 Today I want to talk to you about a story, and the story is about relationships. And what's one of the most critical aspects of any solid relationship? That's the give-and-take and assurance that both parties are benefited through the relationship. Yet that's not often how humans' relationship with the natural world works, right? Frequently it's all take and not a whole lot of giving. We're slowly learning as a species how to be better at that, how to be better custodians of this, you know, one planet we have together. But even in relatively long-lived human practices, we can see this somewhat one-sided relationship, right? If you look at the domestication of animals or plants for food or companionship, those are often pretty one-sided if not entirely one-sided. But what if I told you didn't have to be that way? There are actual examples of mutualism, which is symbiosis where both humans and wild animals benefit from one another. We all remember the word symbiosis from biology, yes? There's three types of symbiosis, parasitic, commonlism, and mutualism. And let's talk about those. So parasitic we're familiar with, right? This is where one species actively harms another to gain something for them. The parasite's benefiting while the host is being harmed. And actually almost 40% of animal species are parasites. It's a very effective way to run a species if you're looking to start a new one. And the average mammal species, like us, is host to dozens of parasites at any given time. But you can also have relationships where one organism benefits and the other is not really significantly harmed or helped. This often involves an organism using another one for transportation or for housing, right? Like think about hermit crabs using the shells from another animal that they've discarded to protect their own bodies. This is a long relationship between... But the third type is a long term relationship between two individuals of different species where both benefit, and that's called mutualism. And the classic example here is a clownfish, right? The clownfish lives inside the tentacles of an anemone. I have four small children, so I'm very familiar with clownfish from Nemo. The anemone protects the fish with its stinging tentacles that the fish is immune to. It has a special coating for that. And the clownfish actually protects the anemone from many predators that would otherwise try to eat it. And I think if you're sitting here, it's probably hard for you to think of a pure mutual relationship between our own species and a wild animal. But there are documented cases of this, and they go back a really long time. So in 1588, a young Portuguese missionary named Des Santos was in Sofa, which is in modern day Mozambique. And he wrote about the small bird that would fly in through the church windows of the Mission Church and nibble on wax candles inside. And so then he talked to the people around him and he learned that actually these birds actively guide hunters to be hives deep in the forest. And this has actually been, if you flash forward today, been confirmed by modern zoologists. The Yao tribe living inside modern day Mozambique has a special relationship with this bird. It's now called appropriately the honey guide. And the honey hunters have a special call that they make. I'm not going to attempt it, and I couldn't find audio to play for you all. But there's a call that the birds recognize. And the birds then will guide hunters to be hives, right? And the humans can then use smoke and tools to subdue the bees, get the honey out, and the honey guides love to then eat the wax that's inside the hive. And without the human helpers, the honey guides would be attacked by the bees if they tried to do this, right? And without the honey guide guides, the human hunters actually have a harder time finding being us. When they work with a honey guide, their odds of finding a being us are increased by 60%. And in fact, in this area that was studied by Dr. Spotsgood, she's credited down here. I actually have to email her to ask to use this picture. She's an Australian zoologist. In this area was in the Nissan National Reserve in Mozambique. It's been known for honey production since the time's early trading days with Africa and Arab countries. And humans use honey guides in three out of every four bee nests they harvest. So it's just one of this rarest forms of pure mutualism between a wild bird or a wild animal and humans. And in fact, Dr. Spotsgood said to me, hey, remember this bird is not tame, it's wild, even though it was perched on the tribe's hunters' hand there. I said, yeah, no, I know. That's the point. That's why I want to tell a story. So what does that mean for us today? Well, to understand that, I think we have to understand where we are at with the common good that we all use today in our day-to-day jobs. And that's open source software. We've heard often that software is eating the world, but that's actually a decade plus old at this point. And I think it's now clear that open source software is eating the world. Studies vary on this point, but somewhere between 30 to 50% of the total software that's shipped in proprietary software is actually open source code. And so when Mark Andreessen made this famous proclamation about software eating the world, he was trying to wake businesses up to the imperative that was in front of them. The reality of the digital transformation was coming to every industry, that every company was going to have to become a software company. But in the next era, in an age where every company already is a software company, I think how companies can innovate and understand is going to be through open source. And that is going to be what defines winners and losers in the next decade or more of innovation. And all of those of us who are here, who may not be CTO or CIO of their organization, but understand that growth of open source have to act like canaries in our company's coal mines, another bird analogy, educating and alerting our leadership of both the opportunity and the risks involved with open source eating the world. And so that's what we're going to talk about today, not just birds, I promise. And we're going to ask, I'm going to want to find out how we can be stewards of this new era. How can we enable our companies to move from being mere consumers of open source to being contributors to open source and the communities around it? And not just because it's the right thing to do or to check some corporate stewardship box, but because it actually makes business sense. And I probably hear a lot of you asking why now, Brendan, open source has been around a long time. But I think right now represents a clear inflection point towards open source eating the world, right? We've seen industries get massively disrupted by software first companies. I think we're going to see a second massive round of disruption from open source first companies. And why do I think that? Let's look at some data. So in a 2022 state of open source survey, respondents overwhelmingly noted that they were increasing the use of open source software at their organizations. But if you look deeper into the hows and whys in that survey, some interesting patterns emerged. For example, when they asked organizations the reasons for choosing open source, we might expect, right, number one reason cost savings, right? Nope. Number one reason was actually access to innovation. As every company has become a software company, this becomes the place where businesses and enterprises compete. Thus, whoever can innovate faster, more securely, provide more value to their customers through the software, can succeed and win. And where does much if not the majority of that innovation happen today? Well, what happens in open source? And so it's critical businesses have, find a way to be able to access these innovations. But it's not always easy, right? There's many barriers to enterprises large and small when it comes to utilizing and contributing to open source software. And one of the main ones we might think of off the top of our head is, well, there's some restrictive licenses maybe attached to certain open source, right? You know, copy left license. An enterprise is going to be wary of. There's, you know, anti competitive clauses in many open source licenses and some licenses that are open source adjacent, right? And that's going to scare off risk averse firms. But that was not listed as the number one barrier to adopting open source software and its usage. It was a lack of internal skills to test, build, integrate, maintain and support the open source libraries that they want to use that was identified as the most significant barrier to open source adoption. And, you know, we've seen that they desperately do want that access to open source. So there's also this talent gap in experience that organizations are seeing. And so how would an organization typically, you know, a business want to fill that gap? Well, you know, and other support challenges that come from open source or adopting open source, they might want to seek enterprise support. This has been a traditional model of monetizing open source but not all open source projects have this model or even have a company behind them or don't have a company behind them yet. And businesses might like to have enterprise support but that was not the biggest challenge to supporting their open source programs that they listed. Instead, again, they identified an internal skills gap. A lack of personal experience and proficiency with the open source tools they're utilizing has the most major challenge when it comes to supporting these open source initiatives. And so what does that data tell us? I think it tells us it's clear it's not just a software problem. It's not a problem for a company to throw a few charity dollars at. I think that even a well-placed, well-funded, well-regarded OSPO or open source program office probably isn't enough to overcome the challenges that these organizations face. The only way to address these challenges is head on and decide that we're going to take a step back. We're going to take a more comprehensive look at the problem and declare that we need a business case for contributing to open source. So contributing to open source is directly one of the best ways that we can overcome these big number one challenges that we just looked at. We want to make sure that our organization has access to the latest innovations. We want to build internal skills to integrate open source into our business and we want to attract and retain talent that have personal experience and proficiency in emerging and essential open source technologies. And so when I was thinking about that from more of a business perspective it got me thinking about my degree. A long, long time ago, way back thankfully well before social media was quite as prevalent as it was today I attended the University of Maryland and there's a fabulous computer science program there but I regret to inform you that I do not in fact have a computer science degree. I have and I'm glad you're all sitting down because this may come to a shock to the engineers in the room. I have a business degree. I know, it's okay, we can still be friends. And one of the classic tools you talk about in business school is something called a SWOT analysis. So SWOT and that stands for strengths, weaknesses, opportunities and threats. It's a way of modeling where your organization in business stands today and how you stack up against the market today and what you need to do and think about in the future so that you can double down on certain things or stop doing certain things that aren't working. And so if we think about the problem at hand, I kind of put together this SWOT analysis and what can we say maybe about the average business that we all work for in the room? Well, I think it's clear that we all work for companies with software organizations, right? We're all in software together. And these organizations definitely see the need for open source adoption. Heck, I mean they probably sent you here because they understand that, right? But where are we weak? Again, if we look at the data, we know the challenges that we've seen. It's internal skills for building testing, integrating, supporting all of this cutting edge software we want to use. So what opportunities does that present us and our enterprises? Well, companies dedicated to open source will be able to attract and retain the kind of talent that have an innovation mindset and software engineers who understand the power of open source and how to unlock it. And this will allow them to unlock that mutualism, right? The honey and the BNAS with them between open source projects and their own organizations. And lastly, and maybe even most critically, what's the risk of not getting it right? Most, you know, missing the boat on innovation and losing talent are both very real and active threats to organizations. And given that open source is a massive part of the modern software supply chain, something that we focus on as an industry a lot. We've talked about a lot this week. The lack of understanding and proficiency with this is a critical risk for the security and knowledge of your supply chain, right? No one here in Detroit that manufactures cars would tell you that a supply chain doesn't matter and you don't have to really think about it, right? They understand how critical supply chain is to the product that you actually produce. Well, what's the software supply chain? It's open source software. And so if we think about that chart, I think we can come to an even higher understanding of the balancing act here that's really critical for businesses. What does a business think about every day? Capture value and reduce risk, right? And there's values not only in the software we're making, but for the company and the organization itself, right? The health of the organization overall can be tied almost directly to how we're able to utilize and understand open source software and how it contributes to our ability to attract and retain the talent, be seen as a leader in the market, control our supply chain and influence our supply chain directly. Again, something that every business wants to be able to do and also increase the speed of delivery and we're at the rate of innovation. But next I want to talk about practically how we can think about taking our organizations from where we are today, using open source and unsure of the next step to where we want to be. This sculpture is actually the spirit of Detroit and the artist has a family there on the right to symbolize human relationships with one another. So how can we unlock this spirit of cooperation in our own organizations? I think the only answer is to move from consumers of open source all the way to contributors. And it seems like a simple thing to say, but I think it's a rather long road, especially for enterprises. Many organizations today are either implicitly or explicitly okay with being only consumers of open source. That's open source. Well, that's something that's made by them, right? But at the very core of open source is the idea that anyone can contribute, right? And this is the opposite viewpoint of the world of us versus them. And so to get there as organizations, we need to take steps, some small and some large, to make a conscious choice to change that viewpoint. And the first step is to move from a simple consumer of open source to be customers of open source. You want to be able to invest in your supply chain, thus de-risking that critical part of the value you're delivering to your customers. And to do this, you have to understand who are in your value chain, who would be best if you looked at putting code and time and money into those projects in the form of contributions and paid staff on your team, whose primary focus is understanding the needs of the business and how they relate to these critical path projects. And financial support for infrastructure and other needs is also a way to align yourself as more than just a consumer, but more of a customer. But once we've become customers, the natural question becomes, at least from a business perspective, how do we ensure a lower total cost of ownership for this and how do we extend the competitive advantage that open source has allowed us to build? That is by taking the next leap and to move from a customer of the technology to a contributor. This means finding ways to incentivize and reward open source contributions and hiring even more folks to focus on maintaining or contributing to open source. But just as importantly, I think, it involves building relationships with the open source projects and communities that you're engaged in. This allows a connection to move beyond this transactional customer transaction and financial relationship to one of mutual respect that then would help align the community and the company's goals together. And then providing space for roles outside of just straight finance or software engineering is going to help projects. Projects all have needs around UX and documentation and design and security, other DevOps tasks to help build sustainability into these projects. And so each of these steps build on one another. Move from consumer to customer. We've got to understand the supply chain. We've got to understand what tools we're using or vendors are using. And then we have to put our money where our mouth is and contribute financially to those projects either directly and indirectly. But I don't think you can stop there. You have to move from consumers all the way to contributors. That involves building relationships. Those critical parts of our entire open source ecosystem. That's another reason we're all here. And in addition to that, we have to go beyond engineering and contribute to all the various aspects of making a successful project. And that'll lead us to be able to make the ultimate contribution which is to ensure the sustainability of projects by making sure there's a clear path from contributor to maintainer and one that our company actively supports. And so this is something that's critical to the longevity of those projects but if we're building products on top of them it's also essential and critical to the longevity of our own products and what we're providing to our customer. And okay, a lot of this maybe have up until now been a little bit of preaching to the choir, right? You might be saying, Brendan, I'm here, I'm in, but I'm not a senior leader in my business. Like what can I do? Well, I think there's a lot that all of us can do up to and including individual contributors to make our businesses more aware of the risk of only being consumers of open source. And so let's talk about that. I think individual contributors have a much more ability to influence policy on open source than you think at first. You know, on the one hand they may be closer to the reality of an organization's use of open source, dependencies than anyone else in the organization, right? They understand, you know, what we're using and simply enumerating those dependencies is a significant first step. You'll likely need to raise awareness throughout your organization about just how much your team relies on these tools. Once that's complete, understanding the risk is often a fundamental way to get the attention of folks that you need it throughout the business. What would be the business impact to your organization if a given library just goes away tomorrow? If the answer is, well, we wouldn't be able to ship software until it was fixed or, well, some of our software would just stop working, that's very substantial in terms of impact and a huge risk your business must address. You can also encourage and support the open source values that we all know and discuss, especially results-oriented thinking and transparency. Modeling these behaviors can show others how valuable they are. And values, like, those seem like a simple thing, but I think they're really essential and can have an everlasting impact on your organization. I know that's true for me at GitLab. I've been here since 2017, and we're based on an open source project, right? Open source is very much at the core of what we do and in our DNA, and that's spilled over into our company values. They spell credit altogether, their collaboration results, efficiency, diversity, inclusion and belonging, iteration and transparency. And having those values at the core of what we do has not only been a benefit to GitLab, the open source project, but to GitLab the company as well. And so I think though I would attribute our success, both on the project side and on the company side, to those values. And so what if you are a business or technology leader because there might be a few in the room, right? How can you ensure that your organization embraces open source and gets the full benefit not only of being consumers but of being customers of open source but bringing your contributions and your ideas to open source as a competitive advantage? Well, first, I think you have to buy into what I've been saying so far. You have to see open source as an investment just like any other investment along your value chain as well as a place that you must and can achieve risk mitigation. None of us want to receive a call from our CIO or a CEO in the morning and they're saying hey, I was just watching CNN and I heard about this thing called Apache Struts, like what's a struts and do we have it or are we vulnerable? But just as importantly, you have to quantify the relationship. This is really important to the organization's goals. Write down the revenue. If you aren't careful at the beginning to make this connection showing that there's value to this work, it's always going to be an uphill battle. You know in your gut there's a correlation there but you have to show it with data. And then incentivizing open source and having friendly engineering and employment policies will help your organization attract and retain the best talent. You have to stop and ask yourself, why would you not want the maintainer for a significant open source project that you use working for you? Why would you not want that? That kind of talent is very hard to come by and even harder to retain. If your job is to ensure that you have the best team, then you have to understand how open source contribution relates to your team members. And lastly, because I'm sure there's also a number of OSPO leaders here, we have to get it into our heads and the heads of those that we work for that OSPOs are not just an exercise in compliance. A real open source office can leverage the tremendous power of open source to add massive value to the organization. And you've got to be able to articulate that vision and that mission and all the things we've discussed so far. So suppose you're able to put in an effort against these large but attainable goals. You know, what does that look like? I think it's a matter of itemizing all the open source that you use in your organization today. Be a part of your core product or a behind the scenes, you know, part of your DevOps processes. Then identify which of those ways you can align your business's goals with the concept of being a customer or a contributor to those projects. How can you support the sustainability of those projects and de-risk your own business and products? And I don't think it stops there because, again, the incentives in your organization have to be able to recognize the contribution of being a contributor to open source. Because if you don't incentivize that, you will by default be incentivizing the opposite. Unless you understand as best as you can how open source plays into and ties in with things that the business cares about, once you do that, incentives will be much easier, but unless you do, you're going to have a really hard time with incentives. And being open source contributors enables teams to do their best work together to collaborate without boundaries, to aim for and achieve results together, to work efficiently without wasted time, to bring together diverse skill sets and include everyone in the process to foster the sense of belonging. They allow you to iterate quickly, moving to where you need to be rather than where you thought you needed to be six months ago. And the best open source contributors do that by enabling transparency, being as honest and open about as much as possible to bring down the threshold for contributing. It reminds me of a scene in the first episode of Halt and Catch Fire, which is a drama about building a company, a computer company in the late 70s and early 80s. There's a visionary, idealistic product manager, Joe, and he's trying to convince this hardened engineer, Gordon, to sign up for what they're going to build together. You know, I'm sure this is not related to any company that actually existed, if you asked AMC, but, you know, either way. Either way, the closing argument for this project sums up nicely how I like to think about software. Joe says computers aren't the thing. They're the thing that gets you to the thing. And then later, in closing the series, another character, Donna, calls back to that line and adds, the project gets you to the people. And I think that summarizes fairly nicely what makes open source so special. It draws people in from all over the world to collaborate on the same tools that we're then using to build something bigger. And in this way, open source allows us to work together, not siloed in our own companies, making our own little products out of, you know, bubble gum and bash scripts. So much, so many bash scripts, right? It enables us to bring to bear on the problem instead all of our collective experience and expertise. The project gets us to the people. It's a story of relationships. Thank you so much for your time today. I'm not the only one that's been talking about the business case for open source contributions. I've been compiling some resources at brendon.fyislashopen, and I'd love for you to check it out. And more importantly, add things that are missing from there. You can leave a comment on it. You can send me a DM on Twitter or just tweet me at oliricrew. Or even it's on my website, which is open source. You can add a merge request directly against the website. I'm so glad I got to spend this time with you today. Thanks and stay safe. Two, I don't know if you're familiar with the to-do group, but they're a group of open source offices that kind of have some templates for enterprises when it comes to like how do we, you know, open source, so I would definitely encourage you to check that out. They may be linked there, if not, I'll add them. And so I think that's a great place to start because that's a group where there's a lot of enterprises that are on that same kind of journey of like, hey, we want to do more open source contributions and we have things we want to make open source. How do we get there? Way in the back. That's okay. Give me a chance to take us up a little. So we're a service organization and I can tell you our C-suite is a service organization, not as a software company, right? So software is a huge part of what we do and as a, in the tech leadership group, I feel like it needs to be much, much bigger of an emphasis and like what you're talking about here seems like really important to what we need to be striving towards. So my question is like, do you have examples of, you know, companies like us maybe that have the service, like manual service mindset that ever successfully kind of been able to start contributing to open source as part of their digital transformation process? That's a great question. I don't have like an example off the top of my head but I'm sure I could find one and will if you want to follow up with me on Twitter. But I do think that the line between a services company and a software company is a tough one. They've lived that myself. Actually my first role at GitLab was building a professional services organization inside of a software company which is like the opposite problem, right? But I do think that, you know, this competitive advantage of the expertise, right? Why do people come to the service company? They're looking for experts. And so I think that if nothing else, you know, building that brand around being experts in these tools that your customer is going to want to necessarily you to bring in and use and utilize and help them figure out, like it's almost like that would be the number one competitive advantage I would think for a service organization today. But I'm not in that business so maybe I'm wrong. And then secondly I think, you know, it's tough because billable hours are so nice, right? But, you know, efficiency is critical too. And so I think there's a lot of efficiencies to be gained to say, hey, we're going to, you know, upstream a lot of this and not maintaining things internally that aren't billable hours, right? And then that will be able to spend that time instead on billable hours. Maybe that is a method I don't know. But I'd love to talk to you about it more. I've got some folks I'm thinking of, but I don't know how successful they've been. So I'd love to chat more about it later. Got another one right here. Hey, Rendon, thanks for the talk. Very helpful. I was curious to get your thoughts on a topic we get asked often, which is we have a lot of large enterprise customers who want to move away from vendor locking, right? Which is why they want to get into open standards and open source. But do you feel like open source becomes a lock-in in itself because you can't get out from there to others? And just to follow up on that is, is it better to talk about as open standards or open source? Yeah. Well, yeah. So that's two different worlds, right? Open standards and open source. I think we've seen this move towards open standards in the last few years. That has been amazing. And I'm really excited to see that because I do think that is one way we can de-risk lock-in. Now, having said that, standards have come and gone before that haven't solved that problem. So I don't think we can think of that as the only solution. I think you also have to have this innovation mindset that things are going to change necessarily in the technology space that's like the given. And so if, again, you have a team who's familiar with that, who's on the front lines of open source, who's on the front lines of that innovation, it's going to be a lot smoother transition rather than, oh, you wake up in three years and realize your whole stack is undone and now you've got to go hire our friend over here to come in for $7 million and fix it all, right? So yeah, I think that the talent and having this kind of mindset, this innovation mindset, sets you up for success today, but also sets you up for being more agile and being able to transform easier in the future. I wish Open Standards would solve everything and I'm a huge component of Open Standards, GitLab is involved in a lot of the Open Standards initiatives, huge supporter of that. I just am a little bit too, not quite optimistic enough to say that fixes every problem. Hi. So I've been thinking about in the enterprise space kind of to riff off some of these other questions. There has to be more of a graduated process into getting into open source and investing into open source, right? We can't just say, oh, we're going to hire a maintainer, right? You have to build towards that. So how do you kind of, what structure kind of, how do you represent the ROI to the C-suite to kind of gradually build that up versus just, you know, oh, we're going to look good, right? Yeah, yeah. I mean, to be honest, I stress it in this presentation, but I also didn't want it to be a doom and gloom presentation. I think the risks involved in not doing it are the way to wake a C-suite up to this problem. Because those are risks that they're seeing, right? With their peers in industry, right? They're seeing these massive supply chain issues existing. And as much as I as a software vendor would love to sell you a tool that fixes that problem, I don't, again, think that there's one tool that just solves that. It's not a problem that you can only throw money at. You also have to be thinking differently. You have to think about your supply chain, right? If we think about, again, I was thinking about it a lot coming to Detroit, the auto industry and how much, you know, the biggest disruption that happened in the auto industry, you know, in the 70s and 80s was somebody came in, Toyota comes in and has a huge, you know, great supply chain and just is able to take over the world with it. I think that that risk exists in our businesses today and we're not talking about it enough because we think of open sources as this free thing. I'll give an example. I was, before GitLab I was brought to a company that was a government contractor. I live in Maryland so everyone's a government contractor. And they didn't have anybody looking over DevOps and that's what they kind of brought me into do. It's only, you know, a couple hundred people. And I inherited, like, a Jenkins server, right? Because it was free and they were using it. And a whole bunch of other stuff. But specifically Jenkins. And early in my tenure I came to understand and then I said, in a meeting with all the senior executives, the CEO, I said, the most expensive piece of software we own is called Jenkins. And they're like, what? We don't pay for Jenkins. It's free. We pay for Microsoft and we pay for GEAR and we pay for all this other stuff. I said, no, no, it's not even close. The amount of time we spend on it, it is the most expensive piece of software we own, and so we had, that's where we have to de-risk first. And no one in the room that wasn't, you know, deep in the technology had that mentality until I said it and said it emphatically, right? And so I think we have to be that emphatic about the risks involved in our businesses. I think we have time for one more, one more question. I think in the, oh, sorry, right here. I just wanted to follow on to that question specifically. Chris Aniscik, the CTO of the CNCF has a good blog post ways your company can support and sustain open source. And he quotes a Harvard study in that one that shows that businesses that actually contribute back to open source can gain up to 100% more productive value from it. And so I think that study is linked on his blog post. Yeah, Frank Nagel at Harvard has done a lot of research on specifically the business benefits including that 100% number. Great. Well, thank you so much. I will be around at the show after this. If you have more questions, happy to take them. And again, on Twitter at Leary crew if you have more. Thanks.