 Now let's get on with the show. Our first speakers today, we're gonna have a twofer. Twofer Monday. It's my pleasure to introduce Nydia Ruff and Brian Bellendorf. Nydia serves as the at-large director and chairperson of the Linux Foundation Board of Directors. Nydia has a long history of service and open source, having championed the adoption of enterprise, adoption of open source and the enterprise, influencing organizations to invest in and give back to open source communities. She actively works to advance the mission of the Linux Foundation in building a sustainable ecosystem that's built upon open collaboration, which is pretty amazing. Nydia joins, she joined Amazon as the head of the open source program office where she'll continue to drive investment and compliance in open source. She's a passionate advocate and a speaker for opening doors to new and diverse people in technology. So I'm gonna invite her up to the stage to help get plugged in. And after Nydia speaks, we're gonna have Brian Bellendorf, who's the general manager of the open SSF. Brian founded and helped lead open source communities and initiatives for more than 30 years. First as the founder of Apache Software Foundation and then later as a founding member of both the open source initiative and the Mozilla Foundation. Brian is co-founded or was a CTO of a series of startups, including Wired Magazine, Organic Online, and CollabNet before pivoting towards public service in the White House as a CTO office under President Obama and then served as a CTO for the World Economic Forum. So please welcome me in joining Nydia and let's give her a nice round of applause. Thank you. Thank you everyone. I know it's common to say gray beards in open source. There's also others with gray hair like me. And I must admit that one of the privileges of having been in open source for so long is a chance to talk about history and what we've learned from history and why we are at the moment we are today with open SSF and what we need to do to move the needle from an open SSF perspective. As indicated, I sit on the board and I'm very excited to also be part of the Amazon open source program office and really acknowledging Juneteenth, acknowledging Pride Month and I love, love, love the Linux Foundation logo that's really reflecting what we're celebrating this month. So let me start with the 80s and 90s when I actually was around and I was involved in open source around 1998. So I think we've got to acknowledge that open source came from very, very fringe elements, quote, if you will. It wasn't an enterprise thing. It wasn't invented by some company. It wasn't created in some company. It was really folks in the MIT research lab saying how can we give people the freedom to actually examine software, modify software, change software, et cetera. And so therein was Bon Ganu and the Free Software Foundation and the license called GPL, which gave people a number of freedoms, freedom to modify freedom, to share source code, freedom to distribute, freedom to use it for any purpose that they want, which was a dramatic departure from how software was typically shared. I think this is important because during these days in the 80s and 90s, companies really hadn't fully discovered open source yet and they feared open source and it was kind of on the side. And then comes the 90s and you start seeing people like Lina Storval's releasing the kernel that he had created and he used GPL to share this with others which some people say is the reason why Linux became so widely adopted and shared and the innovation was so fast and so aggressive and there was just so much collaboration, open collaboration going on. And then comes the open source initiative which was founded to protect the freedoms, the open source definition and the freedoms of open source and the term open source really came into being. Before that it was really free and open source software. A lot of companies thought, oh my gosh, free sounds economically free and I don't wanna associate myself with something that people have an expectation that I give away for free as from an economic perspective. So the word open source was coined actually by a woman, a consultant, Christine and I forget Christine's last name. And then comes open source development labs and here's an interesting thing because companies actually came together to create open source DL and also free standards group because they felt that they needed to collaborate together to take this new thing called Linux and open source forward and make it enterprise ready. And so they felt that they needed to come together in a neutral way, in some sort of a foundation way to really work on this together and that no one company could do it by themselves. Then comes the foundation called Apache which Brian knows very well and he may cover some of that in his talk. Apache is a 501c3 so it was started as a nonprofit started to protect the emerging development of Tomcat and other Apache web servers and projects and the Linux foundation also came into being around the same time and it was started more as a trade association with the merger of the free standards group and the OSDL. And again, it was to protect this nascent thing called open source and Linux and to grow this and develop this and move this forward and make it available for all of us and also to provide a neutral home for the creator Alina Storbaals so that everyone could benefit from the work that he did and then to start creating the constructs like open governance and how do we deal with trademarks and legal constructs around open source and how do we build community and so on and so forth. And then you start seeing some young new companies, tech companies like Sun and SGI and HP who start saying, how can I start using Linux in my servers? How can I ship product based on Linux? How can I support Linux and IBM here hit it out of the park by doing a one billion dollar, I think, support? Jeff will correct me if I'm wrong, one billion I think is the number and started the Eclipse Foundation and started saying, we believe in Linux. And that then became, I guess, a call to action if you will for other companies to say, I think Linux is something that companies should use and adopt and it's become mainstream and it's something that we can work with. Then you start seeing a number of companies that were born in the age of open source like Google and Facebook and Amazon and Netflix and they built from ground up using open source. They built these hyper scale, web scale companies using open source to fuel their search engines or social media or dot com or streaming and they also did something interesting. They started kind of contributing back projects that they had used in production. So you started seeing things like Hadoop and other big, big projects being contributed back and so you now start seeing a huge body of work that's scalable and usable by companies and becomes safe to start really building on open source. The cloud start building on open source so if you pivot a lot of companies who really created their own infrastructures for say in the case of Amazon for dot com, they start saying, I wonder if other companies could use the same infrastructure and could benefit from this infrastructure and start creating cloud services and so also you can see Google doing the same, Microsoft doing the same and other cloud companies and then people started saying, I want to see use open source but can you deliver it as a service? So you start seeing cloud companies deliver Kubernetes as a service and other things as a service. The other adoption that started happening, I would say in the 2000s and beyond and I actually worked for an enterprise company called Comcast is that enterprises which were not at all in the business of systems, right? Were in banking or in media and entertainment or were in retail started saying, you know what? I need to build my business on software. I need to digitally transform. I need to become a software company because I am competing with new upstarts in the technology side and my customers want a transformed experience and in order to be agile and digitally forward, I need to start using software. So you start seeing enterprises using open source software very, very prevalently. I ran the open source program office at Comcast so you can imagine capital one has one, target has an open source program office, fidelity and so on and so forth. So what I'm trying to say is you're seeing industry after industry, organization after organization starts using open source, including open data, open hardware and new industries like energy and you start seeing agriculture, healthcare and we are building so much on open source. Our digital infrastructure is built on open source. So there's so much writing on open source today and so the protection of all this is so, so critical today and open source in governments is such a thing because governments are realizing they need to transform digitally but they also need to be transparent and working much more closely with their citizens and also develop industry in their country and encourage innovation, et cetera. So all this comes up to say success and ubiquity of open source comes with responsibilities because now so much of the world depends upon us and is built upon open source. It is so incumbent upon us to make sure that that trust is not betrayed and that faith is supported in what we do. It means that we need to grow up. It means that we need to find a way to secure open source and especially in the last decade or so there's been so many, many issues with Heartbleed and Log4j, et cetera, that have really kind of created an alarm for us to say, I think we need to work better at this. You know, unlike working with one monolithic maybe blob of code from a proprietary company where you can hold them accountable, it's a whole different ballgame in open source. And so what happens with open source suppliers now we have suppliers who are diverse. There's like, I don't know, millions of projects that we consume, big and smalls. Some have maybe great security posture, some don't. Some are well maintained, some don't. So you really don't have a standard in terms of how you work with them, how you maintain them, et cetera. And most of the open source projects were started with solving a technical problem in mind. So most of the maintainers tend to be innovators and problem solvers, but they're not security folks, they're not documenters, they're not community leaders and they need the help. They need to know how to do it right. And many lack security training. Frankly, security and open source groups used to be separate in companies and in life, so they were different disciplines and so they often never talked. And maintainer burnout is also real. A lot of maintainers are saying I can do this much anymore. And so I need help. I need help to maintain the software, I need help to do it right and I can do it alone. And then you see the supply side which is our users like us. You start seeing us using open source more and more for mission critical things. I mean, company, businesses and infrastructure like energy grids are built on open source. These are pretty mission critical things. They've gone other days when people would say, I think I'll do something light on open source and for production I'll use proprietary. And developers, I feel a lot of new developers take open source for granted because it's just there. It's used by everybody. You see it as a de facto standard. You say, oh, it's already vetted by so many people. I don't need to do my due diligence. I can just download it. I don't need to know the license. I don't need to know the health. I'll just use it. And a lot of dependency management tools are also pretty lacking and need a lot more development. You can see your direct dependencies, but you may not be able to see all of your transitive dependencies and then how to deal with it, which ones to deal with. And I know there's a lot of work going on with our sponsors and others to improve this, but it's still a challenge. And a lot of companies still struggle with how do we work with upstream? How much should we invest in upstream? Do we really need to put some people directly involved in upstream? And do we develop a policy around open source security? And upstream especially is one hard thing to solve inside a company because we're really created to serve customers and customer problems always come first and you think, you don't see the long-term positive benefits of contributing to open source because it's an indirect benefit. And so you kind of don't see why you need to have a seat at the table or give back to community and make sure that it's sustained and make sure that you are improving it. And that needs to change. So you can see a mismatch between open source, how open source suppliers work and how open source users work. And this needs to come together. So I want to end by saying that's why history has taught us, as you can see, throughout the adoption of open source in various industries and various phases of open source, collaboration has always come to the rescue, collaboration of industries coming together, companies coming together, foundations kind of acting as a neutral home, if you will, for people to come together and solve big, big problems. And what's also interesting with the open source security issue is that the government is now getting involved as well. And they're saying, we need this to change because it is a nation at risk and it is infrastructure at risk and it's citizens at risk. And so I think collaboration is coming to the rescue again, open collaboration to help us all come together to solve this big initiative that we have in front of us of securing open source. So I know I have five minutes left, but I am done and I'm gonna hand it off to Brian so that Brian can really take you into the practicalities of how we do this. Thank you. Thank you.