 Yeah, so thank you so much everyone for attending to today's panel discussion, Hospice in Regulated Environments. One of our speakers wasn't able to join in person, so he's doing that virtually. But before getting into his presentation, his introduction, let's introduce the in-person speakers we have with him from, they have experience in various industries and I think that it's a really good group that we have here to serve like the different knowledge and the different experience they have had in their respective industries and their experience in the past. So I have with me, I think, well, the better way we can do it is introduce it. So Claire, do you want to? Thank you, Anna. So my name is Claire Dillon. I'm coming for here, I'm here today with a number of hats on. So up until recently I was the Executive Director of Inner Source Commons and with Inner Source Commons we worked with a number of folks who are based in both open source program offices and inner source program offices. But more recently I have become a researcher starting my PhD with the University of Galway and I'm sitting in Leroy's ASPO in the Science Foundations Ireland's Software Development Research Centre. And also for the last number of years I've been working with folks who are involved in ASPO's in universities in the academic setting. Yeah, my name is Nico Riecke. That one works. Okay, maybe I have to find a button. I do electrical engineering, but electronics apparently is difficult. I work at a grid operator in the Netherlands. We do electricity and gas distribution for a third of the Dutch households and my background in university was in electrical engineering. So I come from engineering. At the time there wasn't really much open source being developed in the field and I have to say that that has changed over the years and we are actively doing that at Alliander. Developing the software that we need for the energy transition because we cannot do it ourselves. We don't often know the use case or the regulatory framework yet that has to be developed on the pilot projects themselves and so we're really active collaborating with other organizations to come up with the software that we need or think we need. And my involvement is at the open source program office there. I have to share it back. My name is Thomas Simbergen. I currently help organizations with all kinds of things open source. I have a background basically working in the automotive industry. We're basically to you know we have and we have electrification. We have self-driving car. Basically the amount of software in the car is going 50-fold the next two years and probably a hundred-fold in the next three years after. And so yeah you can't write all that yourself so you need to use open source. And basically I've been working on like how do we facilitate this. I've been working on open source policies, processes and tooling so that in the supply chain we all could basically manage open source better. I'm Anna Jimenez. I'm the program manager at Tudor Group that it's an open group of practice practitioners willing to build practices and tooling on build effective and sustainable open source program offices. So I'm not part of the hospital but I've been engaging with a lot of organizations from the tech sector and from regulated industries also building the hospital. So I think I already have one question that when you were introducing its other background I think might be interesting to address that is when building the hospital. I guess it's not as easy or it's kind of different from building an hospital in a traditional software industry because they have their regulations, the specific challenges. What would you say were your concrete challenges when building the hospital in your industry, specific industry or when assisting other hospitals to build open source initiatives that you think are the more critical ones? Yeah, our main drive to start an hospital in the first place was innovation, was tackling the issues that we have. So it wasn't about license compliance because we don't really ship software. So in that sense it's really different than a traditional software company. We also don't have a legacy of self-made software so most of the software that we build is heavily dependent on open source already. So ensuring that it's compliant in terms of security and the functionality is important and then really getting the collaboration going with other companies, other organizations with universities for research to get successful projects. So yeah, you know what I'm talking about, I think most of the regular industries that work for it, they're regulated. So in a tech company for a lot of things, there might be processes and you can just change them. In a regular industry you know there is a process and the process is the process. And if you come with something like open source that cuts through all of that, you need to convince a lot of people to be like, yeah I know technically you cover all of security and all of safety but this is like open source so I now want to have a carve out. But also as simple like I remember the first meeting that we had between the three car manufacturers is like we had to have lawyers present for cartel stuff. And like we had a whole piece of paper for antitrust for all the things because no no no the three car manufacturers cannot be in the room together without a lot of lawyers being present. So luckily there is somebody called Mike Dolan from the Linux Foundation and he says like you guys are all Linux Foundation members. We can just call this a Linux Foundation if membership meet up and then everybody agrees to these rules from LF and that's how we go. But again then again all the layers had to agree. I will I will add to that that that you know so I think what you described is that the regulatory regulated industries put all these regulations that you consider on top of things and sometimes you can find your way around them and then in certain scenarios the the community might be so diverse and with different players with different motivations that it's almost becomes a too too big of a thorny problem to actually you know change any of those processes and so you're so in many respects sometimes in the university setting with the regulation around things like grants and all the all the various different ways you have to actually justify exactly what you do how you do it. It does become a very very hard problem to get consistency in the approach across what might be a range of actors and many of whom may not even know what open source is and and then trying to do that across multiple institutions for inter-institution collaborations and things like that and it can can be again even more complex than even doing it within the context of one regulated you know and one industry one side one company within a regulated industry so yeah that's a complexity. One thing that I now remind you are mentioning about convincing all the different stakeholders and I'm worried and I'm wondering to know about like how for instance do you in your industries have you convinced the different stakeholders like for instance an open source project that wasn't intended to be that for that specific purpose can be used and so be used and they can we can like the industry to participate and collaborate and like how I don't know if you have faced in that issue before to how to convince these different people that maybe they need this extra understanding in the culture of open source to yes this open source projects is working and you should be contributing to it even though the main like the initially it wasn't intended for that specific purpose for that industry but it can be adapted. Yeah because dual purpose collaboration and it's really really complicated because you get approval for one thing and then it changes and this is where regulated industries are very risk averse so when this happens you might get a panic event or like well no no no we open source is for I know collaboration with this other partner and now this other company this our competitor is now using it we can't have that you need to stop this like no we agree on the license that this was supposed to happen and this could happen and now it has happened so this is a lot of like crisis management but at some point I found a real hack in like the regulated industry sometimes around it as long as you have an executive sponsor preferably the CTO to get him basically most of the regulated things actually don't dictate the implementation so there's there's like regulation and there's the implementation of the regulation and in the implementation regulation because it's a business most of the time there's loopholes you just need to be able to spot the loopholes that are there and one of the common most loopholes is basically a C level executive can just write a piece of paper and says I say so and I take Hadley responsibility you shouldn't use that always but in some cases it's because how regulations are interpreted is from company to company different regulations don't dictate that you have to do something in a very particular way they just usually say I want to have an artifact of this how that artifact looks like or how the process looks like is up to the interpretation of the individual organization yeah I can add that an example it's a bit of different angle in the answer but we use quite a bit of weather data for specific use cases in in the grid for example a solar irradiance on solar panels or the temperature of the ground if cables are overloaded but then trying to set up an open source project means that there might be different use cases outside of grid operators context and so it's really uncomfortable and we don't also have the network in place to really contact other organizations outside of our industry I think that is a real challenge we were facing because then this also feels like limitless where do you end if we get a couple of grid operators on board we have sufficient support to actually get this project off the ground I sure it would be nice to even go further make it more abstract but at a certain point you're building something so abstract and so universal that maybe you lose the point of your main use case so I think that's a challenge so where do you put the boundary of your effort so and I'd like to build on both those those points to talk about that power strength and numbers so understanding that perhaps that that collaborating collaborating with a group of folks that have a similar goal may not always get you to the very specific use case but there are lots of instances where when you bring together folks that are in that regulated industry under an umbrella like for example the Linux Foundation so I've also been involved in the FinOS inner source special interest group and I think one of the really interesting things about seeing all those financial institutions come together is that by coming together a they get their permission to do what they need to do in terms of collaborations because they've they've they've built the system under which they can collaborate and but and secondly they can also by by working together they can create a new sort of social norm about how that collaboration happens and the fact that it can happen through open source so so if it's the case that there's a an industry that is set in doing it in the old way that isn't open source by perhaps joining together with a group of people who figure out how to do it together then then you then you immediately have a kind of a network effect where people are kind of going this is the cool way to do it look at all these guys over here they're all working together quite effectively why can't we just copy that system of collaboration it's worked in a regulated industry here could we not just copy that in terms of a model of collaborating in a second place so again it's not an individual justification within an organization it's kind of a industry movement that you can point to which can be very helpful in moving the needle yeah I think Venus is a great example of open collaboration of fintech industries and financial industries gathering together to build common solutions that helps all I don't know if you are engaging the panelists here engaging with other kinds of foundations or projects in a laugh outside a laugh that have like make have the same purpose but maybe on different industries so well in a laugh I'm in doing finance and I'm doing bitcom it's actually a funny thing when you see for like how the same regulation on the eulahide how the germans would interpret it and how the UK it gets interpreted and for instance a very funny thing is like this matter zoom or any video conferencing system is used a lot again to virtually participate and collaborate the germans are fine of using the text feature that's like in teams and zoom to communicate to chat on the UK it's like no we can't we can't use this so I was really funny when I saw the different collaborations that I'm in to be hang on how can in phenos you can do it but when we do it in Germany we can't and there was also vice versa different and it's like so I was talking to one of the to rob one of the fitness guy like I don't get it like how yeah we fixed it because we got so annoyed by it that everybody just said like we need to chat feature and even as simple as why we do this when the meeting happens the first thing you write down is like hi I'm Thomas I'm doing this completely innocent but in financial for people that know from here when you work in a financial institution every communication needs to be tracked and recorded so that there's no like hidden transactions as no we're not scheming together to get stocks cheaper or anything and like that's just the law but the interpretation of the law is is is different and then I learned that phenos for instance they say we don't use it and I think in the Netherlands basically they found a factor to do the auto transcribe and they commit that into the github repository so different industries different ways but yeah in the end I tried to then because I'm trying that and like hey we're doing it this there and we're doing there and like Deutsche Bank is both in bitcom and it's in phenos like can we fix this yeah and outside of the energy sector we now find quite a great support and collaboration in the public sector in the Netherlands as well and really trying because in a way we're all pioneering in the public sector in the Netherlands trying to move open source forward making more professional and substantial and then you're talking about geospatial exports at the Cadastral in the Netherlands you're talking about the tax office having all different kinds of use cases but all being publicly funded at least are we not we have a different position as a grid operator but at least we are there for society and so we have at least a moral standard to buy buy and that is something we we find each other in and that we can collaborate on I think we are not going to play like the other panelists that was here that is Remy he will just introduce himself he comes from the government sector so he we will see that in a bit and then we will also introduce to one interesting challenge that I think we didn't name it but we mentioned that is the inner source and from then we can we can move on so hope it works my name is Remy Decausmaker my pronouns are he him and I am currently the open source lead here at the digital service at the centers for Medicare and Medicaid services we have a goal of improving the design of health care experiences delivering value to government providers and patients modernizing systems and participating in development so this is my first time being in a public sector role but this is not my first Ospo prior to this I helped to stand up the Ospo over at Spotify I was the head of open source over at Twitter I was in the open source and standards team over at Red Hat as the Fedora community lead back before they called it an Ospo and prior to that I was at the Rochester Institute of Technology where I was the assistant director of the lab for technological literacy whereas now they're the open at RIT Ospo where they have the first academic minor in open source in the United States non-profit for-profit government always the common thread is helping contributors to work together to use their powers for good have you been facing unique talents you would like to highlight when starting in your current Ospo that maybe you haven't faced in industry Ospo there are some subtle differences for sure we'll get into them in a second but generally speaking in open source program office tends to just balance engineering business and legal stakeholder interests who all have their own roles and their own goals and are oftentimes making trade-offs between speed quality and risk so an Ospo really works to make sure that those folks are aware of each other to help align their goals and to reduce the amount of friction I think one of the primary differences is scale as of 2022 roughly 12% of the federal budget goes to CMS about 20% of national health care spending in the United States is Medicare spending we serve 65 million Medicare beneficiaries 88 million Medicaid beneficiaries and 31 million users on healthcare.gov so not only do we have a lot of people working here but there are many many more contractors for every full-time employee that work here so instead of there being one legal department one IT department one procurement department you have silos and lots of silos an entire tapestry of interlocking and interrelated opt-ins or operational divisions as we call them we start sort of with CMS in the center and we are part of the Department of Health and Human Services which is itself part of the federal government which is then in the context of the entire open source community so at each of those layers we need to be thinking about strategies of how we are aligning those incentives how we're helping to represent those strategies how we're working to align the policies so I would say that a public sector tends to be on the conservative side of appetite for risk when someone asks you you know can you show us where in the United States code or what piece of legislation gives you the authority to touch this data or to do this type of work that's a question I've never really had at another auspose congress has never been a blocker necessarily for the work that I've done before it is a very interesting place to be doing work and it's a little bit different doing it in the public sector but I am really enjoying the challenges thanks for that Remy we talked earlier about how intersource can sometimes be one element in I suppose a set of strategies to actually get you to an open source culture so maybe can you give us a little bit of an indication about where that might come in or how you tackle the challenge of getting people ready to collaborate in that regulated environment you're working yes and you know a lot of close collaboration that sort of intersource style work does happen in the federal government and when we think about the spectrum of collaboration that happens we have to think about maturity models and really considering what the goals of your project or your organization are we have sort of four levels level one is just sort of transparency we want the work to be out there so people can see it there's not a real expectation of there being sort of a two-way contribution it's just meant to be out there so that there's people know what's there the second level is close collaboration so a government team or a team of contractors want to work together across the agency or across divisions and that oftentimes looks a lot like that intersource model so we want to both provide guidance on how to do that as well as resources like templates for your repo or actions that you can run inside of your github instance or ci to help you use and utilize some of the best practices that we see in open source development so you get a lot of the benefits of moving quickly and having assurance and adhering to standards level three is more of like the we want to work in the open we want to be sharing things on github or out in the wide world but due to a variety of you know constraints whether it be regulatory on sort of like this is a government led project that's defined in legislation and so you know open governance may or may not be a good fit for doing that kind of stuff but we still want to do things like have a contributors md and have you know secret scanning and a lot of the other sort of best open source practices there and then occasionally we actually have projects at that level four level who are really out there to be you know open governance open planning open road mapping and doing that type of work out in the wide opens it's not linear right it's more of like a choose your own adventure that's where open source fits or inner source fits into this sort of wider open source strategy and we're working out how that fits into the wider open source strategy not just at cms but at hhs the federal government and in the context of open source generally thank you and hopefully in the context of the world because i'm i'm only imagining that the work that you do will have great impact across the world so thank you for that if we're going to tackle some of the biggest most complex problems in health care then we're going to need all the help we can get it's exciting to see groups like the world health organization the united nations you know all of these like international organizations are starting to embrace ospos and open source program development as a strategy so as we all come together around this way of tackling the complexity of developing code together we want cms to be a leader and to be ready to answer the call and work with our partners inside and outside of the united states well thank you to remi um who couldn't be with us here today and indeed thank you to past anna and past claire for asking questions but uh um but when when we were there talking to remi uh we we got on to earlier the the topic of inner source and for those of you who may not be familiar with the concept it's the use of open source practices within organizations to create proprietary code but it's often used as a step on the path to open source readiness because it tackles that problem that we touched on earlier which is around the culture change that is needed and when people are used to working in silos when they're used to working maybe competitive environments to move to this standardized way of collaborating can be quite a challenge but as remi mentioned um sometimes helping in particularly in regulated organizations get used to that way of working perhaps before they go fully open can sometimes be a tactic in terms of getting people to that open state so i'm i'm now going to ask again for folks to maybe comment about either their thoughts about how this could be used as a tactic or indeed how you tackle this this challenge of the culture change required to get people working collaborating openly yeah i think we have a great example of an alley under which is now open source but it wasn't in the past this is the power grid model application is used for power system analysis basically doing calculations on grids and this is very important to us and we developed our own methodology that's a bit faster over time and it used to be there was in r on an r server and it's more like a service people all the the data scientists were working with it but using it as is because somebody else put the code in place and they could just refer to it um what happened is the code got changed and it became a library uh an inner source library people could actually uh contribute to the code and all of these data scientists now were taking this library adopting it and we're finding um maybe bugs or ways of improvement especially on the on the api level and they got involved and they made issues they made a poor request and so it became a culture of contribution rather than just consumption and um then when we actually open sourced it and got other companies involved to to further this development we already had a good user base that had a good understanding of the code how to use it and so when we have now regular meetups where we invite other organizations and to discover use cases and sell a roadmap we have i think tens of internal people data scientists that have real knowledge on putting this to practice and have a good understanding and they are also now advocates for this library and its use cases so it's really a ramp up to to build a community thank you thank you nico thomas i know you've got experiences as well in terms of that pathway yeah so we we had a problem basically and in the regulated industry you have a lot of his product liabilities and product like if you use open source there's open source licensing and the standard way of a lot of people were and it just for people there's two ways without a look at licensing there's kind of the sticker on the outside of the box and that's what's actually inside of the source code i can tell you that basically most open source project have a way more complex licensing inside than what maybe the sticker the metadata or the license in the root of file access so we had this problem we actually need to comply with the open source licenses and there's actually if we don't there are big penalties to the point that like if we mess up in a car and the car can not be updated means we recall the car so every car has to be called back to the garage and they need to plug in a usb stick and update the software if there's a licensing problem so we need to do this properly so now we had this problem that okay by the old ways of working every unit had to do their own license compliance and they had to do check by check by check which took like forever and we're talking big co-places with like lots and lots of licenses in there like having more than 800 open source licenses in open source project is not uncommon but then we were like hang on hang on the way how we work in automotive we do this program so basically when a car is being built the program is being started and then they have a certain group that works in the program and a new model comes out new car new model but the software stack in our company it was actually the same tree so I was like hey this makes no sense we're using the same software we should be able to clear this once and then figure this out but this is a tremendous amount of work that we need to clear and there's all those various very complicated so we developed basically tooling that would not just basically but a lot of scanners that they notify you have a licensing problem and then but you know what most developers do when they get a notification yeah so I called us the notify and ignore workflow and said like we cannot do this because yeah the problem like our customers are educated they they will spot the licensing problems right so what we did is we built tooling that when a license is popped up that we enable the developers to fix it by themselves and they contribute to the central code repository to the fix what we really were doing we're doing license compliance with inner source and all the resources when a physical piece was cleared and then the license was clarified you might think what what does mean license claims well it's very simple sometimes an open source piece of code you might have a license choice but the scanner is not clever enough to recognize that so they use the MIT GPL a permissive license and a copula license generally most automotive companies prefer permissive so we need to encode this and we need to encode this well most of time think of it a hundred thousand times so how do you eat the elephant bite by bite team by team so we set up this process and we literally say like oh you fix this and you contribute it and this is shared across the whole company so bit by bit people at beginning they get messed up but the open source we started helping them and they got it more and more right and then the funny thing is we want to we did a migration to GitLab and they had to need to build oh we need to build a new CI CD stack we need to how do we do it and all they do anyway and then the guys were just like the engineering team was like yeah and we just did for license clearance we work together on like just building this again why don't we do the same thing that we do for license compliance actually to do the GitLab rollout and just whenever we need a particular functionality we just have one code repository and everybody from the company just contributes how they for instance add the security report to the liver again remember highly regulated industry when you build software you need to find tons of proof included that like yes we did this tech yeah yes we did all of that stuff and everybody previously was reinventing that what if we just work together because again GitLab we have one platform instead of the multiple beforehand multiple tools so yeah this is how inadvertently we got inner source but this is actually funny we didn't call it inner source it was called the open contribution model fun fact you know why that was because regulated industry believes in Gardner and Gardner didn't have the word inner source but luckily since recent well I'm happy to report that the recent Gardner developer experience report does in fact call out inner source as a major development trend so that can be used in future if for anyone who wants to justify that but thank you Thomas because I think like what I'm hearing is that that for example in a regulated industry and it can be easier to get people used to doing contributions when they're not doing contributions to open source you can get more people doing that so that they are ready when the time comes to actually do the open source contributions and understand how that all works so that's fantastic and Anna I know you too have had experience in terms of how the open source program offices you work with are actually potentially looking at this culture change problem as well yeah actually so we in the in the community I'm engaging in I've seen a lot of us both having inner source programs or even the east post so inner source program offices as I know the like department or team in charge of these challenges or this progression that Remy was mentioning like it's not linear but well there will be projects that they cannot go open source they are not ready yet because there are a lot of restrictions or there is lack of culture on collaboration but there will be others that they are ready to go open source not not everything needs to be open source and I think that is something something that we forget right like when we talk about open source for organizations some organizations are afraid or they they are like oh yeah then everything is going to be open like no it's it depends on your organization's goals and the the culture that that organization has and it's okay if there are some open source projects that are open source fully open source although they are just like our third the documentation are open others are in our source and or they practice in our source principles and I think that that is important to to highlight here that every organization there are not us not to us was alike every organization is different and when we are talking about regulated industries each organization has their own standards and their own specifications and and and that makes that process so unique I think one of the main challenges or something that is important is look at your organization's strategy and goals and always and all times even though you decide to open source or not make sure the open source strategy or the open source initiatives are aligned with those goals and I think that it's that that is what what needs to be always on top of mind when deciding whatever thank you and do we want to actually open up the questions yeah so actually we discuss like to make like an open discussion here and feel free to say whatever this is a secure space this is something where everyone can can can can decide because we don't know the answer and we would like to ask you we were discussing about standards and specifications and projects in when developing solutions in the industry and we wanted to ask you what comes first standards or project developments so I think that that is the question I would like to ask what what has what would have you face it in your specific industries and if you want to serve any experience on that or feel free to ask us an alternative question if that one doesn't tickle your fancy all right you got a mic yeah so I usually work for the mobile industry and then four years ago I was the leader of a course so now it's a completely new industry and I discovered there that there seems to be generally I don't know but there seems to be some kind of fear in the automotive industry and Thomas maybe can help me on this too we cannot be seen as being trusting together so I mean there are antitrust measures in in the industry but as far as I know working together collaborative in an open source organization that is not seen as violating antitrust rules how is it in the financial ministry do you have also antitrust rules so there are indeed yet the same the same are there they're even having a bird worked in boat industry I kind of feel actually in the financial street there is actually a lot more heaviness than in the automotive industry look it's actually very funny so on the automotive industry it's there so basically they don't kill people and the financial services industry is so they don't lose your money again this is very blunt but it's it's really like for on the financial side they have a lot more like you get these things like you can't use github like github is physically blocked within the organization like I've never ever seen that in an automotive company it's like always always available but vice versa there are other rules where you're like okay this this way so yes antitrust does come up and then we have to work around it but yes there are ways it just said I don't know like especially it has I think most if you look at the car companies we have the german car industry like the traditional way and we have the french and japanese you don't forget that these companies have like what minimum how many say this is how old is Mercedes 100 plus years yeah Mercedes how old is Mercedes like yeah so again there are very old companies that have been doing things for a long time and also when you look at software the default was always like we write everything in house or we have a contract that was poker writing this for us and therefore it's not a problem we do everything ourselves and now in the modern world basically this is kind of like I don't remember I think it was your Mercedes chief software said like not using open source like commercial I don't remember exactly the quote but he has a really nice quote where he has a quote not using open source it's like commercial suicide like you can't go without open source I kind of remember I should have looked up the quote beforehand yeah without open source so so no I think you're more sorry so this is the way that is the thing but you remember like these are big companies with distributed teams and there's one way how to think about regulation and now you basically have to change that you're and again these are a long-term comp like very old and I'll say old and bad I've been to all of them they're actually Mercedes is a very modern organization but we have ideas like things have been done in a particular way in a long time it's massive it's basically what is a business process management change management at a massive skill basically that you have to do and I think then it points to the value of organizations that can bring together people who are in that similar situation so every individual organization is going to hit these but we've always done it this way kind of blocker and the fear the fear that they don't want to be the puppy with the the tall puppy saying I'm doing it differently but when you bring together a group of organizations knowing the antitrust scenarios and working within that context to find a workable solution for how collaboration can happen it can be very very powerful and that's happened in the financial industry through Finas I'm sure the other you know other foundations as well but it's happened in the automotive industry in terms of the you know they've got a template for how that works in the in the automotive and I can't remember the project name but it's in that area Eclipse SDV and there you go another one there so so this is this is happening but it rarely happens with one company figuring it out by themselves it can only happen I think or at least it eat more easily happens and you get over the fear when people are coming with it together because then you're at least kind of going well we're not the only ones you know we figure this out together and we have consensus that this is approach that's both safe and responsible but I mean it was a shock to my system anyway every Finnaw's meeting we actually had the antitrust laws being presented and we all had to stare at it for a few seconds I'm like nah I'll just screen or something like that you know it kind of like does everyone agree with this and everyone's like yeah yeah we're going to be very careful very careful so speak about the fear but we get over that I have a related question so in Europe we know this you know cyber resilience act an AI act all coming and then especially with the emerging GAI we see you know lawmakers are starting to get more engaged with the tech industry and then looking into open source and I wonder as opposed it is there any uh can as opposed take on a role of you know working with companies government government relations and help you know communication with the lawmakers so in that sense that we can stay ahead of the game instead of being reactive to what's being made for us um I just wanted to you mentioned so in the tutor group we just released a survey I study on the status of auspice for this year we have been keeping this the past six years or so to try to get a post on the status of auspice and what value are open source from offices doing worldwide so one of the the insights is that I think we found out that from all the respondents 90 percent I need to check out though so but I think like the majority of auspice had a clear policies and processes on open source and they were helping and supporting the security team and even like the yeah security and CISO team on all these um on risk management and so on so they are basically acting more as the support team for sustainability and security and they should be I think like eventually the the value that an auspice can give is being this advisors of open source because open source is everywhere and uh to meet with these policy makers or to engage with these policy makers and stakeholders to integrate open source is not open source is not a silo thing that you should only have it because it's innovative it's a risk management critical asset and I think Thomas everyone here has mentioned it in in different way but that is a really important assessment we maybe that is the message we need to to give now now that we are seeing more auspice popping up and yes auspice are becoming mainstream but we need to maintain those auspice we need to um keep this value of the auspice and understand that they are the advisors because they have this open source knowledge the teams the people behind the auspice I'm not talking about the entity itself but the people that are behind the ones that have the expertise and that act as these supporters and knows how around open source policies and can advise on that maybe instead of the word open source if you look at now AI and AI regulation and all those stuff so AI is very tricky because you have copyright questions you have like who owns things we have but it completely business interrupted instead of the word open source think after auspice the knowledge center that works on the the junction between business technology people and legal and you won't find that often in companies so that's how I explain some of the executives we like yeah they might do open source open source is all free we don't care about like no these are the people that know that interjunction especially with AI what I'm now seeing we recently had an auspice session about this you can find it on the to-do YouTube channel like now you're seeing auspice instead of like being like the compliance department they were actually being asked to go forward to be like no no no auspice can you just help us here with this AI discussion how is this forward looking so it's coming from like reactive like operational now to corporate process development like what should we do and you might honor like how how that's well exactly because they have these questions but if you look at also at the I models this is all rapidly community and they're like which AI models should we use which community should be in like and for the leadership it was at some point they were like oh hey we need to go to our auspice because our auspice actually know this topic they have worked in this before they might not have worked in AI but they understand hopefully communities they understand things as a compliant aspect so and they know how to do this intersection between yeah basically that and and my time is spent 50% on the ospo and 50% on a team that looks after the quality of everything we built ourselves looking at what do we have in house in terms of software and adding to that AI and algorithms and getting a grip on that yeah it's pretty much the same as getting license compliance in a way right there's there's subtle differences but a lot of that can be carried over also I find that ospose are outward facing and very easy to make an open collaboration and getting to contact with and that's why also an organization we are already starting now to to category to see what do we have in house in terms of algorithms AI because there was an initiative by the Dutch government first by the municipalities to come up with an algorithmic register and this was a very open process and it was on the horizon of the of the ospo and we went to just a meeting to see oh what's going on here maybe we can participate and learn something and I think that's also something that an ospo can do is really just go somewhere and meet the people and really get a good relationship going in that you didn't can build on further and so we we are out of time but yeah I think we can find us in case you want to reach out here at opens our summit and we will be more than happy to answer or discuss and take a coffee together so yeah thank you so much for your time and see you around