Audio Podcast Version

 

Find all of our podcasts at Anchor.fm, Apple Podcasts, Spotify, and all podcast platforms.

SHOW NOTES 

 

Transcript

[00:00:00] Donald Fischer: And certainly as our organizations, our businesses, our governments, our civilization has become more and more dependent on this corpus of open source projects that arose organically through this method. We can't, that won't work for ever to just take it on faith and hope for the best that it's all going to meet the standards that we needed to meet, that all of these individual constituent projects.

Each of which is important to so many downstream use cases is going to get the level of ongoing, maintenance and support and so on. And so I think building businesses around open source is essential.

--------------------INTRO

Aaron Griswold: And hit the music. Is everybody in? Cool. All right. Good morning. Good afternoon. Good evening. Wherever you are. This is Grizz Griswold. Hope you're doing well today I have a guest who is the CEO of Tidelift I had a lot of fun with Donald Fischer who is the CEO and co founder of Tidelift We talked about a lot of things.

First of all, we talked about his journey how he came to start Tidelift and why. I think it's pretty interesting, especially when you consider some of the things that have been going on in the past couple of years in open source as far as paying maintainers. I don't know if you've ever thought about that before, but it's pretty important.

And that's something that Tidelift works on. So we go through the reasons why you'd want to pay maintainers. We talk about open source and finance, of course. And, It was just an enjoyable conversation. And it was the first interview with somebody who was not FINOS of the year. Thank you, Donald, for joining us.

[00:02:00] Now we will see Donald and his crew from Tidelift in London for OSFF 2024 in June and also in New York in September and October And with that it's a great segue to talk about some of our sponsors from OSFF real quickly. And so we'd like to introduce the open source and finance forum London leader sponsors. And they are FinOps and Hedera.

So FinOps first, the FinOps Foundation offers professionals opportunities to grow their careers with networking, best practices, education standards within FinOps and also within cloud operations. So you can find them at finops.org. We will have some of the FinOps people on site. They're great people. I got to hang out with some of them in California earlier this year. And and at the conference in June, there'll be a couple of talks on FinOps itself the practice of it. I know that there's a breakout talk and I believe that there's a keynote as well. Again, looking forward to having them there.

Our next leader sponsor is Hedera. Hedera joined just before OSFF New York this past year. And it was great because, uh, there was a board member Andrew Aiken, that was with one company. And had to move companies and when he ended up at Hedera, he still wanted to be part of the FINOS community which we thought was great.

And then, Andrew won a board seat as well on the board. And Andrew's just been around Open Source forever. Great person, great human, and Also part of Hedera and I should say that Hedera is is an open source, leaderless, POS network driven by worldwide community and overseen by a diverse council of top industry players.

You can find out more about Hedera at hedera.com. You can find out about the Oh, I'm probably going to mess it up. The Hashgraph and Swirled Labs as well that is interwoven with Hedera. So check them out. We will probably have Andrew on the podcast in the next month or so leading up to OSFF.

And then finally, we want to make sure that we acknowledge and do a shout out to our Digital Sponsor gResearch and gResearch is gResearch. com. And gResearch is a British quantitative finance research technology firm. And the firm uses makes use of machine learning, big data, and other technologies to predict movements in the financial markets.

Thank you again to all of our sponsors. The sponsor pipeline is still growing early before OSFF. The last thing I'd like to say is, I'm recording this on April 10th and on April 11th so in the morning 7am Eastern, 12pm British Summertime, we will be launching the London OSFF schedule so again, by the time this goes out, and in fact, if I can Put this podcast out tonight and you're listening to it, then you actually have first access to the schedule, which we've already published.

And of course, there'll be a link in the show notes and on the website. So with that, I'm going to shut up and I'm going to let Donald Fischer, the CEO of Tidelift do a lot of talking. Thanks so much and catch you on the other side.

------------------- INTERVIEW

Aaron Griswold: Good morning, good afternoon, good evening, wherever you are. This is Grizz Grizzwold of FINOS. Hope you're doing well today. My guest is Donald Fischer. Donald is the CEO and co founder of Tidelift. Donald say hello.

Donald Fischer: Howdy.

Aaron Griswold: I did not expect a howdy from somebody from Boston. So can you explain that please?

Donald Fischer: Yeah, I think we're a national international presence. So I got y'all's I got howdy and I got packing the car.

Aaron Griswold: Pocking the car up in the Bahaba. Yeah, I told you I spent some time in New Hampshire. Every once in a while, it'll come creep back into me. But okay, Donald, we're going to get into who you are, what you do. We're going to get into Some about Tidelift. We'll get into open source and finance.

And we'll talk about, looking future facing as well. But but I do want to, I want to start with you. Who's Donald? Let's talk about your journey to get to where you are now. The dreaded question tell us about yourself.

Donald Fischer: All good. Happy to do it. Love to talk about myself. Um, here starting point is, when you're on the airplane and you fill out the boarding landing card and it says profession there. So for profession, I write programmer. That's my profession. And that's how I started in the tech industry and it's still a passion of mine.

And so I started building in the late nineties In the first, through the first internet bubble, et cetera. And one of the things I got really interested in very early in my journey in tech was what at the time was free software, the free software movement and the community around that, this sort of predated modern open source and what that has become.

[00:07:00] And I just got fascinated by, both the availability of it, what it allowed me to do as a student in the early, my career in terms of having access to stuff that I wouldn't be able to get my hands on. It was like hard to get Solaris system in those days, but it was easy for me to run Linux on my on my laptop. And then I started, as I went deeper and deeper into that rabbit hole, I started getting fascinated about like, how is this possible? Who, where's this coming from? Who are these people? Somebody is making all this open source software. How is that happening? What are their incentives? And this is awesome.

So how can we amp it up and make this even better? And that's basically been my sole focus for my last two decades of my career is figuring out how to amplify that organic energy in creative communities of smart and energized people around technology and specifically free software and open source communities.

Aaron Griswold: So you did not decide to study open source as a thing initially. I think a lot of people come to open source from different areas. So let's go even further back. Like you were a student, you saw a value in this. Uh, what was probably the first thing that, that you saw? You're like, yeah, this makes a lot of sense. Can you go back there?

Donald Fischer: Yeah, absolutely. Again, like at the time, open source was not a growth hack or a distribution mechanism or an enterprise strategy. It was actually a it was a movement, right? It was grounded in a philosophical perspective, which was you know, if you go all the way back to the origins of the free software movement, it was like, software deserves to, and demands to be free and there should be a open and equal access, as defined by specific for freedoms of the the free software movement.

And that resonated to me, cause there's something like fundamental there before you get to all the business utility and all that kind of stuff There's something profound and the combination of that along with just the mechanism that emerged in the late nineties with the advent of the Internet and all these technology platforms that we had, but really like the human dynamics.

[00:09:00] It's like these days in 2024, everyone's talking about generative AI and the emergent phenomenon. It's it seems like it's alive. It's just a bunch of trained weights, but it seems like it's human, right? So there's an emergent behavior these days, but open source and free software is actually an emergent behavior of humans who gathered on the Internet and started interacting in this way. So I just think it's fascinating. And there's something just fundamentally good and vital about it. And again, I've had the fortune over the last, 20 years and more.

Of being able to apply my energy towards cultivating that, investing in it, amplifying it, and trying to see how can we take that fundamentally good thing and amplify it and make more out of it and and enrich it.

Aaron Griswold: So now I'm going to ask you, you're talking about Stallman, way back when, basically, I'm assuming that, part of the FOSS and everything. So how do you feel about companies making money off of open source?

Donald Fischer: I love companies making money off of open source. I think this is, so again, like to, to my theory of the case is that there's this emergent behavior that happened, in the late nineties. And, this continues, it's amplified many orders of magnitude more.

If you look at the level of open source participation on platforms like GitHub, et cetera. But ultimately this needs to be we need to support this. Like we can't just count on this happening. by itself forever. And certainly as our Organizations, our businesses, our governments, our civilization has become more and more dependent on this corpus of open source projects that arose organically through this method.

We can't, that won't work forever to just take it on faith and hope for the best that it's all going to meet the standards that we need it to meet, that all of these individual constituent projects, each of which is important to so many downstream use cases. Is going to get the level of ongoing, maintenance and support and so on.

[00:11:00] And so I think building businesses around open source is essential to creating the ability to reinvest in these things and to amplify them and to sustain open source. I'm all about building businesses. You asked about my career early in my career. I had the benefit to be part of the early team at Red Hat that worked on the developed and brought to market the Red Hat Enterprise Linux business models or seminal business model in an open source software. I had the privilege of being the product manager for the first several releases of Red Hat Enterprise Linux and an executive at Red Hat, then working on a number of initiatives. And then, My personal journey, I spent 10 years as an investor focused essentially solely on open source companies funding and serving on the board and helping to steer and to develop companies working again or following the same principle of, find an engaged community of organic open source collaborators.

And then how can we build a business that amplifies it, which is. Really different from the more cynical kind of business open source view. I think that it's sometimes taken, which is Hey, how can we monetize this? How can we extract value from it? My perspective has always been, how can we create more value? And then there'll be plenty to go around. It's like a positive feedback loop.

Aaron Griswold: No, that total agreement here. And I've seen it for many years. And, tell me Red Hat, I think that was the first billion dollar revenue open source company. If I remember correctly and say, that's oh 14, 13 years ago. And So I've got to think that it was interesting if you were an investor in smaller startups, like what were you looking for then? What type of things? Because the model was just being proven again by red hat and, I'd assume by canonical and companies like that too, at that point, but but not necessarily, I don't think that there was probably a full pathway that somebody who's just starting an open source or an open core or something like that business would see.

[00:13:00] Oh, yeah, that's exactly where I can project myself in next number of years. So as an investor, what were you doing back then? And how are you seeing things?

Donald Fischer: Yeah, absolutely. Again, I think the most powerful and durable open source technology communities are those ones that start actually not with a business intent from the get go, but start with a an interest, a solution, building a passion kind of intent at the core.

So that's always been what I've looked for in the including the businesses where I've personally invested where I've been been involved in the company is like. Where is there that spark and early momentum. And then, so many times it, it comes to pass that there's a complimentary business model that can be attached to that that, again, provides a, Way to expand maybe that like passion based community to fund that community to work on some of the more boring business oriented kind of hygiene process kinds of refinements to the open the core open source project that are important to organizations downstream users who want to use that technology and that's good news because that means that's like fuel that can be go back into the creative process and can Okay.

Just literally fund the work of the developers who are working on those projects. And that's really the same analysis, the same theory of the case that has led to what we're doing with Tidelift.

Aaron Griswold: So yeah, next step, what you're co founder of Tidelift. What were you folks thinking, they're like, what was the impetus what was the impetus there?

And then I want to can contrast. Maybe there's a contrast. Maybe there's not to where you are now. So when did you start Tidelift?

Donald Fischer: So we started in 2017. And we've been on the same course following the same strategy and pursuing the same goal from inception. I'm happy to say we've found a lot of progress and we've we've made a lot of we've grown a lot with this model and, it's your question around what's the original idea? Our original observation was that there is this model of building a company.

Corresponding to an open source project, right? There's lots of examples of this. You might say that. I would actually, I think there's some nuance to the Red Hat example because it's really a distribution of projects. Hundreds of projects that are a composite product there, you have like sole product companies where there's like the open source project.

There's the company that goes with it. I won't rattle them all off. So that's that covers some portion of the open source project universe. That's yeah. Popularly used and importantly, commercially applied, but it doesn't cover a huge portion of the open source project universe.

That's like very essential, critical infrastructure for organizations that are building any modern software today. And typically the part of the stack that is not well covered is the application building blocks, all these javascript packages, java packages, python packages, the so called dependencies, everybody knows that XKCD cartoon with the package that

[00:16:00] Aaron Griswold: We'll flash it up. I was just going to mention it. The developer in Nebraska. Yeah, that holds up the internet.

Donald Fischer: So if you if you wander into any organization building and using software at scale, including, all of the FINOS member organizations, you'll find there's on the order of 10,000 packages like that.

That are not coming from Red Hat and they're not coming from any one of those startups, whether it's a public company or venture capital backed startup, the vast majority of the software at that tier is coming from individual human maintainers. Now, it's not like these folks are, starving to death In most cases, they have a day job, they do something else.

Many of them are, they might be a graduate student or, maybe they have a job in the software industry outside of the software industry. But the thing that is generally true for the vast majority of these projects is, Even the ones that are relied on by the financial services industry, other industries, is that the folks who are maintaining those, and very often the creators of those packages, they're not receiving an income, they're not, it is not their job to do that thing they have a job doing something else, and they, but they do this thing, and for that reason that the Activity that they are able to dedicate to those packages very substantially, right?

And some folks are in a privileged position where they can dedicate a lot of time and energy to very actively maintaining and securing their open source projects. Other folks, have to balance their time. They have to balance their energy and, they don't have the luxury to spend huge amounts of time. The idea that we had with Tidelift is like, hey, how could we take some of the things that have worked, draw inspiration from some of the things that have worked, like Red Hat building a composite product offering that pulls in many of these upstream packages and adapt that model to fit this space.

So what the application development community, which is really who we're servicing here. They're not looking for a long term supported stable release of all of these packages. And it doesn't work as the variety and the scale of it is just too immense to do that. But they are looking for those packages to follow secure software development practices.

They want them to be actively maintained. If they're not going to be actively maintained, they at least want to know what's the end of life for this. Fundamental things that you would demand of any software company that was selling you a product. Organizations. How to start using open source, assuming that all of those things are going to be true as well, but they're just not going to be true, and you're not going to even have that visibility unless you have some kind of productive collaboration with the open source maintainer.

So our very simple, idea was the software is coming from somewhere. There's humans out there somewhere. Maybe we can go to those those humans and say, thank you for creating this project and putting it out there. We appreciate that, but we want to ask you to do more. And specifically what we want to ask you to do is go through this checklist of secure development practices, et cetera. Attest to it. And to encourage you to do that and in to recognize your work there. Acknowledging that it's boring but important work, we'll pay you to do it. So it's basically, we built a platform for individual independent open source maintainers to go into business earning an income doing these things for the open source projects that they set into motion or have been maintaining.

Aaron Griswold: Nice. Because these individual maintainers have never been responsible for or I'm sorry, blamed for anything that's ever bad. This ever happened in the world of the internet or payments or anything like that.

Donald Fischer: I wish that were true.

Aaron Griswold: Yeah. Like I remember the world, I remember reading I was working on something, Oh, I'll never remember why I was reading the story about the Heartbleed bug, but it, I think the story is basically around two guys named Steve.

[00:20:00] Is that right? That they were the maintainers. And I think one was like more full time and they kept getting more full time because nobody else was there to do anything, right? And they were burnt out. Does that sound familiar to any maintainers out there? They were burnt out, they were not being
paid, and they had incredible demands upon them that people were demanding companies.

Major, fortune 500 companies were demanding. Why wasn't this done? Because it's Steve and Steve. And I remember even like reading the years later, how they just totally burned out. But I believe at least for that one. Is that the one that that they were brought into the fold somewhere, somebody ended up funding them, and and things got better.

But this is, I'm assuming that you see this all the time. And this is, part of the reason for doing that.

Donald Fischer: Yeah, absolutely. The there was a, my recollection is I believe we're at the 10 year anniversary now, the heart bleed incident around yeah, there was a open SSL foundation put together and there was some funding there, although I believe the funding tailed off fairly quickly as it receded into memory.

But the reality is that's one package. There's 10, more of those, each of which can have a. Potentially, extreme impact blast radius. If if there's a the right kind of circumstances, there are wrong kinds of circumstances. And I think the incident that's in the news over the last couple of weeks here as we record this around the XZ project is Not just proving that point but actually taking this hazard to a whole new level because here we have a circumstance where you know, so many of the past Large spectacle open source software supply chain disruptions have been human errors or mistakes that were exploited by adversaries, right?

But now with this new XZ sequence of events, what happened is you had an independent open source maintainer of a critical but under the radar open source package. And they were explicitly targeted because they were volunteers and struggling to keep up by a adversary. Most folks are saying this looks like a foreign state actor given the level of sophistication, the duration of the campaign, like the maintainer of XZ.

If you look back at the original sequence of events I think this goes back to 2021 when when the Adversaries started participating. The maintainer said I haven't lost interest in the project, but my ability to care has been fairly limited. It's good to keep in mind that this is an unpaid hobby project.

So this is the actual words of the maintainer. A question here. And then you have the advance of the, sock puppet, the fake account joining and right, the maintainer says, gia Tan may have a bigger role in the project in the future. He has been helping a lot off list and is practically a co maintainer already. And then years go by and this thing unfolds. So this gets to the fundamental question we think, which is if we, if this stuff is going to be our critical infrastructure, We have to make sure that the folks behind this who have the ability to secure these projects and to maintain these projects we have to make sure we meet them halfway and provide reasonable incentives and it's easy to do to justify doing because there's extreme business impact and organizational impact if we don't partner with the, our suppliers here. As we do in every other supply chain known to humanity we, we need to have a constructive partnership.

Aaron Griswold: But that one's free that we can just use that, that one, that, that saves us money. But yeah and you talk about 10, 000 packages, I was also going to mention what's the definition of a CVE and how many of those actually happen a day. If you have 10, 000 packages, how many CVE what is a CVE?

Donald Fischer: Critical vulnerability and exposures, I believe.

Aaron Griswold: And then with that, I don't I have looked before, cause I was doing, this is, I was doing research for a company a while back, and I was looking at, they're like, Hey, take a look at this CV.

[00:24:00] And I'm like, okay, I'll figure out what a CV is and everything. And then I started going through, I'm like, wow, that's a lot every single day. What is going on here? And then there, there are lists that are published every single day of. Yeah. of vulnerabilities that are found. So I can't even imagine as a maintainer and a distress maintainer dealing with that.

This interesting how you're approaching it to take care of them, I'm assuming.

Donald Fischer: And, just to build on your point there the, when you talk about open source software security or open source software supply chain security, a lot of the, very broad set of issues here to go tackle.

Where the industry started this journey was let us go identify the known bad releases that are, have already been, we've already found the defects in it that are critical and go, address those migrates newer versions etc. So that's by the way a very good idea Like, we often relate this to the there's a culinary analogy here, right?

So it's like you should not eat spoiled food eating toxic food is a bad idea. You should definitely try to Avoid eating, known, spoiled food that's been sitting out on the sidewalk, right? I'm not going to argue that you shouldn't do that. However, there's a much higher standard that you can seek out, right? Which is, in the food analogy, you want to eat High quality food, right? You want to eat ideally like whole grain food, not junk food. You want to eat maybe if you really want to go for it, farm to table, organic certified food, right? And the reason why you want to do that is because Your standard for your own human health is not getting poisoned It's you want to be thriving and you want to you know Be building health and resilience in your body and your in your family to You know basically to really thrive and excel right and so we think that there's a very clear analogy I believe is a very clear analogy to Our software supply chain as well.

After all, it's basically the food, the ingredients of our software in our applications. We'll get the best outcomes if we aim higher than not toxic to well secured actively maintained. And many of these questions are not just about things that have happened in the past, which is where this sort of CVE. Security vulnerability framing of the problem has to focus because it's only based on a list of things known defects, right? We're trying to offer models and approaches to work with the maintainers. We've been talking about in this conversation so far to get after this goal of, Hey let's identify open source projects and releases of those projects that have been vetted to be good, not just not bad.

And where we have a incentive in place to continue to have those projects well supported. And we know who's supporting them and there's a defined security response process in place for things that may come in the future. So it's all about advancing beyond the reactive approach of avoiding toxicity, which again is a good idea to do as a starting point to the next level of, hey, how can we actually build proactive health and resilience into the software that we use? And again, the really cool finding that we've found in building Tidelift today is that this is a situation where everybody can win right the organizations that need the software to meet these standards need this kind of visibility. It's important to their business outcomes to know this and to do this.

So it's worth them paying for it and the open source maintainers who can make it happen. It's valuable for them to derive an income from their work getting after these. Enterprise assurances, business assurances for the software that they otherwise are doing as a hobby or a best efforts practice.

Aaron Griswold: I want to add to your analogy then. I do another podcast with a buddy of mine and I, and it's about it's about mind and body type stuff. And something that we talk about every once in a while is that it costs more to eat clean than it does to eat crap, right? And but the cleaner you eat, the less crap that you eat, the less spoiled food you eat, the better your health is, and the better your health is, the better it is for the entire ecosystem because, there's less strain on insurance, there's less health insurance, there's less strain on hospital systems.

There's less strain on, it's the the idea of what is it that heard read a book recently that it was basically talking about the difference between sick care and healthcare and sick care is just dealing with the problems. Like you're saying, but health care really should be about, eating clean, being preventative, making sure that you're doing the right things in order to not only maintain things for you, but then again, it affects everybody else.

[00:29:00] And so adding on to the analogy, it just seems to to make sense that it's better for everybody the fact that you do have something that is not rancid. Whether it be software or food and that But that does take time, energy and money. And so that seems again, where the basis of your company is not only admirable, but, and this isn't I told you, this isn't an ad for it.

I get it. And coming from open source it makes a lot of sense to me because we do advocate, for banks to have full time employees that are working on open source projects, whether it's been also open source projects or any open source projects. But but, back to, yeah, there, there are so many packages that these banks use that they healthcare, every other, company of this out there is starting to find out like, Hey, we should probably either maintain help maintain ourselves.

Put the time and energy and money into it, or, we need to take care of the  people that are, taking care of us. Anyway, I think that's great, admirable, but also, it's smart.

Donald Fischer: Yeah, I agree. And the public health analogy is a sort of an extension of that food analogy, but it's it's very on point.

One of the things that we The activities that we engage in at Tidelift. One of the things we do is we convene a community online event every year with the goal of basically intersecting organizations like FINOS member companies who rely on open source creators with those like the literal, actually humans, right? The maintainers that we work with. And so the the event is actually called upstream. And the reason why it's called that is because it has a dual goal. Meaning so one is upstream is a term of art in open source software communities. It's the like independent developers who create work on the project.

It's the source of the raw material project, if you will, that gets frequently incorporated into commercial. Products or offerings. So it's the folks upstream from you, but there's also this, public health use of the terminology upstream. And one of the ways that I've heard it verbalizing, we shared it at the first time we held the upstream conference, was there's a parable of a two people on the side of a river literally a stream, right?

And they see a. Kid floating down in the river, struggling, jumped, one of them jumps in grabs the kid, drags him to the shore. Two more kids come floating down the river struggling, jump in, grab them both, bring them back to the shore. Three more kids come floating down the river.

The other companion set takes off, starts, starts heading off and the guy in the river says, where are you going? We got to help save all these kids here that, that are struggling floating down the river. Where are you going? And the, in the, his companion says, I'm going upstream to figure out who's thrown all these kids in the river, right?

Let's solve the problem at its source rather than constantly. Playing whack a mole. In that analogy that parable, it applies as much to people, buying high blood pressure medicine to, that's like the equivalent of pulling people out of the river versus some of the lifestyle interventions that can be taken further upstream.

[00:32:00] It also applies to organizations that are like, hey, my security scanner is going off because there's all these vulnerabilities in my open source packages. Maybe we can, tackle that by being a little bit more proactive and finding a way to partner with the open source creators that we have decided and opted into relying on let's find a partnership.

That's gonna work there. That's what we're about it. I'm excited that, one of the reasons why I've gotten involved in FINOS is I think it's the same spirit. In the context of the financial services industry and fintech companies similar spirit of, Hey, let's work together to get after some of the, fundamental challenges that organizations face when they are availing themselves of this amazing abundance of creativity.

And and technology, but like we can't do it blindly. We have to also be practical and come up with ways that we can we can partner to make sure that this resource that we're relying on and depending on is well cared for and maintained. And we continue to reinvest in it. So really excited to be a new member of of FINOS and partnering with y'all and your member companies.

Aaron Griswold: Yeah, no and us with you as well. And I was you folks joined, I think we did the announcement on March 7th of this year. But I did want to read your quote because, like I read a lot of quotes being in marketing and PR, but I did want to read it because One, I thought it was good but it not really caps our conversation, but it definitely I wanted you to expand on it as far as being involved with FINOS, but the quote is, Tidelift is thrilled to be partnering with FINOS on this important work, accelerating innovation and financial services through open source.

Tidelift's unique approach of paying open source maintainers to ensure their projects flow or follow secure software development practices. And contractually committing to these, continue those practices into the future has made a huge impact in helping our financial services customers confidently make long term investments in open source they use to power their applications.

Could you expand on, like, why, you started to go there, but why join FINOS? Why I know that there are a lot of bank members, but, what's the value for Tidelift in working with FINOS?

Donald Fischer: Yeah. First of all, a number of our customers are FINOS members. And we're meeting them in their community.

And we have a number of great, lead users and customers and partners that we've had in building and advancing this model. So for one thing, we're just trying to, spread that that adoption and awareness to their pure organization. So that's a useful thing to do. And then The other thing is, again there's a common dependency here of technology software powered companies in the large, but specifically the leading edge financial services and and fintech companies. On the general corpus of open source projects, but also there are some specialized projects that are more important to financial services than to the average industry. And so there's an opportunity, we believe for us to work together as part of the the FINOS group to identify those and to specifically make a directed investment in reinforcing those open source projects that are depended on by this industry and, along the way, it's going to, it's going to encompass a lot of the underlying, more fundamental open source projects that are relied on by all industries.

And again, my point is, it's not just industry, it's not just businesses or organizations. It's society now is powered by software and that software is 70 to 90 percent of it is this third party open source that's coming from random people on the internet. Good time to get to know those random people on the internet and figure out how we can help make sure that software meets the standards that we all need it and want it to meet.

Organizations want to meet those standards. The creators want to, they love spending their time and energy on ensuring that this software is robust and they love working on these projects. That's why, what got them started in the first place. But, sometimes the work is work. And it makes sense for us to make sure that that folks can also derive a reward from that.

[00:36:00] And beyond just bonus points kinds of things, there's an allocation of time and energy that is necessary. Once these projects get to scale, we need to make sure that we are funding that work that is. Going to be necessary to build open source software that we can depend on in the financial services industry and beyond.

Aaron Griswold: Upstream is June 5th from 11 AM to 5 PM Eastern and for our friends across the pond 4 PM to 10 PM British summer time. And I don't know about the West Coast. It's three hours behind something like that. So anyway how can people get involved with that? Is it in person, online?

Donald Fischer: It's online. So this is a global phenomenon. And as you mentioned, it will be live streamed on on June 5th this year and you can find out more by going to upstream. live is the URL here. We're going to have a great panel discussion, including some folks from the FINOS team are going to join us there, as well as some of the FINOS representatives of some of the FINOS member organizations as well.

[00:37:00] Very good. That discussion is going to be about, it's really framed around what can other industries learn from the experiences in the financial services sector specifically, obviously a leading Industry in terms of the application of technology, open source technology.

So running into many of the challenges that other industries are going to face early, we're trying to surface those those learnings and and also some of the consequences of being a regulated industry and some of the new requirements that that FINOS and its member companies are are, involved in. So it should be a good discussion. We're looking forward to it.

Aaron Griswold: Very good. So are we. So is Gab, too. Will I see you in London or New York this year for OSFF?

Donald Fischer: We'll be around. We'll be exhibiting at in New York is our 
expectation, and we'll be on the scene in in London as well.

Aaron Griswold: Sounds great. Waiting to meet you in person, and if not, I'll just head up to Boston and go I'll park my car somewhere.

Donald Fischer: Yeah. Yeah, very true.

Aaron Griswold: All right. Donald Fischer, CEO and co founder of Tidelift. Thank you so much for your time today and really appreciate it.

Donald Fischer: Appreciate being a part of this. And thanks for the time to chat today. And thanks for a fun conversation. Thank you.

-=-=-=-=-