 Welcome, Marcus Streets, from the Linux Foundation. Hi, thank you. So I'm Marcus Streets from the Linux Foundation. We all know what Linux is. It's been around 25 years. The Foundation's been around about 20, and it supports Linux and many, many other open source platforms and projects. So around 2014, there was a problem. There was this bug, Heartbleed, the Uber bug. The bug that had the logo, the bug that had a name, the bug that came on the front page of the newspapers. And this was the bug that changed everything, because we got this cozy world of open source software. We were all sharing, we were all collaborating. This showed us that for some of the key bits, some of the bits we all relied on, particularly in this case, OpenSL, was basically one person living in their parents' bedroom and not making any money and not being able to do the work that was needed to do to keep us all safe. So the Linux Foundation's reaction to that was to found the core infrastructure initiative to support these key bits of the plumbing. And we got some funding from these nice people who were behind me and I'm not going to go through all the names because I haven't got time. And that gave us a finding fund which we could support those key projects, put some money into them, make sure there are people doing the work. But there's no way, even with the funding we've got from these nice people, we can support every single open source project that needs work on security. There are just too many of them. We know how exactly, I mean, look on GitHub, you know how many projects are on GitHub? No, I don't. So one of the things we wanted to do, we wanted to find ways to improve quality without throwing money at the problem because money is limited and problems aren't. We realized security is not one person's problem, it's not my problem as a security engineer, it's everyone's problem. Everyone has to do what they can to improve quality and improve security. And certainly all of you, if you're putting your data up on the cloud, security is definitely your problem. I know a lot of us think security is just for people to say no, but obviously you're putting on data in the cloud. You don't want to be the next person that wakes up in the morning and discovers that your data is being leaked and there's the reporting news about how 5,000 people's user names have gone missing. So what we did, we decided to develop a badge which we give to open source projects on GitHub. Anyone can apply for it. This is a badge that's not just for security products, it's for any open source project. And it looks at all the things we can do to make your code better, to try and get the code developed without bugs in. It's much, much easier, much cheaper if we develop without the bugs than if we have to come back and find and squash them later. So it's a large number of very basic things you can do to try and make your code better. And it includes all the sorts of things we talked, Liz was talking about earlier, with the code review, we saw that, excellent stuff, the testing, all these wonderful stuff that we're doing. We've had over 200 people apply for a badge. 40 projects so far have achieved 100% of all the criteria that are set. And you can see some are not there. And as you see, you know, they range from Linux kernel to new PG which is security things to LibreOffice, which is certainly not a security project. It applies to every single sort of open source project. 39 of the people that have made a best practice badge found that there was something they had to do to improve in order to qualify for the badge. One didn't. And here you can guess that one was OpenStack. So congratulations to OpenStack. That means your security team, your security team were doing everything that they needed to do, they got it right. So I'm going to invite them up on stage. We have another round of applause while we bring the security team up on stage. We're a few members of the OpenStack security project and I'll quickly introduce us. So this is Travis McPeak, he's a security core. He's responsible amongst other things for driving projects like Bandit which provides security analysis and static analysis for Python. We've got Tristan Kakari, who's a principal member of the vulnerability management team who's responsible for receiving, triaging and responsibly disclosing vulnerability information. And on the end there, we've got Nathan Kinder, who is one of the main people responsible for driving OpenStack security notes out into the community. At the moment we have around 80 bits of this information that's ops-oriented security guidance. And if you're out there deploying OpenStack, then you really should be reading the security notes. My name is Rob Clark. I'm the co-founder of the security project and the PTL for the last three or four years. Right. Now, I believe we have some... Yes, my wonderful assistants and, and, you know, we're going to bring them out and we're going to present these people with their award as a mark of our... Thank you. Well, we just get our handshakes. I just want to say thank you. Security is everybody's problem. We can create guidance, we can create processes, we can push out as much documentation as we like, but without the engagement and the support of the community, there is no way we'd be getting this batch. So thank you to everybody here. Thank you guys. I think we're good. All right. Thank you. And thank you Marcus as well for joining us.