 Good morning, everyone. Hola, Bilbao. It's so good to be here. So I wanted to talk about open source program offices, in particular. A lot of large companies, governments, institutions, universities have open source program offices today. And 2023 has been quite a challenging year for all of us. So as I was getting ready for this talk, I was just thinking, oh my gosh, it's been 25 years that I've been in open source. And I've got to tell you, I've had the most amazing life and career in open source thanks to all the work that I have had to do. And it has helped me put two daughters through college. And one of them is a doctor today, and the other one is a journalist. And I'm so proud that I was able to do this through my work in open source. When I started working in open source, I never imagined that it would be so mainstream, so pervasive, and practically used by every single company in the world. And we have developed institutions and processes that have made open source safe, have made open source predictable, manageable. And this is especially huge as the norms of working in open source are quite different than how companies work. I've run about three major open source program offices. And learning a large open source program office, you see a lot of things up front. And 2023 has been one of the most challenging years, but also full of opportunities. I've got to say the economic headwinds hit us this year. Companies started returning to office. And we were never the same as human beings after the COVID pandemic. I think we're all different. We've been completely changed. I want to focus on a few five things that have really provided challenge and opportunity to Ospo's this year. And so let's start with kind of setting the stage. I want to talk about risk. When companies and organizations face risk and danger and lack of clarity and doubts, it slows down innovation. We are uncertain. We have doubts. And we have to slow down, check what's happening, and then move forward. And organizations and humans, frankly, don't like change, don't like risk. And the story of the open source success in these past 30 years has been because we have worked hard to manage that risk, to contain that risk, to make sure open source is well understood, such as licenses, such as the name open source, and how it works. And this year, there has been some challenges to that safety and that stability of open source, if you will. But it's also been a year where the community has kind of rallied together and addressed this risk and uncertainty and moved forward in open source fashion using collaboration. So let's talk about first topic, licenses. So licenses are so core to open source because software is copyrightable and license is the way we communicate how we want users to use it, how we want contributors to contribute to it. And as creators, we have more control. And thanks to mature organizations like OSI and Open Chain and OSPOS, open source licenses have been very well accepted inside organizations. They're well understood. You don't have to go talk to your lawyer. You don't have to go talk to procurement every single time you need to use an open source software. And that's really helped the innovation and the speed of innovation in open source. So licenses like MIT are pre-approved and you just have no speed bumps, no slowdown when you need to use that. And we as an ecosystem are so comfortable using it. To me, it's like traffic lights. We all know that when the light is red, we stop. When the light is green, we move. And you depend upon your fellow passengers in the traffic to also stop and move. Imagine if the traffic lights did not behave or people did not behave for the traffic lights, you'd have chaos and you'd have confusion. So in an interconnected system like open source where we all kind of depend upon systems working, it's hard when license change or licenses appear to be open, but they're not. And so it creates disruption and it muddies the understanding that we all kind of rely on. So this past year, we've seen something I call open-ish. What that means is sometimes an open source license comes out with a patent clause or it comes out with some restrictions on use, such as you can't use it for certain use cases or for competitive use cases or you cannot use it in large companies or it says it's created a custom license. And licenses tend to be used to defend open source business models. And to me, it's open-ish. It's not quite open source. And it casts a shadow and it casts a doubt on our understanding of open source. We have to stop and we have to pause and we have to say, can I use this? Can I not use this? It says it's open, but I can't use it. It seems to have restrictions. So it really has created some uncertainty and doubt, if you will, on open source these days. And what I'm saying also is that confusion holds innovation back. And we need to really stick to open source definitions and what freedom in open source means. And what's good about what's happened recently is the community has reacted. And the community has said, we are not going to let open source be taken closed or be restricted in any way. We are going to create more neutral foundations that allow multi-parties to kind of work together to keep open, open, such as the formation of the Open Enterprise Association so that people downstream from Sentos can continue to use Sentos in their distributions. And also, the formation of the open TF is to host a fork of terraform when the license changed from what it was to a more proprietary license, from open source to a proprietary license. So what I have to say is, while there has been confusion and uncertainty, the community has found a way to rally around this confusion and to move forward on what the community needs. AI is also another new challenge and opportunity this year. And it's so different than open source. It is not necessarily just software. It comprises of models. It comprises of weights, parameters, data sets that are used to train, data sets that are outputs. And there's also software. So what we understand from a licensed perspective of a software may not be quite applicable, if you will, to AI. So I'm very grateful that organizations like the Open Source Initiative are working hard with the community and with a lot of different experts to define what AI means. And to take a look at a standard definition that all of us can understand and use more concretely. Because in the absence of a standard definition, a lot of folks are coming out with open-ish type of models and programs. And that's not really good enough for open source to move forward. Open source, everyone agrees, is vital to the success of AI, whether it's for the speed of innovation or to reduce bias or to make it more accessible to everybody on cheaper hardware, on smaller models. We know that open source needs to be behind AI, and we need to make sure that this happens. AI, I think a lot of folks, including Gabe, have talked about the fact that there's a lot of regulation today. He's working a lot with public sector. And in the EU, there are two specific areas of AI regulation. The first is the EU AI Act. And it's the first ever comprehensive attempt at regulating the uses and the risks of this emerging industry. And EU has always cared about its citizens and consumers and protecting them and making sure that their risk and health and, if you will, their rights are protected when we use AI. So AI Act is one of the big ones. There have been some proposals made in June which allow open source developers to work more freely in AI, which is a good thing. And then when you look at Spain, Spain, here, our home country, has been one of the first ones to set up an AI regulation office and also a sandbox to test against the AI regulations that will come out of the EU AI Act. So congratulations to Spain for leading the effort in the EU on this work. Let me move to another topic that has been an area of challenge for the last three, four years for all of us, and that is open source security. And I think it's a bit of a challenge because it is a complicated supply chain and it has a chorus of different players in the supply chain. You have producers of open source, everyone from very small one or two maintainer projects to very, very large projects like Kubernetes and the Linux kernel, perhaps at foundations and then some projects are released by companies. And then you have foundations, nonprofit foundations, some of them host open source projects like the Linux Foundation and the Apache Foundation. They also advocate for open source, they work with policymakers, they also create a more neutral governance model for projects. Then you have curators, Red Hat, system vendors who take open source and make it easy to use for commercial enterprises and who provide support and service. And then you have the consumer, the end consumer, which could be an enterprise, which could be a consumer in the market. And then public sector has played a huge role in the supply chain as regulators, as consumers, as protectors of their citizens. So you have all of these dynamics working in the software security supply chain and it cannot function without all of us collaborating better together. And frankly coordinating who does what, who's responsible for what and how we work better together. And curation of open source from a security perspective, from a licensed perspective, from a health of community perspective becomes more and more important for consumers to do. And certain critical projects need a great deal of support, whether it is through projects like OpenSSF or funding or contributions or policy. So security has been a big area of work for the Linux Foundation and for OSPOS and open source projects everywhere. And because of a lot of security incidents in the last few years, you see now a lot of regulations like CRA, I think Gabe has spoken a lot about that and also about the executive order in the US. I'm not going to go into it too much in detail, but to say that as a community we need to work closely to make sure that open source producers are protected and that the regulations understand what open source is and how it functions and what the supply chain and the different set of players looks like. The last area I'll talk about from an open source program office perspective is it's not enough to reduce risk as an OSPO. We have to make sure that open source is well integrated into the development process for our developers. We need to make sure that their world is delightful, that they can innovate and focus and work on open source and not worry about administration or friction or compliance or security because open source is a core part of the software development lifecycle today. We cannot do without open source and so we need to reduce friction and delay from the open source workflow. So I want to conclude in these five areas by saying the role of the foundation is a very important one for ensuring that there's neutral governance and there are neutral multi-party projects and we need a standard definition of AI for sure for open source to thrive and succeed and for us to have a standard definition in AI. And the supply chain collaboration and coordination is extremely important for us to understand who all the players are and how we all work together. And we have to do more education and advocacy of the public sector, policymakers so that they understand how open source works and how to do proper regulations in this space. And we can't make it hard for people to do open source. Open source needs to be easy for developers. We need to remove the friction from their work so that they can be free to innovate. So thank you very much for your time and I appreciate the opportunity to talk to all of you today about the challenges and opportunities. Have a great rest of the day.