 Hi, this is your host Nipathia and today we have with us once again Neterra, head of Amazon open source program office. Neterra, it's great to have you back on the show. So good to be with you Swap and to talk with you again. We used to speak meet and speak a lot before the pandemic happened so I'm actually glad that now we are kind of reconnecting. I mean we do connect off camera but it's great. You have a long career in open source, long history in open source and I would love to take this opportunity to just talk about you. Talk about yourself, about your work in the open source space. Swap, thank you so much for that opportunity because you know I love this world and this community. I've been doing open source since 1998 so that's almost 25 years I think, something like that and it was at Silicon Graphics that I started working on open source. You know in the early days of open source when companies were saying how do we ship products based on open source? How do we work with Linux? What does community mean and what should be contribute back? What's the business model? All of that good stuff and the bug of open source bit me and ever since then I've been, I say I'm a bridge builder. I build bridges between communities and companies. So I went on to work at companies like Tripwire helping them open source their project to working at Wind River Systems, managing Wind River embedded open source Linux and then went on to run multiple open source program offices. I started the program office at Sandisk which is a storage company then went on to Comcast and started the open source program office and built it for five years at Comcast and then now at Amazon this was finishing up my first year shortly and Amazon's always had an open source office for a very long time so I get a chance to you know take it further and build it further. As you said that you are a bridge builder and when I look at open source program offices you folks are actually building a lot of bridges not internally because sometimes when you do work with companies you have to also look at the business instead they have to align with the because open source is not charity, open source is a hard sole of today's economy here but if I ask you how would you define open source program office? Open source program office is came into existence. Some people say back in the day you know when some and HP used to start working on open source they would have a strategy office. Silicon Graphics also had a strategy office but the term open source program office really came into being in the 2000s you know with Google and with Yahoo and Twitter and companies like that so to me an open source program office is a center of competency and excellence in open source and they are at the heart of how a company does open source and works with open source communities and foundations so we really build the bridge from the company to the community but we also make it easy to do open source inside a company. What is a typical role of open source program office? I mean big companies they of course have large team smaller companies it's just the CEO and CTO doing everything else so does it really depend on the organization or the rule remains the same? It definitely depends upon the organization and today open source program offices exist in the government. It exists in universities like the University of California Santa Cruz, RIT have open source offices, Carnegie Mellon has one so also Johns Hopkins and in companies big and small it varies. It also varies really by the business of the company. An enterprise which is say in the media and entertainment space like Comcast has a very different objective in its open source program office as opposed to a technical company like an Amazon or a Microsoft or you know anyone in the technology space. So what is the role of an open source program office? Just and foremost it is to really be an expert in open source norms, how communities function, how to be a good citizen in open source. It is also to really know what role does open source play in the company's business and hence how should the company engage with open source? How should they comply with open source? How should they consume open source? So it is a very different pattern for a tech company as opposed to an enterprise right? At Comcast one of our objectives from the open source office was how can we establish a technical brand for the company because you may not be known as a technical company if you're an enterprise and how can we attract good technical people into the company but from a technology company it may be more how can we make sure we are experts at the technology we provide to our customers? How can we make sure we sustain the communities that we depend upon? So the objectives will definitely vary so you need to understand how open source plays a role in your business. If you look at your career graph you largely work with large companies. Does that mean that open source program offices are only for large companies or smaller companies because the fact is in today's work every company is leveraging open source in one capacity or the other. Some companies are very well placed to also contribute some are still trying to figure it out. So talk a bit about you know is it only for big companies or smaller companies should also have open source program office or at least open source strategy? Every company should really be thinking about its open source strategy and exactly as you mentioned startups today the reason they can move fast is cloud of course helps them move fast but also open source consumption helps them move fast. They don't need to build it they can use it and they need to understand how then their relationship should be to open source from a consumption perspective from a contribution everything and clearly they don't have as many resources so a little portion of the CTO office should be really worrying about what is our open source strategy? Are we complying with licenses? How are we working with communities we are dependent upon? To be honest you often startups are acquisition targets for larger companies and one of the blockers in mergers and acquisitions often is that the startup does not have its open source house in order and so they really do need to worry about it at least for that's purpose but also to really manage you know the supply chain if you will of what they're consuming and then there are startups which are built on open source so their main business is providing the commercial equivalent of an open source project as in the old days red hat did for Linux and in that case they're even more important to have open source as part of their strategy so their product management team their CTO team everyone really needs to understand the role open source plays how they will work with the community how they will position themselves we serve the open source and how they will serve their customers better working with open source. What the risk organization might run into if they don't have an open source program office or open source strategy or just look at it from a holistic point of view is that hey if you don't have these are the challenges that you might run into so that's why you should have and then we can talk about the benefits of having open source program office. All of us as businesses have to manage our risks and if you're not complying with open source licenses there's a risk that you will be out of compliance and both create reputational damage as well as litigation you know across your company or you may not be able to ship your product and you do need to care about the compliance side of things but on the flip side if the project you're dependent upon is not maintained well or is not secure you do need to understand the quality of the project you're consuming and you have a responsibility to help that project do it right right you have to have a seat at the table and make sure that that is right and then from a business model perspective every startup has to think about how they intend to create their business model where are they adding value for their customers what is it that customers are paying them for and in an open source-based company it's even more important to kind of clearly clearly construct a good business model from the beginning and not try to change licenses or play with other things and not treat your open source community as a lead funnel right they are there to give you feedback and to experience your project a product. When I was listening to you it does look like that open source program I don't want to intimidate anybody but you folks do do a lot of things you know it's a lot of internal engagement is there a lot of external engagement with the open source communities are there what are some of the basics or you can say the core functions of a successful open source program office. Some of the most core functions of an open source program office is first of all you need to understand how your company is consuming open source and hence how you should comply with open source so establishing a policy for open source consumption contribution release distribution is one of the most core and fundamental aspects you need to think about it's it's not a can do or may do it's a must do so that's a basic function and then the second function is education of your developers around open source norms communities how it functions if you are engaging upstream if you are building a community downstream how you should conduct yourself and what are the objectives of conducting yourself in that way and being a good citizen is is a big big part of our job I would say you know the third part of our job is really reducing all friction in a company to for builders or for developers and for business owners so that they do the right thing in open source right build open source thinking into the process company so that you are automatically doing the right thing and it's not a new muscle you have to develop or a new thing you have to do in order to implement open source correctly and as you know they kind of look at these some of the basic functions what are some of the challenges that open source program officers run into today one of the big challenges often and I may use my cheat sheet to kind of look at some of the challenges is you know we now have to start looking at security and how what is the role of open source program office in security you're not security experts but we know how open source functions so we need to partner with our security team members to make sure that they know how to navigate open source security and then you have new areas that we need to define policy and define process around such as generative AI data hardware how what is the role of open source in those areas and what should our developers do in those areas right and it's really helping our business see the value of open source and mitigate the risks but also take advantage of the opportunities that are there and work with foundation successfully we often help our team members with thinking through should you or should you not release this should you or should you not host it at a foundation and which foundation should you host it at and how do you build community correctly so these continue to be challenges they're not new but the area of security AI data machine you know hardware is is something where we are kind of defining new processes if you will and as you're talking about you know engaging with open source committee whether to contribute or where to contribute how should open source program often engage with larger open source communities because companies they don't just use one open source project today there are many open source projects and within open source project there are different communities so so what is the right approach to engage with open source communities once you know what your dependencies are and what projects are strategic to you you really need to make the time and the energy to be a part of that community you can be a member you can be a governing member if it's a foundation you can contribute you can help the project frankly succeed and community succeed and really make sure that you are helping sustain that community and that project and also respecting the norms of that community right each community has a different culture has a different way of functioning and you really need to be a good citizen in that community so we at amazon we are a big part of cncf we are a big part of the apache foundation we are very respectful of what these organizations do and we want to make sure that these organizations are successful what advice do you have for open source program officers open source program officers so once again they can juggle all these balls within the company and outside with the community is successful I think it starts with what I said before it is understand how your business uses open source and why open source is important to your business second is understand how to guide your team and your company in being a good open source citizen and third is deeply understand the pain points your developers and your company has in working with open source and do everything you can to unblock those pain points make it easy for your company to work and be a good citizen can you also talk a bit about what are the resources which are available because there are a lot of organizations out there a lot of companies also they do a lot of work to help folks you know get started with open source program officers so talk a bit about what kind of help is available there to folks definitely there's a lot of help compared to the early days there's a tremendous amount of help for the open source program office the Linux foundation for example has a group called the to-do group and the to-do group does an excellent job of writing case studies and best practices and hosts a lot of talks and helps build community where we can exchange best practices across open source program offices in the world and the other resource I would say is the Ospo plus plus group which helps with more university and public sector Ospo's so they've kind of focused on that the third I would say is there are quite a few good books Brian Haddad has written some really good books on open source program office he's the executive director of the AI and pytorch project at the Linux foundation but I'll also plug a book that I contributed to the Oxford University Press last year this year actually published a book called open source law policy and practice and it's been edited by Amanda Brock of Open UK I've contributed a chapter to that book on Ospo's and that whole book if you give me a chance to bring the book to you and show you in the camera he's a fantastic book and it's it's like a reference book for anyone in open source whether it's in the law side or in an open source program office so I would say there are some excellent resources now to doing it right so this is the book uh it's called open source law policy and practice and you can see how big it is chapter 19 is the chapter on open source program offices I'm incredibly proud of the contribution we've done to this book there were 25 luminaries in the open source world everyone from Richard Fontana to Amanda Brock to Gillain Lovejoy to Stephen Wally just incredible people who have spent so many years of their life working on open source contributing their expertise and their brain cells if you will to helping others. Nithya thank you so much for taking time out today and of course talk about this important topic and of course I would love to have you back on the show thank you thank you so much swap it was so good to talk about a topic I'm very passionate about have a great day.