the shift left movement, it is becoming a critical piece of, or critical part of a developer's pipeline and workflow. However, despite all these efforts, despite the focus on security, we are seeing an increase in attacks, which means that more work is needed to be done in this space. To learn about some of the initiatives that the Linux Foundation is taking to address software security, we have two guests with us from the Linux Foundation, Dr. David Beeler, Director of Open Source Supply Chain Security, and Stephen Hendrick, Vice President of Research at the Linux Foundation. Steve, David, it's great to have you on the show. Thank you so much. Thanks, bro. Linux Foundation is already doing a lot of work in the security space. Anything that you saw in that space that you felt like we have to do more. Unfortunately, the attackers haven't stopped. And I think most of us realize that all of society depends on software today. We all depend on automation. Automation is fundamentally about software. So the good news is that we've had some success in helping projects improve security in some places. The bad news is that if the attackers just look for the next target, the next easy spot. And so we just need to continue to up our game in terms of countering attackers. I've been to the Linux Foundation now for about a year and security has been pretty much the exclusive focus of the research that I've been doing. And I think that's indicative of the times that we live in and the significance of this topic to the Linux Foundation and the software industry. Now let's talk about what is the new initiative that the Linux Foundation taking to address a software security or supply chain security. This is research that we are embarking on that is focused on open source software developers who are either maintainers or core contributors. That's who we want to talk to. And these are the individuals who review software contributions. They make decisions about what features and fixes to be accepted. And then they use build services to create software packages for public consumption by other developers. So if you're a maintainer and you're a core contributor this is actually a project that we want you involved in. Now the open source security foundation initiated this research project earlier this year. And I'm the principal investigator on it. And I began this project by interviewing quite a few open source software maintainers. And I did that to understand their biggest supply chain security concerns and ways that the security of open source software could be improved. Now these interviews were instrumental in helping me design a survey instrument to understand number one, what's the most pressing security issues that we have to deal with today? Number two, how is security being addressed across development activities? And then number three, taking a close look at how security, the security of open source software can actually be improved. So this security is going into the field pretty much as we speak. And the best way to support this research if you're a maintainer or a core contributor to open source software is to use the link associated with this video to take the survey. Will that also affect how, you know, there are a lot of Linux Foundation projects which are actually addressing the security. So it's also, inside it's not just to tell how developers develop or help them to improve their processes, but also help Linux Foundation how to make, you know, the whole supply chain more secure as well. It's really about understanding where we are today, where we're going to be tomorrow. And that will help shape decision making by the Linux Foundation around where we need to drive a higher level of emphasis on what to do, you know, what's the least we can do to get the maximal gains in improving the security of our software and the supply chain? As you mentioned earlier that the work on this research started, you know, a while back. Can you tell us, you know, where you are at what stage? Do you have any deadline that when this research will be out? The survey is actually going into the field right now. So we're actively collecting data and actually our schedule for releasing the final report on this will be sometime in June, probably toward the end of June. So that will be, that will be tremendously useful from the standpoint of setting priorities for the second half of this year. Is this research just for, you know, Linux Foundation hosted project? Or anybody can participate because when we look at open source, it is a wholesome game. It is not related to, with respect to developer company or foundation. Yeah, this research is looking, it's cutting across really all of open source. And we will be talking to maintainers, you know, across all of the sort of the most important, the thousand most important, you know, projects that are going on out there. Many of them of course will be under the auspices of the Linux Foundation, but many of them won't be. And it's kind of irrelevant whether it's associated with the Linux Foundation or not. The reality is, is we're looking for, you know, where are we, what do we need to improve where we are? And that will be helpful to pretty much everyone who's in the process of building, maintaining open source software. We're all in the same boat. Many, many Linux Foundation projects depend very strongly on projects not created by the Linux Foundation and vice versa. Many projects not created by the Linux Foundation, in fact, depend very much on, so there's no point in trying to have that kind of split. We really want to kind of raise the tide of all the ship. Steve, David, thank you so much for taking time out today and talk about this really important topic and the work that Linux Foundation is doing to help companies, organizations, individuals improve their security posture. Thanks for those insights. And I would love to have you back on the show when the research is out and we can discuss in detail what were the findings. Thank you. Thank you. Great, thank you.