 Okay. So I think we can start. Thank you so much everyone for attending to today's talk. So the main outcome of today is to serve with you some key findings of our latest studies that we did in collaboration with LA Research and the Tudor Group about this state of auspice and also serve with you some insights of what is the status of auspice in Asia. So for those who doesn't know me, my name is Ana Jiménez. I'm the Auspice Project Manager Tudor Group that is a Linux Foundation project and community. I formally work at Viteria more in the data science field in software development analytics. So I'm a data scientist and I'm also at DevRel and currently when I have time I try to contribute to open chain that is more focused on licensing and compliance and standards in our source commons that is a community focused on developing open source internal culture within organizations. The Tudor Group of course that is the organization I'm involving in and chaos that is another Linux Foundation project focused on measuring the health of the community and the open source projects. And in case you want to follow me or get in touch with me, that is my WeChat that you can scan and just add me as a friend. So I know some of you are already part of an auspice team or a similar initiative but I'm pretty sure there might be other people that maybe this is the first time they hear about the term auspice. So I'm going to give a certain introduction before I dive into the insights. So an auspice is defined as the linchpin so the entity are the people that is in touch with the organization and the open source projects and community. So they are collaborating internally with many many areas within the organization that they need to understand open source, they need to engage with open source and is in the shape of compliance and legal so they collaborate with the legal department, security department, HR team to how to onboard or maybe hire new developers from the open source communities, the business team on strategy and of course the engineering team but also because they are engaging with open source and open source is a community of communities they also need to engage with the developers of those open source projects, the maintainers of those open source projects and the open source foundations of where those projects are hosted. They provide support, advice, knowledge, strategy and even though you might not call your entity of open source operations an auspice it's more important to not determine the essence that this name implies. As I mentioned they collaborate across many layers within the organization. This is one of our recent works in our community an initiative called the auspice book where the community define this auspice flower and the areas of work that the auspice really needs to take care about and in a nutshell I think this sketch clarifies and integrates better like the essence of the auspice, it puts order into chaos, it gives strategic alignment to the organization and without harming the open source ecosystem but keeping the sustainability of the open source projects. And why is this important? Well if I tell you right now in your organization do you have a security team? Do you have a CISO team? I'm pretty sure you have and if I tell you why do you why you have a security team you will say well because that it's critical for our business for keeping us alive because security is so so important and why then we don't say the same when thinking about auspice? In one of our studies we found out that the auspice 93% of the auspice collaborates with the security team. It's important goes beyond managing open source is because open source is integrated into every modern application nowadays so the same time and the same way an organization has a marketing team an organization should be thinking about adopting a strategic posture around open source because it's integrated in the IT development, the AT strategy. So what we found out in this study that we do every every year in collaboration with LF research and this year also in partnership with these great organizations some of them also from coming from the the Chinese community we found three key findings the first one auspice are becoming mainstream in general but particularly also we found a huge increase in Asia we will just go through that in a minute also we deep dive into the value of the auspice and how auspice are improving security to build more secure software and to help and support into the sustainability of open source projects and finally also these research allow us to define some next steps and challenges ahead that I would like to start with you so to put us into context so this is study the demographics we had a sample size of 489 participants taking the survey so 20% of those of that sample size comes from Asia Pacific I think it's the highest percentage of people from Asia Pacific taking the survey in all these years that we have been conducted this survey so it's a really huge amount of people and well that isn't quite normal that most of these of these people come from the IT fields of 56% but we did also have people from government entity or agencies from academic or research institutions and of course a lot of people 80 28% of end users organizations that consume IT products or services so the mayor finding we found was about auspice growth we saw at 32% increase so it's great because we did that means that 66% of organizations now recognize this importance of value of open source software but I think in the next years ahead we can do better particularly if you see in general in or across all the regions we found an increase from 2022 to 2023 but the dark blue is Asia Pacific can you see that come went to 26% to 54% in just one year so I think this is really impressive and I think these are good news but again I think we will say now in the future but I think now is okay organizations are waking up they're starting to build an hospital how can we preserve perceive this hospital how can we improve the sustainability of that hospital in the organization another finding was about security so this was a new question we added in today's in this year survey we wanted to know how many of these auspice collaborate with the security team and give support to the security team so we asked them um yeah like does your hospital or initiative directly address open source security issues we found out that 60 69% made decisions on security issues and others even though they didn't make decisions they provided advice so a total of 93% of auspice this year provided advice on the security issues so this is about like auspice are playing a higher role an important role on risk management and I think this is a really key topic to address and you might be thinking well what about generative AI now that is so popular well actually one of the things we do in in to the group is doing these monthly meetings and in the last one we had a panel discussions on how what is the role of auspice in internal AI compliance programs this is of course is something that I think it needs more evolution because this is pretty new but in this um in this panel discussion that is recorded and people cannot really see it we we saw that there were auspice getting involved with the and talking with the AI ethical team or the AI compliance team to help them deal this compliance program and also regarding innovation uh so we've seen that auspice helping to move from a nice to have thing open source is a nice to have thing to integrating open source in IT strategy so for instance the top uh technologies that auspice actually engage it and are paying uh uh having activity is cloud containers AI machine learning and analytics it's not also about that they are getting involved in these technologies but they are helping to improve open source best practices within the organization so we found out that 96 percent of organizations that had an auspice have driven significant improvement to software development best practices and the ones that have an auspice are four more times likely to provide upstream contributions so to contribute back to the community that I think it's uh some organizations might be understanding the value of using open source uh but sometimes going beyond and go to the stuff of contributing is a really hard thing and this is really interesting to find out that maybe because they have a such a strategic position around open source the organization can understand better contributing and they are ready or more ready to provide upstream contributions uh and of course software is becoming more software at scale organizations are not managing just one or two open source projects we are talking about thousands of open source projects that has open source dependencies and that relies on all the open source projects so being able to measure that and to have an automate process it's really important many auspices started from the legal and compliance ground uh unless even though this is not the only thing that an auspice take care of but they have been doing pretty good on having an automated process for addressing these licenses compliance what are the challenges because even though we have found really great insights and positive feedback on how auspice are helping the organizations and the open source ecosystems we also find some auspice barriers that are important to address in general um organizations reported uh that um they might uh reduce their funding in auspice for the next year ahead so we move to twenty twelve percent of respondents saying that last year to twenty three percent if twenty twenty three and i think this relies on the value of the auspice and how that message is sometimes not fully understood by the stakeholders uh and thus not getting this financial support so what can we do uh to address this challenge uh what are the next steps and recommendations so what i'm gonna be sharing with you is some of the um insights and recommendations that we are developing in our community um this is uh my own opinion and i really hope that you can maybe have a great conversation afterwards whether or not this can help for organizations in china for instance so the first one is about um being clear about the message and scope there have been a lot of organizations that i've heard with an ospo that they only focus on compliance specifically uh i come from uh europe and basically madrid in europe uh we have a lot of regulations and many of the auspice that i met there they were on the very first step of just focusing on compliance which is great because it's a really important topic uh but this is not a holistic approach by holistic i mean giving a core a whole message of open source that implies governance community engagement and a strategy and in all these steps an ospo usually provides this education to the organization guidance like mentorship advocacy and uh sustainability of the projects and i know it's it's hard because it's not just about going to some to a team or to the stakeholders and say hey this is open source look how cool we are and uh this is how it used to do it no i mean and pretty sure the organization has different product lines and uh you need to drift these cultural chains to the developers but also to the managers that are approving the process and needs to understand like open source is important i shall take a look to this bill request and also to the stakeholders to um keep financing this initiative right uh so this is one of the many structures uh that from a certain ospo i cannot say the name but uh they they added these ospo leaders uh in the middle that they talk with managers uh check to the business units and at the same time they go directly and talk with the open source community so having this linchpin between these three layers is really really important and also keeping in mind that uh the ospo needs to operate in the management level the ospo level like within the ospo employee level and business units this doesn't take like isn't this is not something that in just one year an organization can accomplish like i found ospo's that they they are now five years old and they're still in the very user phase trying to see like getting the first contributions done into open source projects so um an organization might want to take a look to the activity and go step by step there are others that they're approaching this like at the at the same time that depends on the culture of the organization and and they're understanding to open source but i think it's important that when you're sharing the value you need to talk the language of many different teams so you need to prove the value of for for hr also for developers and for the it team also what means this for the brand what means this for the customer what this means for uh the cost of the organization so it's really hard to think about that because also you need to think of these values what means in the participation in the contribution and also on the leadership phase another another thing that maybe it's important to take care of is build career paths internally i know like many ospos focus a lot on this uh so this is providing training and certifications on open source uh building or creating internal summits and conference with they for instance where the developers internally in the organizations present on these are the open source projects we are contributing this is what we have been doing also maybe inviting some um global speakers to talk about like how all the ospos are doing and also maybe building some mentorships programs and the tricky thing of this is that uh this needs to be maybe customized to every layer so how how do you provide training and certification to the management level or how do you provide training and certification to the employee or not an employee level that might slightly be different and the content might be also differ and the and one of the the most important things is collaborate uh we've seen that collaboration with open source organizations is the number one responsibility of an ospo or open source initiative in this survey report and what we mean by collaboration is collaborating with other ospos that maybe you have common goals you want to build uh maybe for instance in europe uh the automotive industry they have really specific software uh with with the regulations and they really wanted to build a neutral and a common ground to build common tooling where most of the automotive companies in europe can use it and contribute to that so that is for instance a really great example of collaboration um also with open source foundations so for instance if your projects are in the cncf ecosystem or you're contributing to any of the projects of the cncf ecosystems you want to build the ospo can act as at least linchpins to build this collaboration and of course uh projects outside foundations maybe and communities and by communities i don't only mean look global communities for instance to the group operate globally but i think it's also important to build partnerships with local communities where for instance in some places where like english is not the first language i mean for instance in china i think it's really important to also promote the local language and i'm from spain english is not my first language is spanish and i i have it happens the same we have local communities that we talk in spanish because sometimes it's better understood by the people that are engaging in that community so um i think i didn't introduce it to the group so if i would like to introduce now we are a group uh we are an open source project and community community of ospo practitioners uh that we are developing best practices guide resources to on how to build effective ospo and to improve the sustainability of these open source project program offices across sectors and regions um we have developed the community has developed a long uh list of resources we have a no spoke glossary studies a mind map guides studies brain book and also from china the local community has also been providing grateful contributions to the translations of some of these resources this uh there are many different ways that you can contribute or be support to the group if you're going to have representatives for organization doing open source you can support us as a um as a general with general members there are some organizations in china that are already general members of to the group and has been doing great work with this for this community but if for instance you are not our organization but you are coming for a foundation or an open source project or a community that are helping us post we also have the ospo associates program we already have some um organizations within elef outside elef that has been collaborating with us with the ospo project and initiative that is an initiative under to the group and um if you're an individual you are not representative representing an organization you can also support to do as an ospo ambassador this is our latest program we launched this year and in our website you can find all this information and to end up with i just wanted to serve some um ospo resources these are not just to the resources for instance we also have we uh i also wanted to serve some ospo studies conducted by a chinese organization here uh about the ospo uh a set of ospo cases studies i are from chinese companies and i think it's great it's fully in chinese so i hope i i hope you you could take a look uh we on the to the side we also had a deep dive into open source program offices we do have a chinese translation so uh you might check it out in the website and the evolution of the open source program office also is in chinese uh i i know like there were some contributions and we have the chinese version there are also communities uh the from elef a pack of ospo sick they have uh we chat local community where everything is fully in chinese and i think they're doing great job i see some evangelists here uh so thank you so much for the work you're doing and on to the side we do to the virtual meeting so we have the ospology global to learn and in case you would like to contribute you can join our working groups that happens weekly and that's all all this information is on our website to the group dot org thank you so much thank you and enjoy the conference to do ospology uh webinar are very good topics so do we have video recording on website or where can we get finally yeah so um coming back to the virtual meetings so we have ospology ospology is an initiative under a tutor group and uh there these are global uh panel discussions so the one that i said about the compliance programs we have this every month and if you cannot join uh we record those and upload it in the both in the registration page uh that is elef and the linux foundation community and also on youtube okay so oh youtube to do channel yes fine good thank you hi um so you mentioned uh ospology people need to talk to a lot of people around right uh legal folks compliance experts and also development teams uh but usually in uh like a large enterprise you already have like dedicated teams in those areas so we often face the problem that you are not like regard there's a dedicated field for open source legal stuff or open source compliance stuff or especially for development right if you have a project that has a development team uh usually they don't consider like um us like part of part of the team although we know the technology well so um back to the point my question is i think it's a taller to to to be a great hospital runner so is there any like suggestions for how uh how do we talk to those teams you know related teams as establish the uh professionality among those and the b view like a truly lead that can convince the the tech people the legal people the or the other yeah um that's a really good question and uh before uh sharing some of the insights from what all the ospos um have been doing in the past i would like to mention that it depends on the organizational culture and uh how like how well does those teams know about open source and how well is integrated so uh even though there are some best practices that organizations are serving maybe you cannot just copy and paste that you might to address it to your organizational needs saying that what i've heard from ospos around the world uh they have implemented a metric of experts and these metrics of experts usually came from the same team like for instance they found a champion engine on the engineering team someone that is part of that team they train them into open source uh that person specifically so then they got the chance that person has both knowledges the open source knowledges and also that it has the trust of their team like they can easily communicate because they know the internal processes and policies and so on um as i said it's not something that in just one day you can have it's it takes a lot and and maybe that is one of the major issues that ospos are facing right now with the layoffs that maybe stakeholders are like oh i don't see any improvements i don't see where it's where is the facts what what are the what is happening and it's just like they need more time like it takes a village any other questions that's an elf member how do we apply to it existing elf members oh yeah to to the group you mean yeah okay yeah so um if your organization that has an ospo or um are working on an open source initiative let me go back to the slides where i saw that uh yeah so there are three ways so this is as an organization uh we have in our page at join if you go to the join page it's filling up an uh form um if you're an elf member already uh you can join to do at no cost and it's just filling up a form an application form and the process takes like roughly three days um if you are coming from a foundation or for an open source project that wants to collaborate more with ospos and build initiatives together you can do that as an associate and again there are specific pages where they you need to submit like a PR saying i want to join as an associate because i have this initiative or this proposal and if you're an ambassador you do there is also like a list of responsibilities and benefits of being an a to-do ambassador as individual i hope this answers to your question okay all right so um if there are no other questions uh thank you so much and enjoy