 All right, why don't we get started? So I don't know what everybody else is doing, but we get to talk about the cool stuff, open source maturity, which I'm sure you're all really, really excited to learn about. So we're gonna talk about two things today. One is open source maturity overall, and one is about the open source maturity model that we've actually contributed to FinNOS. So for those of you who don't know Wipro and myself, my name is Andrew Aitken. I'm the global open source leader for Wipro. We are one of the large global systems integrator, and what's important here is we're deeply embedded in the open source ecosystem. So at last count, a couple of years ago, we had well over 20,000 developers either using open sourced in their daily jobs or working on actual open source related projects for many of you here today. We're a member of a couple of dozen different projects and foundations, very, very active contributors. We have our own internal community of around, probably around 5,500 today, which we're actively trying to grow ourselves. I'm a member of a number of different projects myself and foundations. I'm on the board of FinNOS and our team, chairs, the open source readiness group, which we're gonna talk a little bit about today. We're a member of some interesting ones. I don't know if any of you have ever heard of OSDU. No marketing was involved in the naming of that foundation. It stands for Open Subservice Data Universe Project. And it's actually a pretty cool project despite the name. It's about creating an open source reference architecture for research and development in upstream oil and gas research and development. And it's got something like 250 members, corporate members, a part of OSDU. It's actually really interesting despite the name. So anyway, Wipro's deeply involved in open source. It's becoming, we're trying to make it more and more a part of our DNA. And I'll share why that's a bit relevant. So we are talking about open source maturity and the maturity model. So why are we talking about open source maturity model? It's really, the model is simply something that helps you figure out where you are today. What the implications are of where you are today help you define where you want to be. Doesn't always, and that doesn't mean you have to be at the top of the maturity curve. But it helps put together a roadmap for you to get where you should be or where you would like to be. We are, we have contributed this model to FinNOS and we've pushed everything out into the GitHub repos. You'll see it there on the repo I have listed here. Oops. And I also have this information at the end of the slide too. But I encourage you to check it out. I encourage you to join the open source readiness SIG and also be a part of the open source maturity model. We have pushed it out there under a Creative Commons license. So we really want to build a community of people who are contributing to this model and helping it evolve and grow. So particularly for financial services firms, there's actually a lot you have to do before you can get to what you actually want to do with open source, right? You have to secure and make sure there are no vulnerabilities in the code. You have to comply not just with regulatory requirements but also with open source license requirements. You need to protect your IP, make sure there's no leakage. You need to understand why you're doing this. And a lot of organizations kind of skip this. It's so organic that they don't actually think about from an enterprise perspective, why is open source important to us today? And why is it gonna be more and more important to us in the future? So that's important. Then you have to communicate that. And as we heard in some of the presentations earlier today, and we can certainly verify this, we know a number of organizations, and this came through in the white paper that Gab talked about, open source and financial services, white paper. There are a number of organizations that have an open source policy. But the number of people in those organizations who actually know they have a policy is 10% or less in many organizations. So you have to communicate. Then you have to govern, okay? You're using more and more and more and more open source. And through the work we've done and through some of the research and surveys we've participated in, the average financial institution uses somewhere between 10 and 30,000 different open source components. Most of them don't even realize that, okay? So you have to figure out how are you going to govern it, right? How are you gonna make it easy for our developers to actually ingest, consume, use open source to produce something and then put it in production? Right, that can be a complicated process. And then you have to figure out what's the support model? Are we gonna support certain open source projects? Are you gonna have a partner like a Wipro or someone else support them? Are you gonna only buy commercial licenses? So again, this is all the stuff you need to do to get to where you want to, which is actually consume, contribute and publish and get the real value and benefits of open source. So I'm gonna spend just a couple minutes on an actual case study, won't name the bank. But so this is really just to share and to show that you're not in this whole process, you're not alone and many organizations are trying to figure all of this out, right? So there's one large global bank that we work with and they had 108 different software development labs across the bank. They obviously had a security team, they had two different levels of risk. One was obviously kind of an operational risk group and then what was an executive board level risk group. I don't think I'm telling you guys anything you don't already know and understand very well. They had a compliance team which was very, which was distinct from their legal team. Obviously they had an architecture and not only did they have a central architecture group but they also had line of business architecture groups. They had DevSecOps or DevXOps as I think it's being called these days more and more and more. And then at the end of the day after going through after spending 14 months helping this organization figure out what their strategy was going to be, their policy, their processes, we had to work with them to present the findings to 22 different vice presidents within the bank. Not necessary to get their approval but to get their actual understanding of why they're going through all of this. So again had to go, had to build the policies, the processes, the tooling, do a pilot and then the implementation of the governance model mostly this is what that is about is really about governance is probably two more years of implementation related work across all 108 software development labs. So this is a part of the reason why having a maturity model can actually help. It can help you expedite this process. You can't get around all of these steps, you have to do them but it can help you make better decisions faster. So let's talk about that. It's a pretty straightforward process. We have, it's comprised of an, it starts with an online survey and what's really important about this, excuse me, is I believe we have 240 questions in the survey but it's role based. All right, so everybody answers a small subset of questions and then based on your role you answer a different set of questions and at the end it produces the output that I'll show you here in a bit. There's also a waiting engine built into this open source maturity model. So a lawyer will, if he's answering questions about licensing and compliance risk, a lawyer who identifies obviously through the first step of the survey, his response will be weighted slightly higher than maybe someone who doesn't have that kind of experience. So we've done that for each and every category. Again, it's the waiting engine that we have developed. This is an opportunity for us, for everyone to get involved and to push back on the waiting criteria to suggest a different waiting model or approach. This is where we want you to be active in helping evolve this maturity model. So all starts with the survey. Obviously you get the output of the survey. Then you do a current state analysis. Where are we today? What do we need to do? Are we in the triage phase? Are we further down? Are we in the consumption phase? Are we beginning to contribute back? It helps you understand where you are today. It allows you to do future state planning and I'll explain that in a little bit and then obviously the next two steps are pretty easy. You implement the recommendations and you refine them as you go. So let's hear briefly from one of my team members. The open-source maturity model is web-based and easily accessible to all members of your organization. The model starts with a short survey to gather the information necessary to calculate the stage of each element. The survey takes less than 10 minutes to complete but provides everything the open-source maturity model needs to generate a wealth of data that you can use to set your organization's open-source strategy. So this is an overview of the maturity model itself. So it starts at the highest level. We've categorized all aspects of open-source into three top-level dimensions, strategy, management, and usage. Then each of those can be broken down further into their constituent parts. And then the responses to the surveys help plot you against those dimensions and elements on a maturity stage. We have five stages. Again, ad hoc, aware, managed, engaged, and leading, and we are not wedded to any of these. Remember, this is becoming a community project within FINNOS. So we're certainly open to changing any and all of this as appropriate. But based on where you are plotted against the dimensions and the elements in the maturity stage, we've associated a set of attributes for being at that particular stage of that element and dimension. So it tells you what are the most common attributes of being at that particular stage in that particular element. We also have some documentation of what are the implications of being at that stage and set of activities. So each one of the plots also has a set of recommended activities to help you move to the next step or stage of that particular element. So there will be, remember, this is beta. Everything has been pushed just this week. We're evolving it as we go. So please don't judge us on the UI. We are working on that and we'll continue to evolve that. We are taking ownership of helping evolve that rapidly but don't judge us on the UI right now. So this is a heat map output of the model. So you can see where it's based on the questions that you answered around goals and objectives, you are at the aware stage. You can double click on that. Didn't resize, sorry about that. But you can double click on that and then out comes, again, a listing of the attributes and the implications and the activities to get from aware to managed. So one of the other outputs is we're producing a heat map. And I mean, I'm sorry, some spider charts. And so these particular spider charts actually show against each of the different elements of the dimensions where you are. So on the left-hand side says this is where you are today. Based on going through that current state analysis, you've identified that you wanna get to these stages over here. And again, the goal for your organization may not be to get to that last stage, the leading stage. Either because it's not necessary, your goals and objectives don't require you to do so or you simply don't have the resources and ability to get to that leading stage in each category. You may want to decide maybe in one area that you do want to get to that stage and others it's perfectly fine to be in the middle. So there's no universal right answer for that question. It's based on, again, your goals, your objectives and your resources, okay? So the output for the model will come, the output it will come in three different formats. One is the heat map that you saw that you can drill down into in each section. One is the spider charts that you get. You get not only individual spider charts based on each element, but you get a rolled up spider chart that shows you at the highest level kind of where you are at the dimension level. And then you'll get bar charts if that's easier for your organization. We use Lime Survey is the open source survey product that we use, we're in the process of, again, the most difficulty we've had is actually the output is the spider charts and such. So we're creating some custom code. We're gonna contribute it back to Lime Survey as plugins. And again, all of that will be pushed over to the GitHub repo. Before I move on, any questions about the model? Does it seem to make basic sense to you? Any thoughts, comments? So some of the most commonly asked questions that I get, particularly the two in the middle, is we hear that a lot. In fact, last week I was in NAPR presenting at the Linux Foundation Summit and one of the presentations I gave was on connecting open source to the C-suite and that got a huge response. That is a common problem across not just financial services organizations but other industries also, is how do you put open source in the context of the C-suite language? How do you make them understand the value and importance of it? How do you help them understand why they should be paying attention to it more? And that's a lot of what this maturity model can help you do. It can help you show them where we are today, why it's important and why we need to get to some of the next stages. All right, so that was basically the intro to the model. Again, why don't you know, we are in beta right now, right? We've pushed everything to the FinOS repose, GitHub repose, it's all the documentation's there. The model itself, the only thing that's not there is the code to generate the output. That should be there and probably next week. And then the other pieces will be for the bar chart and the heat map will be added shortly thereafter. This is all under the auspices of the open source readiness SIG. We would love to have more of you join and participate and not only talk about the model itself and how the model can be more fine tuned for financial services. We do have questions and they're specific to regulatory compliance and other types of risk that are specific to financial services. So those questions are actually in the survey. But we can always use more expertise from you folks. And as you can see, it's the first Wednesday of every month. We talk about the maturity model, how and where we need support, how we're gonna evolve it. But we also talk about a lot of other things. We'll be bringing in outside speakers to the readiness SIG. So I hope you all can join and participate here. All right. Questions? Yes, sure. And I'll put one slide back up to help kind of guide that. So each one of these elements has a subset of questions between 10 and 20 questions for each. So questions about corporate level goals and objectives around open source if you have them. Questions about how do you handle open source from an operational perspective today? What is your culture? That's particularly around, we have some questions around inner source. Are you using inner source? What does it look like? What are your goals there? We're gonna be working with the Phenos Inner Source SIG and Inner Source Commons to kind of consume the maturity model that they're building specific to inner source. Obviously, again, there are 10 to 20 questions about each one of these elements here. So contribution, are you contributing? Does your policy explicitly allowed contributions? How do you deal with licensing? How do you deal with, do you have a corporate CLA, things like that? It's pretty comprehensive. And everyone, so the version today that's available, you can go through the questionnaire and you can get just the output of the questionnaire for yourself. The second iteration will allow you to go through it at an organizational level. That's simply an implementation approach we're talking about with Phenos. So they would send you, if Citi or Morgan or Deutsche Bank or whichever organizations you represent, say we'd like to have, and we do this. So this is something that we've been using in our consulting practice for years. And we always recommend or always go through minimum of 15 interviews per company, different roles, different organizations. If they have an OSPO, who runs the OSPO, legal procurement, HR, DevSecOps, architecture. We wanna make sure that people representing all these key roles go through the survey and answer it to get a real holistic picture. And so that will be in the next version of the model that will be available through Phenos. So you can, we're working on the implementation right now, but you'll be able to send it. And if you want your entire organization, if you want 20 people to go through it, then you'll get a collective summary of the output. Does that help? Yeah, no, I don't. Okay. Dig into the questionnaire, and then again, the heat map that we have allows you to double click on each one of these. So if you double click in contribution, it pops an assessment of where you are, the attributes of where you are, and the recommendations on how to go from ad hoc to aware. No, no, no, this is for at a corporate enterprise level. This is to help organizations understand what their maturity is. Yes, oh man, that's a tough one. So we've taken dozens of organizations through this. There is no average or common distribution. There really, really isn't. I can tell you where there are a lot of common gaps here where on the spider charts, the output is much closer to the center, right? That's typically around corporate strategy. So goals and objectives. So a lot of open source leaders or OSPOs or whatever your group is particularly called at your organization, they think in the terms of what are we trying to achieve from a technology perspective or from a developer productivity time to market. So they're very open source technology centric. What they don't necessarily do is connect to either their overall technology initiatives across the bank or the institution or to their corporate initiatives, right? We worked with one bank in the UK that literally went through this process, got the output, figured out that was one of the gaps, helped them tie their open source mission to their corporate mission and it changed it within weeks. It changed how they were perceived. It changed the amount of resources they got within the organization. So that's a very common gap. One where that we see all over the map is that middle one around management, right? Some organizations are really, really mature there, right? They've been using open source for a long time so they've got that governance model down. Other organizations, we see spreadsheets. There's one financial institution that has an opt-in program. So they ask their developer once a quarter, once a year, if you're using open source, would you mind telling us what it is? And you could imagine exactly what the response rate is, right? So we still see that all over the place. This consumption, we're seeing more and more farther here. Contribution, we see a progression here. Publications still are early stages, does that help? There's almost no one who's consistently at the engaged level. We're all the arrows there. We've seen some that certainly are engaged. There are some that are fairly public that we know about who actually, I would say, are in the leading category in some areas but maybe back in ad hoc or aware and others. So that's one of the goals of FINOS and why they're very interested in having a maturity model, a readiness program is to help more and more financial institutions move farther and farther down here. And they wanna be able to collect this data and then be able to give it back to you as really insightful information, which they will be able to do. All right, well, thank you all. Give you six minutes of your time back. So thank you all for attending and please come and join the open source readiness dig. Thank you. Thank you.