 Hi, this is your something part here and today we have with us once again Robin Bendergin Executive Director of OpenJS Foundation Robin is good to have you on the show again Thanks for having me swap and today we are going to talk about something really exciting Which is the largest one-time investment to the OpenJS Foundation through sovereign tech fund, which is you know million dollars Before we go a deep but deeper into into this discussion just for our viewers tell us what is OpenJS Foundation all about The OpenJS Foundation is basically the home for JavaScript in the web It's hosted at the Linux Foundation But we are an independent organization created by the mergers of the NodeJS Foundation and the JavaScript Foundation So we are the neutral home to grow the web ecosystem talk a bit about sovereign tech fund The sovereign tech fund Is somewhat new and created by some really great individuals in Germany. It is a government program through Germany and they are committed really to Funding and supporting the digital infrastructure of global economies And considering that javascript is in 98 percent of the world's websites We submitted an application for support for an investment from the grant They just spun up a program last last november. It was a little bit of an experiment And the government renewed them for two years. So pretty exciting If you look at open source, the adoption of open source is quite different in europe than it is in us a lot of Grass root label, you know work is going on there in external It comes from europe a lot of other projects They come from europe, but we have not seen the participation of big players in in that way that's where A lot of things are changing left europe is now there But governments are investing a lot of resources in open source They have a lot of dedicated, you know, join up is there a lot of other things that I if I ask you Not exactly contrast, but how do you see the european open source movement versus north american Open source movement. Do you see any different or it's like nope is Same it's just in different regions. Yeah, well if you look at europe and germany in particular They were really the leaders in enacting technology policy. I think in 1970 One of their states was the first government to pass the data protection act So if you follow sort of privacy and security globally You shouldn't be surprised that germany is, you know, one of the first to make big investments And technology particularly open source talk a bit about as you Mentioned, you know javascript that is one of the most widely used, you know technologies out there But talk a bit about were there any specific concerns either from european partners germany That they were like this is something that needs needs much more, you know funding because a lot of things rely on them Yeah, so as I mentioned 98 percent of the world's websites rely on javascript. It's really everywhere We like to say I know in the u.s That no j s for example one of our projects that funds every it runs everything from netflix to nasa And so it is critically important to many organizations And so if you look at why they Invested in javascript If you care about supply chain security Javascript is really, you know a core Dependency in almost everybody's technology solution they were looking at criticality scores Broad adoption and of course we have that No j s is downloaded about two billion times a year J query which is one of our projects is in 77 percent of the world's websites And so by investing in the open j s foundation They're really able to reach great scale across javascript And also we are taking some of those best practices from other security experts and scaling those through the entire javascript ecosystem, not just Our posted projects So if they you know really want to make a difference And be sort of a leader in that space They came to us or we came to them and we came together to develop the proposal actually To think about how we could best scale That investment when you look at open source or technology in general Of course the whole world runs on software and most of the software that we are consuming or using today is open source Do you think that we need more? Engagement collaboration between public sector and private sector because public sector should I mean a few years ago by the net vision They came up with the executive order and it was more some requirement with open source as bombs Fear not only just the policies and investment They should go into this kind of open source project which are like you know as jim jamil says You know positive some win-win game Versus investing in proprietary technologies. What do you what are the thoughts about that? There's often like a pivotal moment when a When an issue, you know rises to the level of nations capitals We saw that with privacy and of course now we're seeing this with open source And so, you know as a result governments are creating new policies and mandates around open source technologies The interesting thing about a lot of javascript technologies is that is it is community led there It's not a there's not a lot of Projects outside of perhaps react and next who are really funded by companies So, you know, so one thing that the sovereign tech fund is really invested in is supporting sort of the people behind the code And sort of that public It's almost like a you know a public sector, you know for the greater good And how they're supporting that can you talk about what are the areas to be at this investment would be used Can you give us more details? Yeah, it'll be used kind of broadly in a few ways. The first is really Really modernizing the infrastructure. A lot of our technologies are 15 years or more older So there's a lot of technical debt A lot of patchwork quilts of legacy Software so we're hoping to create a single scalable build test and release infrastructure Working with the linux foundation it department So we're we've been briefing all of the projects and working on helping them Modernize their technologies in but that will do also is really remove a lot of the friction and burden on Maintainers on the infrastructure so they can just continue to work on the code that powers new features We're also working with some of the projects On audits and we're not just talking code audits. Let's talk about What are some maybe root causes after we do a security audit? What are some best practices to make you know to really sort of strengthen the project overall? So we're working with the open source technology improvement fund to facilitate that. So that's exciting work We're also working on sort of just sort of the security and maintenance work stream Where if you're familiar with some of the open source Open source security foundation at the lf There's a lot of best practices coming out of that Industry effort So we're going to take a lot of what the open ssf is doing and customize that through and for javascript And part of doing that will also be creating a free javascript security training Or for the communities and for end users there was also a kind of mention of you know Sunsetting a project because the projects of they do reach end of life. Sometimes you just throw them on attic, but A lot of folks they depend and rely on project and we all know that Asking everybody to migrate to the latest version is Is a big challenge to talk about This this this sun setting a project in responsible manner Yeah, this was an issue that we developed with the sovereign tech fund It's you know, all a lot of open source projects obviously have a life cycle about them We have 41 projects. Some of them have moved into emeritus status, but some haven't so We're doing an inventory and analysis of all of our projects with the maintainers We're looking for those who Those projects that have perhaps run out of steam. They may be abandoned. They may have reached their They're just use use case life cycle Or maintainers may have just run out of time and interest And so to do this, you know to do a sunset program responsibly involves a lot of communication with the maintainers And the end users so We'll one we want to celebrate the project and the folks who really helped build those projects But we will communicate Broadly through our communications channels that these projects will be sunsetting We'll update the readme's we will Archive the projects kind of lock the issues And make sure they're all set appropriately for any security updates long term So that's what we mean by sort of a responsible sunset program. What's really interesting about The security work we're doing at open js is this proposal and plan with the sovereign tech fund has really developed With our security a collab space. We call our working groups or SIGs essentially we call them collaboration spaces And so it really was a team effort on this big application to the german government. They're going to be Taking the lead on execution with our staff team support And really the folks who are Working in our cloud space. They are javascript experts. We have some security experts But really if you're interested in this type of work Um invitations open for you to participate. We have All of our meetings are published on our calendar at calendar.openjsf.org You're welcome to attend. We'd love your help Robin thank you so much for taking time out today and of course talk about the foundation this fund and also Some of the topics as well. Thanks for those insights and as usual, I would love to chat with you again. Thank you Sounds great. Thanks again for having me