(bright upbeat music) >> Greetings, brilliant community and thank you so much for tuning in to theCUBE here for the last three days where we've been live from Detroit, Michigan. I've had the pleasure of spending this week with Lisa Martin and John Furrier. Thank you both so much for hanging out, for inviting me into the CUBE family. It's our first show together, it's been wonderful. >> Thank you. >> You nailed it. >> Oh thanks, sweetheart. >> Great job. Great job team, well done. Free wall to wall coverage, it's what we do. We stay till everyone else-- >> Savannah: 100 percent. >> Everyone else leaves, till they pull the plug. >> Lisa: Till they turn the lights out. We're still there. >> Literally. >> Literally last night. >> Still broadcasting. >> Whatever takes to get the stories and get 'em out there at scale. >> Yeah. >> Great time. >> 33. 33 different segments too. Very impressive. John, I'm curious, you're a trend watcher and you've been at every single KubeCon. >> Yep. >> What are the trends this year? Give us the breakdown. >> I think CNCF does this, it's a hard job to balance all the stakeholders. So one, congratulations to the CNCF for another great KubeCon and CloudNativeCon. It is really hard to balance bringing in the experts who, as time goes by, seven years we've been all of, as you said, you get experts, you get seniority, and people who can be mentors, 60% new people. You have vendors who are sponsoring and there's always people complaining and bitching and moaning. They want this, they want that. It's always hard and they always do a good job of balancing it. We're lucky that we get to scale the stories with CUBE and that's been great. We had some great stories here, but it's a great community and again, they're inclusive. As I've said before, we've talked about it. This year though is an inflection point in my opinion, because you're seeing the developer ecosystem growing so fast. It's global. You're seeing events pop up, you're seeing derivative events. CNCF is at the center point and they have to maintain the culture of developer experts, maintainers, while balancing the newbies. And that's going to be >> Savannah: Mm-hmm. really hard. And they've done a great job. We had a great conversation with them. So great job. And I think it's going to continue. I think the attendance metric is a little bit of a false positive. There's a lot of online people who didn't come to Detroit this year. And I think maybe the combination of the venue, the city, or just Covid preferences may not look good on paper, on the numbers 'cause it's not a major step up in attendance. It's still bigger, but the community, I think, is going to continue to grow. I'm bullish on it. >> Yeah, I mean at least we did see double the number of people that we had in Los Angeles. Very curious. I think Amsterdam, where we'll be next with CNCF in the spring, in April. I think that's actually going to be a better pulse check. We'll be in Europe, we'll see what's going on. >> John: Totally. >> I mean, who doesn't like Amsterdam in the springtime? Lisa, what have been some of your observations? >> Oh, so many observations. The evolution of the conference, the hallway track conversations really shifting towards adjusting to the enterprise. The enterprise momentum that we saw here as well. We had on the show, Ford. >> Savannah: Yes. We had MassMutual, we had ING, that was today. Home Depot is here. We are seeing all these big companies that we know and love, become software companies right before our eyes. >> Yeah. Well, and I think we forget that software powers our entire world. And so of course they're going to have to be here. So much running on Kubernetes. It's on-prem, it's at the edge, it's everywhere. It's exciting. Woo, I'm excited. John, what do you think is the number one story? This is your question. I love asking you this question. What is the number one story out KubeCon? >> Well, I think the top story is a combination of two things. One is the evolution of Cloud Native. We're starting to see web assembly. That's a big hyped up area. It got a lot of attention. >> Savannah: Yeah. That's kind of teething out the future. >> Savannah: Rightfully so. The future of this kind of lightweight. You got the heavy duty VMs, you got Kubernetes and containers, and now this web assembly, shows a trajectory of apps, server-like environment. And then the big story is security. Software supply chain is, to me, was the number one consistent theme. At almost all the interviews, in the containers, and the workflows, >> Savannah: Very hot. software supply chain is real. The CD Foundation mentioned >> Savannah: Mm-hmm. >> they had 16,000 vulnerabilities identified in their code base. They were going to automate that. So again, >> Savannah: That was wild. >> That's the top story. The growth of open source exposes potential vulnerabilities with security. So software supply chain gets my vote. >> Did you hear anything that surprised you? You guys did this great preview of what you thought we were going to hear and see and feel and touch at KubeCon, CloudNativeCon 2022. You talked about, for example, the, you know, healthcare financial services being early adopters of this. Anything surprise either one of you in terms of what you predicted versus what we saw? Savannah, let's start with you. >> You know what really surprised me, and this is ironic, so I'm a community gal by trade. But I was really just impressed by the energy that everyone brought here and the desire to help. The thing about the open source community that always strikes me is, I mean 187 different countries participating. You've got, I believe it's something like 175,000 people contributing to the 140 projects plus that CNCF is working on. But that culture of collaboration extends far beyond just the CNCF projects. Everyone here is keen to help each other. We had the conversation just before about the teaching and the learnings that are going on here. They brought in Detroit's students to come and learn, which is just the most heartwarming story out of this entire thing. And I think it's just the authenticity of everyone in this community and their passion. Even though I know it's here, it still surprises me to see it in the flesh. Especially in a place like Detroit. >> It's nice. >> Yeah. >> It's so nice to see it. And you bring up a good point. It's very authentic. >> Savannah: It's super authentic. >> I mean, what surprised me is one, the Wasm, or web assembly. I didn't see that coming at the scale of the conversation. It sucked a lot of options out of the room in my opinion, still hyped up. But this looks like it's got a good trajectory. I like that. The other thing that surprised me that was a learning was my interview with Solo.io, Idit, and Brian Gracely, because he's a CUBE alumni and former host of theCUBE, and analyst at Wikibon, was how their go-to-market was an example of a modern company in Covid with a clean sheet of paper and smart people, they're just doing things different. They're in Slack with their customers. And I walked away with, "Wow that's like a playbook that's not, was never, in the go-to-market VC-backed company playbook." I thought that was, for me, a personal walk away saying that's important. I like how they did that. And there's a lot of companies I think could learn from that. Especially as the recession comes where partnering with customers has always been a top priority. And how they did that was very clever, very effective, very efficient. So I walked away with that saying, "I think that's going to be a standard." So that was a pleasant surprise. >> That was a great surprise. Also, that's a female-founded company, which is obviously not super common. And the growth that they've experienced, to your point, really being catalyzed by Covid, is incredibly impressive. I mean they have some massive brand name customers, Amex, BMW for example. >> Savannah: Yeah. >> Great point. >> And I interviewed her years ago and I remember saying to myself, "Wow, she's impressive." I liked her. She's a player. A player for sure. And she's got confidence. Even on the interview she said, "We're just better, we have better product." And I just like the point of view. Very customer-focused but confident. And I just took, that's again, a great company. And again, I'm not surprised that Brian Gracely left Red Hat to go work there. So yeah, great, great call there. And of course other things that weren't surprising that I predicted, Red Hat continued to invest. They continue to bring people on theCUBE, they support theCUBE but more importantly they have a good strategy. They're in that multicloud positioning. They're going to have an opportunity to get a bite at the apple. And I what I call the supercloud. As enterprises try to go and be mainstream, Cloud Native, they're going to need some help. And Red Hat is always has the large enterprise customers. >> Savannah: What surprised you, Lisa? >> Oh my gosh, so many things. I think some of the memorable conversations that we had. I love talking with some of the enterprises that we mentioned, ING Bank for example. You know, or institutions that have been around for 100 plus years. >> Savannah: Oh, yeah. To see not only how much they've innovated and stayed relevant to meet the demands of the consumer, which are only increasing, but they're doing so while fostering a culture of innovation and a culture that allows these technology leaders to really grow within the organization. That was a really refreshing conversation that I think we had. 'Cause you can kind of >> Savannah: Absolutely. think about these old stodgy companies. Nah, of course they're going to digitize. >> Thinking about working for the bank, I think it's boring. >> Right? >> Yeah. And they were talking about, in fact, those great t-shirts that they had on, >> Yeah, yeah, yeah, yeah. were all about getting more people to understand how fun it is to work in tech for ING Bank in different industries. You don't just have to work for the big tech companies to be doing really cool stuff in technology. >> What I really liked about this show is we had two female hosts. >> Savannah: Yeah. >> How about that? Come on. >> Hey, well done, well done on your recruitment there, champ. >> Yes, thank you boss. (John laughs) >> And not to mention we have a really all-star production team. I do just want to give them a little shout out. To all the wonderful folks behind the lines here. (people clapping) >> John: Brendan. Good job. >> Yeah. Without Brendan, Anderson, Noah, and Andrew, we would be-- >> Of course Frank Faye holding it back there too. >> Yeah, >> Of course, Frank. >> I mean, without the business development wheels on the ship we'd really be in an unfortunate spot. I almost just swore on television. We're not going to do that. >> It's okay. No one's regulating. >> Yeah. (all laugh) >> Elon Musk just took over Twitter. >> It was a close call. >> That's right! >> It's going to be a hellscape. >> Yeah, I mean it's, shit's on fire. So we'll just see what happens next. I do, I really want to talk about this because I think it's really special. It's an ethos and some magic has happened here. Let's talk about Detroit. Let's talk about what it means to be here. We saw so many, and I can't stress this enough, but I think it really matters. There was a commitment to celebrating place here. Lisa, did you notice this too? >> Absolutely. And it surprised me because we just don't see that at conferences. >> Yeah. We're so used to going to the same places. >> Right. >> Vegas. Vegas, Vegas. More Vegas. >> Your tone-- >> San Francisco >> (both laugh) sums up my feelings. Yes. >> Right? >> Yeah. And, well, it's almost robotic but, and the fact that we're like, oh Detroit, really? But there was so much love for this city and recognizing and supporting its residents that we just don't see at conferences. You uncovered a lot of that with your swag-savvy segments, >> Savannah: Yeah. >> And you got more of that to talk about today. >> Don't worry, it's coming. Yeah. (laughs) >> What about you? Have you enjoyed Detroit? I know you hadn't been here in a long time, when we did our intro session. >> I think it's a bold move for the CNCF to come here and celebrate. What they did, from teaching the kids in the city some tech, they had a session. I thought that was good. >> Savannah: Loved that. I think it was a risky move because a lot of people, like, weren't sure if they were going to fly to Detroit. So some say it might impact the attendance. I thought they did a good job. Their theme, Road Ahead. Nice tie in. >> Savannah: Yeah. And so I think I enjoyed Detroit. The weather was great. It didn't rain. Nice breeze outside. >> Yeah. >> The weather was great, the restaurants are phenomenal. So Detroit's a good city. I missed some hockey games. I'd love to see the Red Wings play. Missed that game. But we always come back. >> I think it's really special. I mean, every time I talked to a company about their swag, that had sourced it locally, there was a real reason for this story. I mean even with Kasten in that last segment when I noticed that they had done Carhartt beanies, Carhartt being a Michigan company. They said, "I'm so glad you noticed. That's why we did it." And I think that type of, the community commitment to place, it all comes back to community. One of the bigger themes of the show. But that passion and that support, we need more of that. >> Lisa: Yeah. >> And the thing about the guests we've had this past three days have been phenomenal. We had a diverse set of companies, individuals come on theCUBE, you know, from Scott Johnston at Docker. A really one on one. We had a great intense conversation. >> Savannah: Great way to kick it off. >> We shared a lot of inside baseball, about Docker, super important company. You know, impressed with companies like Platform9 it's been around since the OpenStack days who are now in a relevant position. Rafi Systems, hot startup, they don't have a lot of resources, a lot of guerilla marketing going on. So I love to see the mix of startups really contributing. The big players are here. So it's a real great mix of companies. And I thought the interviews were phenomenal, like you said, Ford. We had, Kubia launched on theCUBE. >> Savannah: Yes. >> That's-- >> We snooped the location for KubeCon North America. >> You did? >> Chicago, everyone. In case you missed it, Bianca was nice enough to share that with us. >> We had Sarbjeet Johal, CUBE analyst came on, Keith Townsend, yesterday with you guys. >> We had like analyst speed dating last night. (all laugh) >> How'd that go? (laughs) >> It was actually great. One of the things that they-- >> Did they hug and kiss at the end? >> Here's the funny thing is that they were debating the size of the CNC app. One thinks it's too big, one thinks it's too small. And I thought, is John Goldilocks? (John laughs) >> Savannah: Yeah. >> What is John going to think about that? >> Well I loved that segment. I thought, 'cause Keith and Sarbjeet argue with each other on Twitter all the time. And I heard Keith say before, he went, "Yeah let's have it out on theCUBE." So that was fun to watch. >> Thank you for creating this forum for us to have that kind of discourse. >> Lisa: Yes, thank you. >> Well, it wouldn't be possible without the sponsors. Want to thank the CNCF. >> Absolutely. >> And all the ecosystem partners and sponsors that make theCUBE possible. We love doing this. We love getting the stories. No story's too small for theCUBE. We'll go with it. Do whatever it takes. And if it wasn't for the sponsors, the community wouldn't get all the great knowledge. So, and thank you guys. >> Hey. Yeah, we're, we're happy to be here. Speaking of sponsors and vendors, should we talk a little swag? >> Yeah. >> What do you guys think? All right. Okay. So now this is becoming a tradition on theCUBE so I'm very delighted, the savvy swag segment. I do think it's interesting though. I mean, it's not, this isn't just me shouting out folks and showing off t-shirts and socks. It's about standing out from the noise. There's a lot of players in this space. We got a lot of CNCF projects and one of the ways to catch the attention of people walking the show floor is to have interesting swag. So we looked for the most unique swag on Wednesday and I hadn't found this yet, but I do just want to bring it up. Oops, I think I might have just dropped it. This is cute. Is, most random swag of the entire show goes to this toothbrush. I don't really have more in terms of the pitch there because this is just random. (Lisa laughs) >> But so, everyone needs that. >> John: So what's their tagline? >> And you forget these. >> Yeah, so the idea was to brush your cloud bills. So I think they're reducing the cost of-- >> Kind of a hygiene angle. >> Yeah, yeah. Very much a hygiene angle, which I found a little ironic in this crowd to be completely honest with you. >> John: Don't leave the lights on theCUBE. That's what they say. >> Yeah. >> I mean we are theCUBE so it would be unjust of me not to show you a Rubik's cube. This is actually one of those speed cubes. I'm not going to be able to solve this for you with one hand on camera, but apparently someone did it in 17 seconds at the booth. Knowing this audience, not surprising to me at all. Today we are, and yesterday, was the t-shirt contest. Best t-shirt contest. Today we really dove into the socks. So this is, I noticed this trend at KubeCon in Los Angeles last year. Lots of different socks, clouds obviously a theme for the cloud. I'm just going to lay these out. Lots of gamers in the house. Not surprising. Here on this one. >> John: Level up. >> Got to level up. I love these 'cause they say, "It's not a bug." And anyone who's coded has obviously had to deal with that. We've got, so Star Wars is a huge theme here. There's Lego sets. >> John: I think it's Star Trek. But. >> That's Star Trek? >> John: That's okay. >> Could be both. (Lisa laughs) >> John: Nevermind, I don't want to. >> You can flex your nerd and geek with us anytime you want, John. I don't mind getting corrected. I'm all about, I'm all about the truth. >> Star Trek. Star Wars. Okay, we're all the same. Okay, go ahead. >> Yeah, no, no, this is great. Slim.ai was nice enough to host us for dinner on Tuesday night. These are their lovely cloud socks. You can see Cloud Native, obviously Cloud Native Foundation, cloud socks, whole theme here. But if we're going to narrow it down to some champions, I love these little bee elephants from Raft. And when I went up to these guys, I actually probably would've called these my personal winner. They said, again, so community focused and humble here at CNCF, they said that Wiz was actually the champion according to the community. These unicorn socks are pretty excellent. And I have to say the branding is flawless. So we'll go ahead and give Wiz the win on the best sock contest. >> John: For the win. >> Yeah, Wiz for the win. However, the thing that I am probably going to use the most is this really dope Detroit snapback from Kasten. So I'm going to be rocking this from now on for the rest of the segment as well. And I feel great about this snapback. >> Looks great. Looks good on you. >> Yeah. >> Thanks John. (John laughs) >> So what are we expecting between now and KubeCon in Amsterdam? >> Well, I think it's going to be great to see how they, the European side, it's a chill show. It's great. Brings in the European audience from the global perspective. I always love the EU shows because one, it's a great destination. Amsterdam's going to be a great location. >> Savannah: I'm pumped. >> The American crowd loves going over there. All the event cities that they choose are always awesome. I missed Valencia cause I got Covid. I'm really bummed about that. But I love the European shows. It's just a little bit, it's high intensity, but it's the European chill. They got a little bit more of that siesta vibe going on. >> Yeah. >> And it's just awesome. >> Yeah, >> And I think that the mojo that carried throughout this week, it's really challenging to not only have a show that's five days, >> but to go through all week, >> Savannah: Seriously. >> to a Friday at 4:00 PM Eastern Time, and still have the people here, the energy and all the collaboration. >> Savannah: Yeah. >> The conversations that are still happening. I think we're going to see a lot more innovation come spring 2023. >> Savannah: Mm-hmm. >> Yeah. >> So should we do a bet, somebody's got to buy dinner? Who, well, I guess the folks who lose this will buy dinner for the other one. How many attendees do you think we'll see in Amsterdam? So we had 4,000, >> Oh, I'm going to lose this one. >> roughly in Los Angeles. Priyanka was nice enough to share with us, there was 8,000 here in Detroit. And I'm talking in person, we're not going to meddle this with the online. >> 6500. >> Lisa: I was going to say six, six K. >> I'm going 12,000. >> Ooh! >> I'm going to go ahead and go big I'm going to go opposite Price Is Right. >> One dollar. >> Yeah. (all laugh) That's exactly where I was driving with it. I'm going, I'm going absolutely all in. I think the momentum here is building. I think if we look at the numbers from-- >> John: You could go Family Feud >> Yeah, yeah, exactly. And they mentioned that they had 11,000 people who have taken their Kubernetes course in that first year. If that's a benchmark and an indicator, we've got the veteran players here. But I do think that, I personally think that the hype of Kubernetes has actually preceded adoption. If you look at the data and now we're finally tipping over. I think the last two years we were on the fringe and right now we're there. It's great. (voice blares loudly on loudspeaker) >> Well, on that note (all laugh) On that note, actually, on that note, as we are talking, so I got to give cred to my cohosts. We deal with a lot of background noise here on theCUBE. It is a live show floor. There's literally someone on an e-scooter behind me. There's been Pong going on in the background. The sound will haunt the three of us for the rest of our lives, as well as the production crew. (Lisa laughs) And, and just as we're sitting here doing this segment last night, they turned the lights off on us, today they're letting everyone know that the event is over. So on that note, I just want to say, Lisa, thank you so much. Such a warm welcome to the team. >> Thank you. >> John, what would we do without you? >> You did an amazing job. First CUBE, three days. It's a big show. You got staying power, I got to say. >> Lisa: Absolutely. >> Look at that. Not bad. >> You said it on camera now. >> Not bad. >> So you all are stuck with me. (all laugh) >> A plus. Great job to the team. Again, we do so much flow here. Brandon, Team, Andrew, Noah, Anderson, Frank. >> They're doing our hair, they're touching up makeup. They're helping me clean my teeth, staying hydrated. >> We look good because of you. >> And the guests. Thanks for coming on and spending time with us. And of course the sponsors, again, we can't do it without the sponsors. If you're watching this and you're a sponsor, support theCUBE, it helps people get what they need. And also we're do a lot more segments around community and a lot more educational stuff. >> Savannah: Yeah. So we're going to do a lot more in the EU and beyond. So thank you. >> Yeah, thank you. And thank you to everyone. Thank you to the community, thank you to theCUBE community and thank you for tuning in, making it possible for us to have somebody to talk to on the other side of the camera. My name is Savannah Peterson for the last time in Detroit, Michigan. Thanks for tuning into theCUBE. >> Okay, we're done. (bright upbeat music)

>>Good afternoon, brilliant humans, and welcome back to the Cube. We're live in Detroit, Michigan at Cub Con, and I'm joined by John Furrier. John three exciting days buzzing. How you doing? >>That's great. I mean, we're coming down to the third day. We're keeping the energy going, but this segment's gonna be awesome. The CD foundation's doing amazing work. Developers are gonna be running businesses and workflows are changing. Productivity's the top conversation, and you're gonna start to see a coalescing of the communities who are continuous delivery, and it's gonna be awesome. >>And, and our next guess is an outstanding person to talk about this. We are joined by Stephen Chin, the chair of the CD Foundation. Steven, thanks so much for being here. >>No, no, my pleasure. I mean, this has been an amazing week quote that CubeCon with all of the announcements, all of the people who came out here to Detroit and, you know, fantastic. Like just walking around, you bump into all the right people here. Plus we held a CD summit zero day events, and had a lot of really exciting announcements this week. >>Gotta love the shirt. I gotta say, it's one of my favorites. Love the logos. Love the love the branding. That project got traction. What's the news in the CD foundation? I tried to sneak in the back. I got a little laid into your co-located event. It was packed. Everyone's engaged. It was really looked, look really cool. Give us the update. >>What's the news? Yeah, I know. So we, we had a really, really powerful event. All the key practitioners, the open source leads and folks were there. And one of, one of the things which I think we've done a really good job in the past six months with the CD foundation is getting back to the roots and focusing on technical innovation, right? This is what drives foundations, having strong projects, having people who are building innovation, and also bringing in a new innovation. So one of the projects which we added to the CD foundation this week is called Persia. So it's a, it's a decentralized package repository for getting open source libraries. And it solves a lot of the problems which you get when you have centralized infrastructure. You don't have the right security certificates, you don't have the right verification libraries. And these, these are all things which large companies provision and build out inside of their infrastructure. But the open source communities don't have the benefit of the same sort of really, really strong architecture. A lot of, a lot of the systems we depend upon. It's >>A good point, yeah. >>Yeah. I mean, if you think about the systems that developers depend upon, we depend upon, you know, npm, ruby Gems, Mayn Central, and these systems been around for a while. Like they serve the community well, right? They're, they're well supported by the companies and it's, it's, it's really a great contribution that they give us. But every time there's an outage or there's a security issue, guess, guess how many security issues that our, our research team found at npm? Just ballpark. >>74. >>So there're >>It's gotta be thousands. I mean, it's gotta be a lot of tons >>Of Yeah, >>They, they're currently up to 60,000 >>Whoa. >>Vulnerable, malicious packages in NPM and >>Oh my gosh. So that's a super, that's a jar number even. I know it was gonna be huge, but Holy mo. >>Yeah. So that's a software supply chain in actually right there. So that's, that's open source. Everything's out there. What's, how do, how does, how do you guys fix that? >>Yeah, so per peria kind of shifts the whole model. So when, when you think about a system that can be sustained, it has to be something which, which is not just one company. It has to be a, a, a set of companies, be vendor neutral and be decentralized. So that's why we donated it to the Continuous Delivery Foundation. So that can be that governance body, which, which makes sure it's not a single company, it is to use modern technologies. So you, you, you just need something which is immutable, so it can't be changed. So you can rely on it. It has to have a strong transaction ledger so you can see all of the history of it. You can build up your software, build materials off of it, and it, it has to have a strong peer-to-peer architecture, so it can be sustained long term. >>Steven, you mentioned something I want to just get back to. You mentioned outages and disruption. I, you didn't, you didn't say just the outages, but this whole disruption angle is interesting if something happens. Talk about the impact of the developer. They stalled, inefficiencies create basically disruption. >>No, I mean, if, if, so, so if you think about most DevOps teams in big companies, they support hundreds or thousands of teams and an hour of outage. All those developers, they, they can't program, they can't work. And that's, that's a huge loss of productivity for the company. Now, if you, if you take that up a level when MPM goes down for an hour, how many millions of man hours are wasted by not being able to get your builds working by not being able to get your codes to compile. Like it's, it's >>Like, yeah, I mean, it's almost hard to fathom. I mean, everyone's, It's stopped. Exactly. It's literally like having the plug pulled >>Exactly on whenever you're working on, That's, that's the fundamental problem we're trying to solve. Is it, it needs to be on a, like a well supported, well architected peer to peer network with some strong backing from big companies. So the company is working on Persia, include J Frog, which who I work for, Docker, Oracle. We have Deploy hub, Huawei, a whole bunch of other folks who are also helping out. And when you look at all of those folks, they all have different interests, but it's designed in a way where no single party has control over the network. So really it's, it's a system system. You, you're not relying upon one company or one logo. You're relying upon a well-architected open source implementation that everyone can rely >>On. That's shared software, but it's kind of a fault tolerant feature too. It's like, okay, if something happens here, you have a distributed piece of it, decentralized, you're not gonna go down. You can remediate. All right, so where's this go next? I mean, cuz we've been talking about the role of developer. This needs to be a modern, I won't say modern upgrade, but like a modern workflow or value chain. What's your vision? How do you see that? Cuz you're the center of the CD foundation coming together. People are gonna be coalescing multiple groups. Yeah. >>What's the, No, I think this is a good point. So there, there's a, a lot of different continuous delivery, continuous integration technologies. We're actually, from a Linux Foundation standpoint, we're coalescing all the continued delivery events into one big conference >>Next. You just made an announcement about this earlier this week. Tell us about CD events. What's going on, what's in, what's in the cooker? >>Yeah, and I think one of the big announcements we had was the 0.1 release of CD events. And CD events allows you to take all these systems and connect them in an event scalable, event oriented architecture. The first integration is between Tecton and Capin. So now you can get CD events flowing cleanly between your, your continuous delivery and your observability. And this extends through your entire DevOps pipeline. We all, we all need a standards based framework Yep. For how we get all the disparate continuous integration, continuous delivery, observability systems to, to work together. That's also high performance. It scales with our needs and it, it kind of gives you a future architecture to build on top of. So a lot of the companies I was talking with at the CD summit Yeah. They were very excited about not only using this with the projects we announced, but using this internally as an architecture to build their own DevOps pipelines on. >>I bet that feels good to hear. >>Yeah, absolutely. Yeah. >>Yeah. You mentioned Teton, they just graduated. I saw how many projects have graduated? >>So we have two graduated projects right now. We have Jenkins, which is the first graduated project. Now Tecton is also graduated. And I think this shows that for Tecton it was, it was time, the very mature project, great support, getting a lot of users and having them join the set of graduated projects. And the continuous delivery foundation is a really strong portfolio. And we have a bunch of other projects which also are on their way towards graduation. >>Feels like a moment of social proof I bet. >>For you all. Yeah, yeah. Yeah. No, it's really good. Yeah. >>How long has the CD Foundation been around? >>The CD foundation has been around for, i, I won't wanna say the exact number of years, a few years now. >>Okay. >>But I, I think that it, it was formed because what we wanted is we wanted a foundation which was purpose built. So CNCF is a great foundation. It has a very large umbrella of projects and it takes kind of that big umbrella approach where a lot of different efforts are joining it, a lot of things are happening and you can get good traction, but it produces its own bottlenecks in process. Having a foundation which is just about continuous delivery caters to more of a DevOps, professional DevOps audience. I think this, this gives a good platform for best practices. We're working on a new CDF best practices Yeah. Guide. We're working when use cases with all the member companies. And it, it gives that thought leadership platform for continuous delivery, which you need to be an expert in that area >>And the best practices too. And to identify the issues. Because at the end of the day, with the big thing that's coming out of this is velocity and more developers coming on board. I mean, this is the big thing. More people doing more. Yeah. Well yeah, I mean you take this open source continuous thunder away, you have more developers coming in, they be more productive and then people are gonna even either on the DevOps side or on the straight AP upside. And this is gonna be a huge issue. And the other thing that comes out that I wanna get your thoughts on is the supply chain issue you talked about is hot verifications and certifications of code is such big issue. Can you share your thoughts on that? Because Yeah, this is become, I won't say a business model for some companies, but it's also becoming critical for security that codes verified. >>Yeah. Okay. So I, I think one of, one of the things which we're specifically doing with the Peria project, which is unique, is rather than distributing, for example, libraries that you developed on your laptop and compiled there, or maybe they were built on, you know, a runner somewhere like Travis CI or GitHub actions, all the libraries being distributed on Persia are built by the authorized nodes in the network. And then they're, they're verified across all of the authorized nodes. So you nice, you have a, a gar, the basic guarantee we're giving you is when you download something from the Peria network, you'll get exactly the same binary as if you built it yourself from source. >>So there's a lot of trust >>And, and transparency. Yeah, exactly. And if you remember back to like kind of the seminal project, which kicked off this whole supply chain security like, like whirlwind it was SolarWinds. Yeah. Yeah. And the exact problem they hit was the build ran, it produced a result, they modified the code of the bill of the resulting binary and then they signed it. So if you built with the same source and then you went through that same process a second time, you would've gotten a different result, which was a malicious pre right. Yeah. And it's very hard to risk take, to take a binary file Yep. And determine if there's malicious code in it. Cuz it's not like source code. You can't inspect it, you can't do a code audit. It's totally different. So I think we're solving a key part of this with Persia, where you're freeing open source projects from the possibility of having their binaries, their packages, their end reduces, tampered with. And also upstream from this, you do want to have verification of prs, people doing code reviews, making sure that they're looking at the source code. And I think there's a lot of good efforts going on in the open source security foundation. So I'm also on the governing board of Open ssf >>To Do you sleep? You have three jobs you've said on camera? No, I can't even imagine. Yeah. Didn't >>You just spin that out from this open source security? Is that the new one they >>Spun out? Yeah, So the Open Source Security foundation is one of the new Linux Foundation projects. They, they have been around for a couple years, but they did a big reboot last year around this time. And I think what they really did a good job of now is bringing all the industry players to the table, having dialogue with government agencies, figuring out like, what do we need to do to support open source projects? Is it more investment in memory, safe languages? Do we need to have more investment in, in code audits or like security reviews of opensource projects. Lot of things. And all of those things require money investments. And that's what all the companies, including Jay Frogger doing to advance open source supply chain security. I >>Mean, it's, it's really kind of interesting to watch some different demographics of the developers and the vendors and the customers. On one hand, if you're a hardware person company, you have, you talk zero trust your software, your top trust, so your trusted code, and you got zero trust. It's interesting, depending on where you're coming from, they're all trying to achieve the same thing. It means zero trust. Makes sense. But then also I got code, I I want trust. Trust and verified. So security is in everything now. So code. So how do you see that traversing over? Is it just semantics or what's your view on that? >>The, the right way of looking at security is from the standpoint of the hacker, because they're always looking for >>Well said, very well said, New >>Loop, hope, new loopholes, new exploits. And they're, they're very, very smart people. And I think when you, when you look some >>Of the smartest >>Yeah, yeah, yeah. I, I, I work with, well former hackers now, security researchers, >>They converted, they're >>Recruited. But when you look at them, there's like two main classes of like, like types of exploits. So some, some attacker groups. What they're looking for is they're looking for pulse zero days, CVEs, like existing vulnerabilities that they can exploit to break into systems. But there's an increasing number of attackers who are now on the opposite end of the spectrum. And what they're doing is they're creating their own exploits. So, oh, they're for example, putting malicious code into open source projects. Little >>Trojan horse status. Yeah. >>They're they're getting their little Trojan horses in. Yeah. Or they're finding supply chain attacks by maybe uploading a malicious library to NPM or to pii. And by creating these attacks, especially ones that start at the top of the supply chain, you have such a large reach. >>I was just gonna say, it could be a whole, almost gives me chills as we're talking about it, the systemic, So this is this >>Gnarly nation state attackers, like people who wanted serious >>Damages. Engineered hack just said they're high, highly funded. Highly skilled. Exactly. Highly agile, highly focused. >>Yes. >>Teams, team. Not in the teams. >>Yeah. And so, so one, one example of this, which actually netted quite a lot of money for the, for the hacker who exposed it was, you guys probably heard about this, but it was a, an attack where they uploaded a malicious library to npm with the same exact namespace as a corporate library and clever, >>Creepy. >>It's called a dependency injection attack. And what happens is if you, if you don't have the right sort of security package management guidelines inside your company, and it's just looking for the latest version of merging multiple repositories as like a, like a single view. A lot of companies were accidentally picking up the latest version, which was out in npm uploaded by Alex Spearson was the one who did the, the attack. And he simultaneously reported bug bounties on like a dozen different companies and netted 130 k. Wow. So like these sort of attacks that they're real Yep. They're exploitable. And the, the hackers >>Complex >>Are finding these sort of attacks now in our supply chain are the ones who really are the most dangerous. That's the biggest threat to us. >>Yeah. And we have stacker ones out there. You got a bunch of other services, the white hat hackers get the bounties. That's really important. All right. What's next? What's your vision of this show as we end Coan? What's the most important story coming outta Coan in your opinion? And what are you guys doing next? >>Well, I, I actually think this is, this is probably not what most hooks would say is the most exciting story to con, but I find this personally the best is >>I can't wait for this now. >>So, on, on Sunday, the CNCF ran the first kids' day. >>Oh. >>And so they had a, a free kids workshop for, you know, underprivileged kids for >>About, That's >>Detroit area. It was, it was taught by some of the folks from the CNCF community. So Arro, Eric hen my, my older daughter, Cassandra's also an instructor. So she also was teaching a raspberry pie workshop. >>Amazing. And she's >>Here and Yeah, Yeah. She's also here at the show. And when you think about it, you know, there's always, there's, there's, you know, hundreds of announcements this week, A lot of exciting technologies, some of which we've talked about. Yeah. But it's, it's really what matters is the community. >>It this is a community first event >>And the people, and like, if we're giving back to the community and helping Detroit's kids to get better at technology, to get educated, I think that it's a worthwhile for all of us to be here. >>What a beautiful way to close it. That is such, I'm so glad you brought that up and brought that to our attention. I wasn't aware of that. Did you know that was >>Happening, John? No, I know about that. Yeah. No, that was, And that's next generation too. And what we need, we need to get down into the elementary schools. We gotta get to the kids. They're all doing robotics club anyway in high school. Computer science is now, now a >>Sport, in my opinion. Well, I think that if you're in a privileged community, though, I don't think that every school's doing robotics. And >>That's why Well, Cal Poly, Cal Poly and the universities are stepping up and I think CNCF leadership is amazing here. And we need more of it. I mean, I'm, I'm bullish on this. I love it. And I think that's a really great story. No, >>I, I am. Absolutely. And, and it just goes to show how committed CNF is to community, Putting community first and Detroit. There has been such a celebration of Detroit this whole week. Stephen, thank you so much for joining us on the show. Best Wishes with the CD Foundation. John, thanks for the banter as always. And thank you for tuning in to us here live on the cube in Detroit, Michigan. I'm Savannah Peterson and we are having the best day. I hope you are too.