 Our next presenter is Guillaume Sauvage-De-Sommac. Guillaume is the Vice President of Engineering and Emerging Technologies and Incubation at Cisco, and today he will share the latest updates on the open-source suite effort called Open Clarity and how to make it practical and usable for developers. Please welcome Guillaume. Thank you, Emily. Good morning, everyone. Very long, very French name, so please call me GSM as we do at Cisco. I run our engineering team for the incubation group, so basically my team is building tools and solutions for modern apps, keep them connected, scalable, observable, and cutting to the chase, secure. No security, no application. No business, no users. So that's really a key point at stake for us. Not just me saying this, but putting together a few data for today. The vast majority of the industry acknowledge that security is key, right? So that's good. And also almost 80% of organizations recognize that it's important to look at security across the entire stack. So there is decent acknowledgement of the problem here. But more worrying, almost 60% of organizations would say that they get rapidly lost, not sure where to look, what to prioritize, and 80% who are using open-source primarily for their application security would say that they're not entirely comfortable with their security posture. So very simple. We need to keep pushing the envelope. We need to do more. We need to build more open-source tools for security. So let me share a little story here to illustrate and characterize the challenge we're in front of and what we are trying to do. This is a blurry image. And we want to know if something bad is potentially happening here. And so for that, I'm going to bring clarity on a number of discrete elements in this picture. Okay, so let's get started. Here is an orange juice. It's a bit too early for a beer. Nothing wrong. Orange juice, fine. Here is a smartphone. Well, someone is on its smartphone having a drink. This young lady is probably the user. She's probably the one having a drink. On her smartphone. Nothing wrong. A random elbow. Not sure what this means, but so far so good. And you see where I'm going with this. We need clarity on the totality, the entirety of this picture, to actually realize if something bad is happening. And in this case, her purse is being stolen. So pivoting back to our topic, it is really fundamental for all of us as a community and as an industry to acknowledge that we need to approach application security in its totality across the entire stack, as you see here, but also across the entirety of the software supply chain and the DevOps pipeline and the production. We love scanners. They are really essential. We need to keep building and pushing them and contributing to them. GRIP, Trivi, Gitlix, just to name a few, they are really fundamental to help us with security. But in addition, we need the tools to take these scanners and deploy and orchestrate them at scale across this entire perimeter I just described. We reconcile their findings, not just as a sum of discrete elements but as a consistent whole to understand what's going on with our application security. And CLI is great, but in this particular case we also need really good dashboards and UI. And the reason why is because the developers, the SREs, the DevSecOps folks who are going to use these tools, they actually need to convey back to their stakeholders a very clear and very convincing picture of their application security posture. So, OpenClarity, we've started last year and since Detroit, just in time for this week, we've contributed a new project, VMClarity, in addition to API clarity and tube clarity for containers. VMClarity is VM agentless scanning at scale. I think we've packed more than 10 scanners in this one and we really hope that you'll find this useful tool to help on this journey. There are many pieces in these puzzles, many parts, and so we would really love to see more projects surfacing in the community to address the totality of this picture. And please come and talk to us, give us feedback, help us, contribute, tell us where we can contribute on your projects and let's make sure that together we can tackle this massive challenge for the industry. We're on Boost D6, we have an amazing boost. Come and meet us, the team will be really excited to see you. We're also doing a few things on Service Smash, which you might like. By the way, Service Smash, we love them. They are very, very important, both instrumentation and enforcement point for application security. With that, have a great day too at QCon and thanks for having me.