My name is Miguel Diaz. I work at Digit in the European Commission, which is basically for the ones who know is European Commission is organizing different directorates. And I work in the one which is responsible for informatics, the Digit Digit.

And yeah, what I plan to do in the next minutes is just to give you an overview of first the open source strategy, which was released in October last year. And then I will explain some of the things we are doing right now related to open source.

So regarding the strategy, as I said before, it's public, you can check it out if you want, and there is the link afterwards in the final slide. It was released in October last year and is not in fact the first strategy that we release. It's in fact the fifth iteration of previous ones,

that initially they were local, let's say to our directorate in Digit. Since we were in contact with open source in year 2000, we have been producing different strategies that were evolving with our expertise.

And until last year, when we did this final one, which is different than the previous ones, because the previous one, as I said, it was for us, it was a document just for Digit Digit to organize ourselves, to have our own strategy. But this one, it's a strategy that involves the whole commission.

So with this strategy, the whole commission is adopting a position towards open source that was not formalized before, which is a big change. And we like to apply this mode of think open because that's what we are trying to achieve. It's to change the culture within commission,

which in fact was already happening. We will get into details later, but to have it in this formalized in a strategy involving the entire commission is a huge step for us. And we are very proud of it. The strategy comes with an action plan, it's 10 actions.

I will not go through all of them because that will take a lot of time, but I will focus on the ones that I believe are more relevant and the ones we are working on right now. And the first one, and this is something we see happening more and more often in the public environment

is the creation of an open source program office. Probably in the private environment that was happening already a few years ago, but in the public environment that was not happening as often. We see now that more and more different organizations, they are having this body within the organization.

And in our case, yes, that's the first action. We did it together with the strategy in October. And for an OSPO, there are different definitions, but in our case, our mission, what we try to do at least in this first stage

is first of all, to promote open source practices within commission, provide support and guidance to the open source projects and as well to those projects that want to become open source. We represent as well commission in open source events like this one. And we try to do networking also.

We are in contact with other OSPOs. And finally, of course, this action plan that I mentioned before, we are the responsible to make sure it's happening. So now thinking more about this action plan,

I will explain some of them. I explained the creation of the OSPO already. The action number two is what we call inner source as default. So applying open source within commission. And we like this picture because it's basically about breaking silos.

It's about sharing the code that we do, making it open, accessible to other teams so that they can benefit from the code that we produce. You have to know that commission is really big. We are more than 30,000 staff members and that's without considering the consultants.

And in EveryDG, we produce a lot of applications. We produce a lot of code. We were checking in our Git repository couple of weeks ago, and we had at least more than 1,500 projects, IT projects, maybe it's even more. And we learned that not all of them are open.

Not all of them, the code is accessible to the other teams. And in fact, when we checked, we only could see 10% of these 1,500 projects, which means that we have a lot of code. We have a lot of software that is not being seen by other teams. And this is a pity. We cannot capitalize on the things we do.

We might be doing things twice. We cannot contribute and that's not good for the organization. So what we are trying to do now in our Git repository is to make sure that for every new project, when you start with developing code, by default, your code will be visible to the other teams.

And we do not expect that by that, people are gonna start doing pull requests all of a sudden, but at least it's the first step to make this switch that I was mentioning before, this thing open that we want and about sharing. So that's an interesting action.

Action three, before I was talking about InnerSource, so working or adopting open source internally, this is more about our presence outside commission. We do have currently projects that are open source that are available in GitHub,

but they are isolated cases and we do not have an official European commission account where we as a block, we are present in GitLab, in GitHub. And we see that other governmental organizations like NASA or the European Space Agency,

they are already there and we should be there as well. We should have our own presence in GitHub and have contributions from the open source communities in a structured way. So as part of this action, the OSPO is in contact with the technical teams in charge of our Git repositories to make sure that we go out there

with our open source projects in an official and organized way. So that's something we are working on as well. Then action four, this is about changing the way we distribute our software. What you see in this screen

is something that we call a commission decision. And it's a document that development teams in commission, they have to produce if they want to go open source. They have to draft a cover note. They have to write this document. Then they have to have it approved.

Then there is an inter-service consultation. And if everything is fine and if everybody agrees, then this development team, they can go outside. They can put their code outside as open source. As you can see, it's a heavy process. And when we see that development teams,

they have to do that in order to get their code as open, we see that this is very discouraging. And so the OSPO, we are working with other teams in commission to change that process. And that instead of having to do all these administrative paperwork,

if a development team, they want to go open source and put their code in GitHub, by default, they can do it. There is no necessary, there's not necessary to do this paperwork. And we hope that by that teams, they are a bit, they feel relieved and they can go easily to put their code because we know that we have this willingness to do that.

But these administrative steps, we know that they are, yeah, discouraging certain teams to do so. So we hope that by changing these rules, we will invite our teams to more and more contribute to put their code in the different Git repositories

and being part of the community. Now, another action, we call it the open source innovation labs. This is something else we are working on. It's about setting up a control environment and protect it where we can test open source products

with the aim of finally adopting them in our app story, in our set of tools that we use every day. And we, before Christmas, we were asking all the different DGs in commission, okay, we are launching this. Do you have any ideas? What products would you like to test?

And it was very surprising to see the amount of responses that we got of people proposing ideas, open source products that go from artificial intelligence to desktop solutions. Please test this, this is a good thing, please. And we were very pleased to have this amount.

Now we have a nice problem, which is to decide what we do first. But getting back again to what I was saying, that commission is already changing the mood. That's already a good sign that the strategy that we are coming, it's good. It's a way to officialize, but we already noticed that there is a trend already in commission

to look more into open source and adopt open source practices. So we hope that with this Innovation Labs, we do interesting discoveries and yeah, eventually that they fulfill cases where we need these products. Okay, next action.

This is about outreach to community. So getting closer to open source communities. I have divided it into four sub actions. And this is something we are doing as part of the ISA Square program. Maybe some of you know, ISA Square is a program

that is running for many years that tends to promote interoperability and reusability across the EU in public services. And with these funds that we have received with ISA Square, we are doing these four sub actions. And the first one that we are doing

is launching a study about the funding mechanisms existing in Europe. Of course, we know that they are open source funds like the Apache Foundation, Linux Foundation, but we want to know whether there are still open source communities that they are not being helped enough

despite having these funds available. We want to know what is out there. We want to know if there are any gaps, if there are any communities that they need extra help financially or maybe not financially, but just support, communication, security. And we would like to have this picture

of how well served is the open source community in terms of funding, because who knows, maybe once we see this study and we see these gaps, we can say, hey, maybe commission, they can do something. Maybe there is a particular area where we could have, I don't know, European open source fund

that maybe could tackle those cases that currently are missed. And we see, we are very interested to know what this study will tell us. And eventually what we want is to avoid things like what you see in the picture in this image

where it reminds me a lot of the heart bleed attack that happened a few years ago where you have the entire internet using the OpenSSL library. Who knows how many people were behind that library? Maybe if that component would have been better supported, maybe we wouldn't have had the losses,

the millions of euros of losses that we had. So we are really interested to know what this study is giving us and whether we can help once we know how the landscape looks like. Still with the ISA square program, what we are doing, the second SAP initiative, it's European of open source inventory.

And maybe inventory is a big word because of course, we don't think we are gonna cover all the public institutions in Europe, but we want to know across Europe, across the EU from all the different public administrations, which open source products they are using with the ultimate goal of knowing

which are the most critical ones, the ones that are more heavily used and eventually see whether we can as well help those products, maybe running back bounties to make them more secure or maybe with some funding. The idea is again to sustain these products

that they are giving already a service and see whether eventually commission could help. So we are running this study with an external firm. They are helping us, they are serving the different public administrations in Europe at different levels, where they are talking to cities,

they are talking to regions, to national governments and they asking them, okay, which open source tools are you using and what is the criticality? How often do you use them for what purposes? And yeah, we're looking forward to see what it comes out of it. I take the opportunity for the attendees,

the people listening to this, that if you are working for a European institution and you would like to be part of this study, please get in touch with us. At the end of the slide, you will see our contact details. If you think that this institution is using open source and you would like this open source to be in our inventory for potential improvements, help that we could give,

please get in touch with us. So moving on, I'm now, sorry, going to the third sub-action of this action number seven. We are running also back bounties currently.

We are, before Christmas, we talked to certain public institutions and we asked them, okay, which are the products that you are using open source that you think would benefit from a back bounty? And we came up with these three, Moodle, Element, and Zimbra, and we are currently, they are the three of them,

they are going through a back bounty process. There is an army of ethical hackers going through them and raising vulnerabilities, it's going very well. We are very happy with the way it's going. And we hope that with this initiative, we are helping these three solutions to become better, to become more secure and to give at the end

this ultimate service that we give to European public services. And the last sub-action of this action seven is hackathons. This is something we already did in the past with a project that some of you might know,

it was called FOSA2, it was very successful. We were doing back bounties as well at that time and we were doing hackathons. Of course, they were physical hackathons at that time. Now it will be virtual, but yes, we are planning to do two of them

during the first half of 2021. We have pretty clear ideas of what we want to do. It will be probably soon. And again, the aim of this action seven as the other three sub-actions before is just to get again in contact with open source communities, bring them together,

share knowledge, share experiences, and overall help the community. So this action seven was a bit longer and we do have more, as you saw in the action plan, we had 10 actions. Some of them involve our governance procedures

like consider open source when we evaluate projects. Others it's about communication plans that we are doing inside commission to promote open source. We are also working on trainings for our staff to get more acquainted to open source.

We are also in the HR part, we at some point we will get at the recruiting profiles to see where we can include also the open source dimension when we are for selection criteria. So as you can see, we are very busy and we are very exciting anyway, we are very happy.

And at the end, as I said, the ultimate goal is to change the mentality of commission. I forgot to say that it's something that it's an internal strategy. It's something that we do for the organization. I say that because at the beginning when the strategy was released, some people said,

thought, okay, you are doing something for the EU, you're promoting something. And no, for the moment, it's just a strategy for us, for the organization to change our culture and to embrace ultimately open source, both in terms of practices, mentality,

and as well as tools. So that's all I wanted to talk about. In case you have questions, you can reach us in this email address, digit-ospo. And if you are interested in the strategy,

you have the link as well over there. So, well, thank you very much for your time. I hope I gave you a nice overview of what we are doing. And if you have questions, please feel free to shoot. Thank you very much for your time.

That was awesome. Thank you. Questions should be coming in soon. Hopefully there's been no questions yet, but I think that's maybe because people are writing them. Personally, I think that's awesome. I really appreciated the work that you're doing. I think that's a really great inner strategy session. I have a couple of questions while we're waiting for people to send them in.

Okay. My first question is innovation lab sounds awesome. That seems really cool that you're testing these things and trying to see what's good and what can be used by the EC. Is there any plans to release the output of the innovations labs of how that testing process went? Well, actually it was not initially planned to release it

because we thought indeed in terms of internal strategy. So it was not the initial idea, but I think we will see if something we didn't check, maybe there's no problem in sharing what we are using. In fact, there's no secret to say that we already have in our app store,

things like LibreOffice, like Firefox. So I think it should not be an issue to say afterwards, look, we are adding LMN or Moodle or yeah. So in theory, I don't think it should be an issue. Excellent. I love that. Okay, first question in the question tab.

When you allow going open source as default and got rid of the process, how do you ensure that the projects confirm, conform with licenses and export laws? You went to the developers? That's a good question because I forget to say that, that indeed we are removing these legal, these administrative steps,

but there is a step that will stay there, which is these intellectual property checks that the Joint Research Center is doing. So we are helping the development teams. They will not have to do that paperwork. That's good, but we will not, we will continue doing of course, the intellectual property checks.

So that will stay continuing as a control, but at least the development teams, they will not have to write those, allow me to say boring documents. Yeah, thank you for doing that work on behalf of all developers everywhere. So still waiting for another question. I have more questions.

You mentioned bringing some stuff internally and mentioned trying to give back by maybe opening up a European Commission fund. I love that idea, that's awesome. What are you doing to help make sure that people on European Commission time are actually able to collaborate effectively with projects that aren't under the European Commission banner?

Yeah, that's something we have asked ourselves and it's a tricky point that we have not find the answer yet because we are a public institution, okay? So we use taxpayers' money and that translate into projects with a limited budget. You have a project manager in commission, I have my budget, I need to deliver.

So when you will have a developer saying, look, I want Friday's afternoon to contribute to other projects, the manager will say, okay, how do we do this? Because I need to justify your time, we are using public money. So who knows? Maybe we have a clause that says

if it's something incidentally, an incidental contribution that's allowed, you don't even need to check to your line manager. We're still working on that, but it's a good point because we, ourselves, we are trying to find the answer to that. Excellent. Still waiting for more questions.

It looks like it's just me being able to ask all the questions I want to ask, which is kind of fun. Still five minutes left, but anyone is curious. You mentioned at the beginning, OSPOs. What are you doing to make sure you collaborate with other OSPOs or OSPO organizations? Yeah, well, we attend to international events, open source events, but also with Open Forum Europe,

we are in contact with them and they put us in contact with other OSPOs, which is very interesting. We learn a lot from them, like the OSPO in the Ministry of Technology in Israel. They are very advanced and it's very amazing to see what they are doing. Vice versa, United Nations, they are looking at us because

they want to know what we have done. So it's basically, yes, we are keeping this network, thanks to being involved with other organizations, but now we are planning also to start leading ourselves workshops that we can organize ourselves

and we will start being active as well and productive and contacting different organizations and to establish some regular meetings as well to catch up and to share knowledge. I'm excited about that too. I want to get involved somehow, although I'm not European, so maybe I can't, which actually reminds me of my next question,

because again, I'm still waiting for more questions. If anyone has any, please feel free. I know there's some European commissioners, not all of them, but there's definitely a movement of digital sovereignty. The idea that code in the EU should stay in the EU. How is this internal plan deal with that sort of thing?

Well, it's linked. There's obvious link. Thanks, as you said, digital sovereignty is one of the objectives and it was mentioned by Van der Leyen several times in her speeches. So, and open source, we see that as an enabler to that. So, and we basically,

and even in fact now when we are asked for open source products in the case of the Innovation Lab, some of them, they were asking for a secure email solution because they don't want to use another product.

So, yes, it's very interlinked. We consider that as an enabler and that of course is in our, let's say the things to keep in mind when having our role in the OSPO. Excellent. Good answer. So, I have a question here. If Paris gives two hours to your code,

can you give two hours to Paris? Can we create a time exchange? Good idea. So, you mean the city of Paris? Assumedly, it's probably Philippe and I, but I'm not sure. But why not? That could be a kind of arrangement that we could do between institutions to have like envelopes of hours

that we could exchange to contribute to, yeah, to different projects. Why not? That would be an interesting exchange.