Get Puppet Enterprise First 10 nodes are free!
Try it now
Request a demo
Automate IT and infrastructure, manage complex workflows, and mitigate risk at scale.
Try the full-featured Puppet Enterprise for free on 10 nodes.
Puppet Comply Find and prevent compliance failures
Compliance Enforcement Modules Remediate to stay in compliance
Continuous Delivery for Puppet Enterprise Build, test, and deploy infrastructure as code faster and easier
Content & Modules Pre-built scripts to automate common tasks
CentOS EOL Here’s how to secure your CentOS infrastructure – even after EOL.
Find thousands of component modules built by the community and guidance on using them in your own infrastructure.
Visit Puppet Forge >>
Open Source PuppetPerfect for individuals and small infrastructure
BoltAutomate tasks in orchestration workflows
See all open source projects >>
Contribute to open source projects >>
“It doesn't matter how small the contribution is – I think everyone benefits from the different environment, the different culture, of open source communities.” From ‘free software’ to the Mars Rover, the scope of open source is expansive, growing, and offering new challenges to organizations and practitioners alike.
Now, Perforce Director of Product Management Javier Perez is excited to share the latest findings from the 2023 State of Open Source Report with the context of his 26+ years in the software industry. Look into the past and peer into the future with this exciting discussion between two open source evangelists.
GET THE REPORT
Ben Ford [0:21] Hello again, and welcome to today's episode of the Pulling the Strings podcast, as always, powered by Puppet. My name is Ben Ford. I am our developer relations director here at Puppet, and I'm pretty active in the community as @binford2k. We may have run across each other once or twice in the past. Today we're talking with Javier [Perez]. He is the Chief Open Source Evangelist over at Perforce and Director of Product Management. He's responsible for a lot of the technical thought leadership and advocacy for the open source software and driving the OpenLogic offering from Perforce. I'll ask you to explain what OpenLogic does in just a second, but what I know about Javier is that he's been around in the industry for a really, really long time. I'm going to make you feel a little bit old here, if that's okay. He's worked at startups, large companies, small companies, from IBM to Red Hat, doing product offerings and open source strategy at all of these different companies. How long have you actually been in the industry, Javier?
Javier Perez [1:22] All right, so we're starting right on topic.
Ben Ford [1:23] Put you right on the spot.
Javier Perez [1:27] Right on the spot. I think I'm losing count. 26, 27 years now working in the software industry.
Ben Ford [1:37] That’s a very long time. That's back when CFEngine was like a sparkle in somebody's eye and we didn't really know what configuration management was.
Javier Perez [1:47] Oh, yeah. there were cell phones back then, but they looked very different.
Ben Ford [1:53] I had one. It had a little—
Javier Perez They looked different, they were brick size.
Ben Ford [1:59] It actually had an antenna, it was the size of your pinky, and you had to pull it out when you wanted to talk. It felt very James Bond-like.
Javier Perez [2:07] Well, that was one of my first jobs, working for software for mobile operators and those were the phones. And actually before the phones we had those pagers. I mean, I guess people in their forties and fifties, they remember those pagers that I think still some doctors use. And then you would have to go and find a phone and call back that number.
Ben Ford [2:34] It is kind of funny how in our car we talk about rolling up and rolling down the window, and none of the kids actually know what that means. They don't remember the hand crank. I wonder if people are forgetting what the word pager means in context of companies like PagerDuty or something?
Javier Perez [2:50] Yeah, no, I mean, there's so many stories. I tell my kids a few things and they just roll their eyes.
Ben Ford [2:55] Come on, dad.
Javier Perez [3:00] But it's great. Look, we are in a great time. I've seen from early stages, big size computers and everything was old, or at least now feels old, but now we're working with ChatGPT and all these open source innovations and it's wonderful. I'm just trying to keep up with the technologies.
Ben Ford [3:25] I lived down in the Bay Area for a while and I remember visiting the history of computer... Oh, shoot, what's it called now? The museum. The History of Computer Museum. And there was a Cray supercomputer that had a bench built in so you could sit on it. I don't know, it felt really cool to be sitting on a piece of history. And one of the bays was open and I looked in, and it was just this massive, massive tangled web of wires everywhere.
Javier Perez [3:58] Well, I have a story about that. Well, I don't know how much time we have, but I started tracking open source software, the history of open source software, and turns out that back in the 50s with some of the, what we know as mainframes, so one of the earliest [inaudible 00:04:19]mainframes, that's when there were the first kind of user groups, enterprise companies using those computers. Which by the way, they didn't have chips, it was all electric stuff. They looked like electric panels. And they created user groups, and then in those user groups, they were actually exchanging ideas and they were actually exchanging their software, which was not the software that you're thinking right now, it was more of punch cards and things like that. But they were exchanging their work, because they just saw the benefit of having more people knowing and sharing their knowledge. So we can track open source back to those days. It was one of those IBMs, I forgot now the model, I can look it up, but one of the first IBMs that created those user groups. And then there was a big user group created called Share, which, by the way, is still around, it's still around. They do their conference every year. And it was basically all about sharing their... Actually, Share is not an acronym, they call it Share because it was about sharing the knowledge.
Ben Ford [5:29] Because that's what they do.
Javier Perez [5:30] Yeah, exactly. That's what they did. That's the slogan. And they're still around. When I did that kind of research, we could track the open source back then. And then, of course, there are many, many more steps after that, right?
Ben Ford [5:47] Yeah. That was back before open source was a thing, a definition, and before free software was a thing, people just shared. They just gave other people their code and they'd borrow it and here's a piece that does this, here's a piece that does that, and we'd integrate our other software from other people.
Javier Perez [6:06] Yeah, what they were selling was hardware, and software, it will come with the hardware. And then, of course, with PCs and Microsoft, that's when the commercializing software really started. But I know we want to talk about other topics. We can go and talk for a few hours about that. I do have a presentation about that, one of these days I guess I'll record that again.
Ben Ford [6:32] That would be a really fun one, just going back and talking about the history. Real quick, though, I did want to ask one question about history, and that was, what was the timeline for the name of free software and the name open source, and what would you say is the definition of those two terms? Just to set the stage here.
Javier Perez [6:59] I need to look it up, but it was late 80s, early 90s. The concept was, well, yeah, everyone was talking about the free software. Make it free. Make it available to anyone. And free as in freedom, not free as in free beer. And then you probably heard also the term of free as in getting free puppies. It's free, but you have to take care of the puppy. So the same thing goes with open source, you get for free, but it will be good if you contribute back and if you let people know when there are bugs and all of that. So it started like that. It's free, but they create confusion. And then at some point, and I need to look it up exactly when, but at some point, basically the term open source started and say, "Hey, look, the source out there for anyone." In reality, anyone can commercialize open source, because you can do whatever you want with open source software.
Ben Ford [7:55] As long as you follow the license, right?
Javier Perez [7:57] That’s a topic of the different licenses, open source licenses, and yeah, I mean, organizations today, they spend money on open source. We do have business based on open source software. So I think it's a good name, open source. And then some people call it force, free open source. For me it's too much. I mean, we're talking about the same. Actually, I make more the difference with commercial open source versus open source, or community open source versus commercial open source.
Ben Ford Open source versus open core versus open ecosystem. It's like we could spend a whole podcast talking about all those different terms, right?
Javier Perez [8:40] Right. But the bottom line is, if you're using the open source outcomes from the communities, that's what we're talking about here. There are many organizations, including, of course, Puppet, that promotes open source, work with open source, works in our community, like you do. And then from there, there's also a business to run, right?
Ben Ford [9:07] Yeah. I do think that it's really important to clarify that open source and free software too, it's about the license, not about necessarily whether you can see the source code. I know that a lot of people sort of assume that if you see source code on GitHub that it's definitely open source, but that's honestly how people get into legal trouble with integrating that into their own code. So I do want to clarify that we are talking about the license here, not just access to the code.
Javier Perez [9:36] Exactly. So three things to remember about open source software. One, the code is there, it's available, you can get it. Two, it's really free. And three, has to have a license. If it doesn't have a license... In this country, in any country, there's the concept of ownership. So that means that it's not open source. It doesn't have a license file, it's not open source. And yes, they are a ton of those on NPM, on Maven, on Pipe and all those repositories. So keep an eye on that license file.
Ben Ford [10:13] Yeah. Well, let's maybe talk about OpenLogic for just a second, just so people kind of have an understanding of where you're coming from this. What is OpenLogic and what do they do?
Javier Perez [10:24] OpenLogic, it's one of the brands from Perforce, just like Puppet. What we do is we provide enterprise grade technical support for open source software. We support over 400 open source technologies, open source software, and we do it with subject matter experts, with what we call enterprise architects with years of experience, that that's what they do. I mean, they're experts on some of the different technology stacks, and we help our customers with that. So we are very much into open source. Some of those architects also contribute to some of the open source projects. And we help our customers from open source databases to now cloud native, DevOps, all categories within open source software. Linux distributions, of course.
Ben Ford [11:23] That’s really cool, because the lack of commercial support is one of the things that makes people afraid to use open source, so this takes away that argument. It makes it a lot easier for people to adopt.
Javier Perez [11:36] Although for me as a open source evangelist, I will argue that everyone is using open source. It just shows that some people don't realize how much they're using it.
Ben Ford [11:47] Yes, absolutely.
Javier Perez [11:48] They have software, they're using open source software. And in some cases have to have the support, so they go with a commercial version.
Ben Ford [11:59] I do think it's kind of fun, the idea of knowing that I've contributed a code to different projects, that I literally have little teeny tiny bits of code that are running on every iPhone in the world. It doesn't really mean anything material, but it's kind of cool to know that.
Javier Perez [12:17] No, it's awesome. That's a good example. There are other examples. Most of the software on technologies that go to space or go to the moon or go to Mars, the Rover, has a lot of open source there. In fact, on GitHub, I don't know if you remember, there were badges that for any of the Open Source—
Ben Ford [12:39] Oh, yeah, I forgot about those.
Javier Perez [12:41] Any of the open source components that were part of the Mars Rover, I think it was the Rover or the helicopter, they would get a badge. And at the time I was working in IBM and there were a bunch of contributors that got their badge and they were so excited. That's awesome. A little piece of my code made it all the way to Mars.
Ben Ford [13:02] All the way to Mars. And for all the Puppet community members out here, the International Space Station is actually running Puppet on some of their components, and so there is a non-zero chance that some of your modules, if you publish them to the Forge, might actually be running in space right now.
Javier Perez [13:20] Excellent.
Ben Ford [13:21] Very, very cool.
Javier Perez [13:22] No, I mean that's part of being part of the open source and part of technology. Doesn't matter how small the contribution is, I think everyone benefits of this different environment, different culture, I will call it, also on the open source communities.
Ben Ford [13:39] Absolutely. And that actually is a really good segue into actually what we're supposed to be talking about here, and that's the open source report. Could you tell us a little bit about what that is and why it exists and what you're doing with it?
Javier Perez [13:52] Talking about exciting things and contributions. For years I've been reading industry reports, especially around open source software, and different companies produce different reports, and I've been reading those. And since last year that I came on board with OpenLogic, had the opportunity to work directly on this, what we call the State of Open Source Report. And from putting together the survey... So we sent a survey out, we collaborated with OSI, the Open Source Initiative. So between the two of us, OpenLogic by Perforce and OSI, we put together the survey and we sent it out to all the industry professionals. And the questions were very specific about the use of open source in organizations, so not necessarily what I use as a developer working on weekends, but more about the use of open source in your organizations. And again, for second consecutive year, we got a really global survey. We cover every single geographical region from Australia to South Africa, South America, everywhere, and we ask about the industries where they're coming from, the respondents, and all top 20 industries included there. Small, medium, large, extra large company size. So really well represented sample of data for more than 800, actually close to 900, respondents. And we ask specifically about the use and challenges with open source software. What's next? Desirable technologies. Maturity in the use of open source software. So we got a really, really good information, and people in the media, publications are picking into some of those results. So really happy to talk about that and kind of share some of the insight and some of the, in some cases, surprises and some cases just validation of the technologies.
Ben Ford [16:01] I mean, speaking of surprises, you've been doing this for a number of years. What are some of the big surprises that you've run into in that time?
Javier Perez [16:11] We have a question where we ask, what's the most desirable technology? What would you like in your organization to do next? Or maybe you're already planning or maybe you're already exploring some of that. What would you like to do next? And last year was containers, container orchestration, which, I guess, is not surprise.
Ben Ford [16:33] Docker, Docker, Docker.
Javier Perez [16:34] Yeah. No surprises there. And this year, by just 1%, containers, container orchestration was second place.
Ben Ford [16:43] Oh, really?
Javier Perez [16:45] First place was AI and machine learning, of course. So one reason could be, well, maybe because there's more people already kind of using cloud ready technologies, containerization, and it's no longer a desirable technology, they're already doing it. But the other thing is, obviously there's been big news around AI in the last few months. So maybe executives on all these organizations are like, "Hey, figure out how can we take advantage of this AI, machine learning, deep learning." So that became number one kind of more desirable kind of technology, and I was a bit surprised to see that. So that was interesting.
Ben Ford [17:31] It’s definitely taken the world by storm. One of the neat things that I'm seeing coming out of GitHub, it's everybody's heard of Copilot, but they are now working on another use of that technology that'll help you write unit tests. So you won't actually have to know how to construct a unit test, you'll just write your code and then you'll say, "Hey, give me the skeleton for a unit test for all this code," and then you can go ahead and flesh it out and change things or whatnot. But it does most of the work for you. That is terrifying. But it's cool.
Javier Perez [18:02] No, no, it's great. And by the way, I think ChatGPT already does that. You paste code there and say, create some test cases for me. It also creates dummy data for you if you want to. I mean, it's unbelievable. And by the way, I'm writing a blog post, or it's going to be an article, publication, exactly about that, about ChatGPT and open source. My point, I'll tell you, spoiler alert, I'll tell right now. It's all positive. I mean, in my opinion, it's just a new tool or new tools. Your job, it's better when you use the right tools. And if you have better tools, you're going to do a better job. It doesn't mean that it's going to do it for you. It's not the case. You still need the human.
Ben Ford [18:48] We still have carpenters. We still have mechanics.
Javier Perez [18:51] You still need the human.
Ben Ford [18:52] Just because they have better tools, it doesn't mean their job goes away. It gets easier.
Javier Perez [18:56] Exactly. Well, I heard someone saying AI is not going to take jobs away, the jobs are going to go to the people that know AI as opposed to people that do not know AI. So it's the same story of you have to keep up to date, you have to keep learning, and learning about all these open source technologies, because that's where the innovation is. Actually, going back to your question, that's another maybe not exactly surprise, but maybe surprising for people, is the number one reason organizations use open source software is to have access to innovation and the latest technologies. That's the number one reason. It's not because it's free, it's not because of cost, it's because access to innovation. And actually here's another surprise-
Ben Ford [19:42] And it moves faster.
Javier Perez [19:43] Here’s another surprise, cost reduction, or because it's free, went down to reason number eight or nine.
Ben Ford [19:54] The number nine most common reason for using open source?
Javier Perez [19:58] That’s right.
Ben Ford [19:59] So you're saying that there are eight things that are more important than cost savings?
Javier Perez [20:02] Exactly. And obviously everything started because it was free, but it's different now, because it's already stable technology. That's where the innovation is happening. We can even talk about security there as well. That's more eyes they go on and the fixes are coming right away. And I always tell the story that from last year that Log4j, the fix was in a couple of days for a zero day vulnerability. The issue of course, it's always who has that in their apps and how long it takes them to update their apps and all that.
Ben Ford [20:42] The logistics of getting that one out were a nightmare, but the fix itself was real quick.
Javier Perez [20:47] And that's what open source communities do. I mean, they go and get it done.
Ben Ford [20:53] Yeah. I'm pretty sure that the fix for that actually did come from the community. I don't believe that it came from one of the employees.
Javier Perez [21:00] I mean, the Log4j community, the Apache community. Yeah, absolutely.
Ben Ford [ 21:04] Yeah. So let's say that I were a practitioner in the field, the writing software engineer, DevOps professional something, what are some of the things that would speak to me in this report? What are some of the things that I could learn from it? So what are some of the things that I could take from it and maybe, I don't know, influence the decisions that my business made, or something like that?
Javier Perez [21:28] Yeah, no, thanks for the question. I love to talk about this because there's still a lot of misconceptions. People not familiar with open source and they get some misconceptions there. First of all, on the report, if you're interested on the latest technologies, maybe you might be closer to kind of DevOps technologies, but not much knowledge on some of the other areas, let's say cloud native or databases or maybe frameworks, you get in the report, everything. So you get the list of the top 20, top 25 technologies on each one of those categories. I believe the count was on something like 140 technologies that we are listed on the report. There's a learning there, and I already got the feedback from multiple people saying, "Hey, I had no idea about all these popular open source projects just because I don't work on that space." The second piece is there are challenges, obviously, and we very specific focus on open source support challenges. You need to know more on what you're getting into and you need to do your homework before you invest on or start using a technology. And we have information about the different challenges. I can tell you in general the top three, the most common support challenges when you're using open source technologies. Number one, and no surprise, it's around security. I smile because I knew it. Every time you put in a survey security, everyone is going to say, "Yes. That's important to me," even if they don't do anything around security, if you're asking about-
Ben Ford [23:15] I think that one's because of compliance, right? Even if you yourself may not personally be as concerned about it, your security officers or your compliance officer certainly is. And because of that it has to be your top priority, right?
Javier Perez [23:29] Well, that's a good reason. I would say just in general, people just react saying, "Yeah, security's important." "In what neighborhood do you want to live in?" "The most secure." If you ask safe neighbor, "Of course I want to live in a safe neighborhood." Knowing that, we made actually the question more specific. Instead of just saying security, we kind of narrowed it down as security compliance, if that's a challenge to address security compliance, and that's number one of the top three, or number one reason, in terms of the support challenges for open source software. Number two is the skills, having the experience and proficiency on those technologies. I mean, we keep evolving. There are so many technologies. We have obviously many full stack developers, and I kind of smile every time I talk about full stack development, because full stack means what? Just two technologies, three technologies, four, five. Everyone creates their own stack. But the more you know as an engineer or a developer, the more frameworks, open source technologies, you know, the better. I mean, the more opportunities you have. Obviously I keep saying it's a great time to be an open source developer because there are plenty of jobs out there on everything across all open source software technologies, from security to DevOps to AI and many other things. So that the second top challenge on supporting open source, having the right skills. The other thing that we found is people or organizations tend to use the open source technologies that their own personnel already know. "So you already know about containers? Well, let's do containers. You already know about Postgres, let's do Postgres." As opposed to just go for the best technology for them. And that's where they just need the expertise and help. And the number three support challenge is the constant updates, constant releases, and constant patches. It's hard for organizations to keep up with that.
Ben Ford [25:44] Totally. I mean, hey, there's a plug for Puppet and patch management right there. We can help make it easier to keep your software up to date, right?
Javier Perez [25:53] Yeah. So, it's a challenge. It is a challenge. And obviously you want to make it easier, but sometimes, I mean, you know this, sometimes organizations, they don't want to touch their systems, they're applications. It runs, it's mission critical, business critical, I don't want to touch it,
Ben Ford [26:14] Don’t touch it. Don't touch it ever.
Javier Perez [26:16] And then the people that wrote that and deployed that, they're probably gone. Nobody knows about that code. So what do you do? I was working for a company that actually, we were forced to migrate to a different data center. We had our own private cloud and they were moving, so we actually were forced to move basically physically the servers to one place to another. And then there was one very important application that never had a reboot or a shutdown in something like 9, 10 years. And everyone was so scared to do it, but they had to do it. Can you imagine that?
Ben Ford [27:01] I remember when uptime was this thing of pride, and I'm like, we were dumb. The longer your uptime is, it just means the longer you've gone without a patch.
Javier Perez [27:15] Exactly. And if we talk about vulnerabilities, there are newly disclosed, discovered vulnerabilities all the time, so you have to keep up with your releases, your patches.
Ben Ford [27:28] Yep. That is absolutely, absolutely true. You mentioned a little bit ago, you used the phrase free as in puppies because it comes with the care and the feeding and the maintenance and whatnot. Do you think that that applies in the open source support challenge categories here?
Javier Perez [27:49] Well, one of the reasons and one of ways to get your organization to be more involved in open source and with open source projects, open source communities, is to gain the experience to become experts in that specific open source project. So that's a very good reason. There's a shortage of skills, there's a shortage of experienced personnel. What better way to, "Hey, this open source technology, it's important for us, it's maybe critical to our operation." Become closer to those communities, become closer to those projects. I mean, you don't have to go and be an expert, you can start with something small, maybe just reporting some bugs and then slowly get into in those communities. Organizations are doing that. They have full-time employees working in the open. When I say in the open I mean open source projects. The open source becomes more strategic for them. And it makes sense. I mean, you want the expertise. And then if you really have that expertise, you can actually influence the direction of those open source projects, which is another great benefit, and that's why many organizations are doing it. And that's part of what I call the kind of maturity in the use of open source for organizations. And we ask about that in the survey and it's in the report, and we had some interesting results there. We kind of listed some different steps or milestones in terms of the level of maturity in the use of open source.
Ben Ford [29:39] For an organization you mean, or for an individual person?
Javier Perez [29:42] It was all based all for organizations. But actually, in this case applies very much applies to... Well, some of the things applied to individuals. So for example, some of your applications are developing in the open, in public GitHub repos, for example. So we're asking about that. One more specific to organizations is, are you doing InnerSource projects? Do you have an OSPO, an open source program office? The more mature organizations, they do InnerSource projects, they have open source program offices. Do you have a legal team that is familiar with open source licenses? By the way, that increase-
Ben Ford [30:25] That’s a challenge.
Javier Perez [30:26] That increased significantly from last year to this year. So that's a good sign.
Ben Ford [30:30] Oh, really? That's a good sign. I like hearing that.
Javier Perez [30:31] That’s a good sign. But by the way, shout out to Sarah Killian, one of our lawyers here at Perforce.
Ben Ford [30:41] She is excellent.
Javier Perez [30:42] She knows about open source licenses. It's awesome to work with her.
Ben Ford [30:47] She has excellent taste in shoes, and she knows open source inside and out. I've engaged with her a whole lot with some of our programs. I'm working with her right now on our trusted contributor program, and she knows all the right questions to ask.
Javier Perez [31:03] Exactly. So that's another piece, right? Organizations need to get also their legal teams. Especially if you are commercializing software, you want to make sure that you're in good standing with all your open source licenses that you're consuming today. And then on the other side, if you are going to open source some of your codes, your scripts, your components, your integrations, your plugins, also make sure that you have the right terminology there for your licenses.
Ben Ford [31:34] Speaking of terminology, could you take one step back really quick and just to make sure everybody knows the words, could you tell us what InnerSource means? And then could you talk about the OSPO, the open source program office, and why it's important for a company and how that benefits companies?
Javier Perez [31:54] Sure. InnerSource, it's about using the same model, the same practices, that you have in the open source, meaning opened for contributions from anyone, creating the community, obviously a release lifecycle. So everything that you do in open source. The difference here is that it's behind closed doors, so within your own organization. That's why it's called InnerSource. In some organizations, not in some, many organizations are very siloed, they work in silos and no one talks to anyone. What a great benefit to have multiple contributions from different side of different parts of the business. So that's InnerSource projects. We have actually on the report the break-down on the type of industries that are doing more InnerSource and more open source program offices. So industries like financial services, banking financial services, insurance, they are doing more and more of those InnerSource projects. I mean, they're very large organizations. The benefit of having engineers, developers, from multiple teams from multiple parts of the world, all contributing to the same projects, and then reuse that software they produce for the different projects, the different initiatives.
Ben Ford [33:19] Here at Puppet we have a long tradition of, say support engineers, for example, tracking down a problem that a customer had and it turns out to be deep within PuppetDB or something, they might contribute a fix actually directly back to PuppetDB, or our content team might find a problem inside Puppet or Puppet Enterprise and contribute a fix to the other project, even though that's not anywhere near to their actual job responsibilities. Is that an example of something you might call InnerSource?
Javier Perez [33:47] That would be InnerSource. And if you add to that specific example maybe an architect from OpenLogic also contributing, and maybe someone from one of the other Perforce brands, Perfecto and Blazemeter and so on, that makes an InnerSource project. It's still behind closed doors. And by the way, many of those projects is kind of like the first step, and then once it's in a good stage, it can be open source. So you start with InnerSource and then you open source. Or just simply just for the best practices, even with no intentions to open source that software. For OSPO, or open source program offices, and I've been talking about this actually now for a couple of years, it's having a centralized place. Open source, it's all distributed. It's about you contribute from anywhere in the world. We don't need to know how you look, your background, ethnicity. You are a user and part of the community and you contribute. And that's the nice thing about open source, which it's always been big into inclusion and diversity and everything. But in organizations you have to have certain control of that. You have to centralize governance of the use of open source and some open source policies. So just like happened with security. I mean, 10 years ago, maybe 15 years ago, there was really no security officers or a CISO, chief information security officer. Well, maybe 15, 20 years, that's when they started. But my point here is, similar to the security office that now we see on every organization, I see it's happening now in the open source where there's an open source program office, and it's not about just... Well, you can start with just to make sure that you are using the correct open source licenses or the open source that you're consuming and then you are going to commercialize, that you have the proper licensing. So you can start with that, but it could be many other things. It could be about promoting the use of open source within your organization. It could be about deciding where you're going to invest in, what project are you going to contribute, what technologies you're going to use for your projects. So those type of discussions and decisions. What better way to do it in a centralized way with the open source experts? There's more and more documentation and use cases, and many organizations now have these open source program offices. Some places it's called a little bit different, but the point is, it's about the open source governance within the organization. And they see the benefit and they see the fact that, just like any other type of investment, if you're strategic about what you're going to do, if you're more strategic about the use and consumption of open source, everyone benefits. And then down the line, if you become more mature, we go back to what I was mentioning earlier, where you can actually influence the direction of some of those technologies. So big example is Kubernetes, right? Super successful. Everyone is using Kubernetes now and there are tons of contributors basically sending pull requests to improve Kubernetes. Well, some of the richest technology organizations or companies are actually deep into that. They have full-time engineers, full-time developers, working directly on the Kubernetes project. Why? Because you can shape the direction of that project that are using where they are commercializing also then, building their own businesses. So mature organizations are moving in that direction, and we show that also on the report, which is good to see and good to see progress. And obviously for next year, I'm very optimistic that we're going to see more progression in some of those areas.
Ben Ford [ 37:56] Yeah, I am too. I'm really glad to hear that. Maybe how about let's go ahead and close up here. We've been talking a little bit. But I'm curious to know if you have goals. What are some of the next things that you want to explore, some next trends you want to look at next year?
Javier Perez [38:15] Well, first of all, open source, I like to say open source is always the building blocks of all new technologies. We mentioned AI, all the frameworks, PyTorch, TensorFlow, all the libraries, it's all open source. So the building blocks are always open source software, so, regardless of the technology, there's always going to be important open source, key source, as part of that. We're probably going to see for next year more on the AI, machine learning, deep learning space. And one that I'm hearing more and was not included in this report, I think we're going to do it next year, it's more about the open source for Web 3. I think all the news, all the attention, is going to AI right now, but Web 3, it's growing, and there are more technologies, more protocols, more alternatives to blockchain that people don't realize. I mean, it's kind of quietly growing. There's a lot of startups working on Web 3 technologies. And again, it's all based on open source, so that would be an interesting area. Maybe because crypto has not done well recently, that's probably why it's quiet.
Ben Ford [39:39] Yeah, that's really a thing, isn't it?
Javier Perez [39:42] Yeah, I'm sure people are a bit disappointed with their returns there. But no, the technology keeps moving forward.
Ben Ford [39:51] Honestly, I mean, closing up here, the whole thread, everything that we're talking about, is open source software is taking over the world. And it's not slowing down, it's growing. Everything is using open source software, stuff that you wouldn't even think is using open source software. And I think that we all, organizations and practitioners and whatnot, I think that we need to pay attention to that. I think we all need to be aware from support, security, usage, and making sure that you're being a good steward of your own open source usage inside your company.
Javier Perez [40:26] Yeah, absolutely. And look, ask for help as well. That's why we have offerings like we do at OpenLogic, where we have experts on open source, where we can help our customers. But very, very optimistic about this space. I think it just keeps growing.
Ben Ford [40:47] Yeah. It's exciting.
Javier Perez [40:49] And it's also a cultural change. I mean, I don't have to tell you about that, Ben. But it's great to see people contributing back, being part of the communities, and developing great software.
Ben Ford [41:01] Yeah, I love participating in these open communities where it's not even really so much about the software itself, but it's the community and it's this culture of sharing and helping each other rather than competing with each other so much. We all benefit from it, and it's a great feeling to be part of a community like that. Before we close, if somebody were looking for the open source report so that they could read it themselves, what would be the phrase to Google for?
Javier Perez [41:31] 2023 State of Open Source Report from OpenLogic. The State of Open Source will give you a few reports there, but it's the one from OpenLogic.
Ben Ford [41:40] All right, that sounds great. And obviously we will put those in the session notes, but I know not everybody goes back to the website to read it and I want to make sure that that's obvious to everybody here. So, closing up, are you open to engaging with people, community, whether it's social media or whatnot? Are there ways that people could reach out and talk to you?
Javier Perez [42:00] Absolutely. I'm active on LinkedIn. I'm on Twitter/X. We can list the exact names there. It's @JPerezP_bos for Twitter/X. And LinkedIn it's Javier Perez. You'll find me there. I guess JavierPerez@OpenLogic.com. You'll find me.
Ben Ford [42:17] Cool. And yeah, we'll definitely put those links in the session notes this time, along with the link to the report itself. So thanks for being on here so much. This was really interesting and insightful, and it was kind of fun going down memory lane for a little bit and thinking about some of these fun things that I haven't actually touched in a very long time.
Javier Perez [42:37] Oh, man, you make me feel old.
Ben Ford [42:44] Cool. Cool. Well, that's a wrap for today. Once again, thank you for being here, Javier. And thank you everybody for listening, just being here with us on Pulling the Strings podcast, powered by Puppet, and, today, OpenLogic.
GET THE 2023 REPORT