>> Lisa: I'm Lisa Martin with theCUBE. We're on the ground at Google for the 6th Annual CloudNOW Top Women in Cloud Awards. Very excited to be joined by award winner and CUBE alumni Erica Windisch, founder and CTO of Iopipe. Welcome back to theCUBE, Erica. >> Erica: Thank you. Great to have you here, and congratulations on being one of the top women in Cloud. >> Yeah, of course. >> Tell me, when you heard about that you were being recognized, what did that mean to you and where you are in your career? >> Well, oh gosh, I mean it really meant, it was really big for me. I actually wasn't really expecting it. I think I was nominated and I totally forgot. I think somebody had mentioned to me that they were nominating me and I had no idea about it. I totally forgot about it. But I mean, for me it's just so validating because as much as I've, well one, because I've done a lot of interesting things in Cloud and in tech, but I've never really gotten a lot of recognition for that. And also, just recognition, I mean to be quite honest, I'm transgender. So the fact that I was recognized as a woman, Top Ten Women in Cloud Computing, was extra important and special for me. >> Oh, that's awesome. So tell me about your path to being where you are now. Were you always interested in computers and technology, or is that something that you kind of zigzagged your way to? >> Yeah, well, it was one of these things I guess I had some interest. When I was a child, we had BASIC exercises printed in our math books but our teachers never went over it. So I got kind of interested and I would read through those like those little appendums in my math books, and I would start teaching myself BASIC. And I picked up a Commodore 64 and it didn't work and I taught myself BASIC, more BASIC with those manuals. And I just had these little tiny introductions to technology and just self-taught myself everything. Eventually using a high school job to buy myself books and just teaching myself from those books. Managed to grab Linux on some floppy disks, installed it and tried to figure out how to use it. But I didn't really have lot of mentors or anything that I could really follow. At best there were other kids at school who were into computers and I just wanted to try and do what they were doing or do better than they were doing. >> I love that, self-taught, you knew you liked this and you were not afraid to try, "Hey, let me teach myself." That's really inspiring, Erica. >> Yeah. >> So, speaking of inspiring, tell me about the Iopipes story. So you're a TechSource company, tell us a little bit about TechSource, what that investment in IOpipe means. >> Yeah, so, I started, I guess I first started IOpipe two years ago. And I found the co-founder Adam Johnson, who joined me. And we applied for Techstars, got in, and that was like the first validation that we had from outside of ourselves and maybe one angel investor at that time. And that was a really big deal because it really helped accelerate us, give us validation, allow us to make the first hire, and they also taught us a lot about how to refine our elevator pitch, and how to raise money effectively. And then we ended up raising money, of course. So with the end of Techstars we had a lot of visibility, and that helped us raise two and a half million dollars seed round. >> Wow, so a really good launching pad for you. >> Yes, yeah. >> That's fantastic. So tell us a little bit more about the technology, I know that there's AWS Lambda, we just got back from re:Invent last week, so tell us a little bit more about exactly what you guys do. >> Oh yeah, so what we do is we provide a service that allows developers to get better insights into their application, they get observability into the application running a Lambda, as well as debugging and profiling tools. So you can actually get profiling data out of your Lambda and load that into Google DevTools and get Flame Graphs and dig in deep into which function called which function inside of each function call, so every Lambda invocation you can really dig down and see what's happening. We have things like custom metrics and alerts for that. So you can, for instance, we built this bot. I built it in two days. It's a Slack bot that, if you put an image in a Slack, it will run it through Amazon Rekognition and tell you, describe the objects in it, and describe it. So, for instance, if you have visually impaired members of your team, they can find out what was in the images that people pasted. I built it in only two days, and I could use our tool, let's say to extract how many objects were found in that image, whether or not a specific object was found in that image, and then we can create alerts around those, and do searches based on those, and get statistics out of our product on the data that was extracted from those images. So that was really cool, and we actually announced that feature, the profiling feature, at Midnight Madness at re:Invent so it was like the opening ceremony for re:Invent. It was just us, Andy Jassy and Shaquille O'Neal. >> Lisa: What? >> Yeah, and we launched our product, and we did the demo of this Slack bot, and it was a lot of fun. >> Wow! So you were there last week, then? >> I was there, we were there last week, and we were actually the first, myself, my co-founder and one of our engineers were up there and we were the first non-AWS speakers at the entire arena, it was really amazing. >> Wow, amazing. Congratulations. >> Thank you. >> So with all the cool announcements that came out last week on Lambda, Serverless, even new features that were announced for recognition, how does that either change the game or maybe kind of ignite the fire under you guys even a little bit more? >> Well I think one of the biggest announcements relative to us was Cloud9. And we knew that this was going to happen, Amazon acquired them a year ago, a year and a half ago, but they finally launched it. And they really doubled down on providing a much better experience for developers of Lambda to make it easier for developers to really build and ship and run that code on Lambda, which provides a much tighter experience for them so that they can on-board into things like IOpipe more easily. So that was really exciting, because I think that's really going to help with the adoption of Lambda. And some of the other features like Alexa for work is really interesting. It will probably just again, a lot of Alexa apps are built on top of Lambda, so all of these are going to provide value to my own company because we can tell you things like, "Well, how are your users interacting "with those Alexa skills?" But I think it's just generally exciting because there's just so many really cool, I mean, I don't know how many things they announced at this re:Invent that were just really amazing. Another one I really loved was Fargate, because I mean I came from Docker, I used to be a maintainer of the Docker engine and something that I was pushing for at that time in OpenStack and other projects, was the idea of just containers completely as a service without the VM management side of things, because with like ECS, you had to manage virtual machines, and I was like, "Well that is a little, like, "I don't want to manage virtual machines, "I just want Amazon to give me containers." So I was really excited that they finally launched Fargate to offer that. >> So the last question in our last couple of minutes here, tell me about the culture and your team that you lead at IOpipe. You were saying before, you know, when you were a kid you were really self-taught and very inspired by your own desire to learn, but tell me a little bit about the people that work for you and how you help inspire them. >> Oh gosh, well I think first of all, we are, right now we're nine people. I would say about four or five of us are under-represented minorities in tech in one way or another. It's really been fantastic that we've been able to have that level of diversity and inclusion. I think part of that is that we started very diverse. You know, a lot of companies will say, well, one of their problems with not having enough diversity is that they hire within their networks, well we hire within our networks, but we started very diverse in the first place. So that organic growth was very natural and very diverse for us, whereas that organic pairing growth can be problematic if you don't start in a very diverse place. So I think that's been really great, and I think that the fact that we have that level of diversity and inclusion with our employees is kind of inspiring, because a lot of workplaces just aren't like that in tech. It's really hard to find, and granted we're only nine right now. I would really hope that we can keep that up and I would like to actually make our workforce even more diverse than it is today. But yeah, I don't know, I just think it's fantastic and I want what we're doing to be a role model and an inspiration to other companies and say, "Yes, you can do this." And also the work people in the workforce, yes, you can be a woman in tech, yes, you can be trans in tech, yes, you can be non-binary in tech. I am binary, but we have non-binary people in staff. And, I don't know, I hope that's inspiring to people and also myself being a transgender founder, I maybe know one or two other people who are transgender founders, it's very uncommon. And I hope that also is an inspiration for people. >> Well I think so, speaking for myself I find you very inspiring. You seem to be someone that's really known for thinking, "I'm not afraid of anything. "I'm just going to try it. "Starting a company, I'm going to try it." And it sounds like you guys are very purposefully building a culture that's very inclusive, and so I think that, as well as your recognition as one of the Top Women in Cloud, be proud of that, Erica. That's awesome. >> Thank you. >> And you got to meet Shaquille O'Neal? >> I got to meet Shaquille O'Neal, yeah. >> I've got to see the photo. (laughs) >> Yeah. >> Well thank you so much Erica for joining us back on theCUBE. Congratulations on the award, and we look forward to seeing exciting things that you do in the future. >> Okay great, thank you. >> I'm Lisa Martin on the ground with theCUBE at Google for the CloudNOW Top Women in Cloud Awards. Thanks for watching, bye for now.

>> Announcer: Live from Manhattan, it's the CUBE. Covering AWS Summit, New York City, 2017. Brought to you by Amazon web services. >> And we are live here at AWS Summit here at the Javits Center, New York City, we're midtown, Manhattan, a lot of activity going on outside, you can imagine all the buzz inside as well. Somewhere between 6, 7, 8,000 attendees, kind of tough to tell right now, but everybody's jammed inside here on the show floor and they've been here all day and they're going to stay for a while I think too. As I said, a lot of buzz going on, and good buzz too. Along with Stu Miniman, I'm John Walls and we're now joined by Erica Windisch who is the Co-founder and the CTO of IOpipe. Erica, thanks for being with us here on the CUBE. >> Thank you, thank you for having me. >> You have had a big day. >> Yes we have, yeah. >> It's always fun to talk about money but you did have a fairly significant announcement this morning to make. Tell us about that. >> Yeah, so this morning we announced funding, $2.5 million from several investors including NEA, Madrona, and Underscore. >> So, yeah, you don't often get to high-five everybody for a day like that. I mean that kind of validation, obviously is something that not you just take to the bank, you take it to the marketplace too. >> Yeah, absolutely. And we actually started, our first check was from Techstars so we joined Techstars here in New York City and did that last year for their summer program and it was really great and that was the first foundation that we really had, and then having that further validation from major VCs like NEA and Madrona, Underscore, you know that really was really validating for us as well as just the fact that we're building, we're hiring and we're building and having what I think is an increasingly awesome product. >> Sure, well tell us about IOpipe, for folks at home who are watching might not be familiar with your space, what you do and how you do it. >> Yeah, so we provide tools for software developers to build and manage their applications on Amazon Lambda. So, basically, it's all serverless, we're actually built on serverless as well, we monitor with IOpipe, we dogfood everything. And we are providing deeper insights into those application workloads as well as correlating that information in more useful ways. Deeper knowledge of what exactly is happening in the run times, so we're able to see the data we ingest tells us information on the processes and the containers and the virtual machines that are running your Lambda workload, so we can see things like memory leaks and we can see file descriptor leaks and displaced utilization leaks, things like that that Amazon doesn't collect or at least doesn't give you that information. So, we're looking at ways we can provide more value to users of Lambda and also extending it with plugins so we have a plugin for tracing where you can time aspects of your application as well as profiler, so you can enable a profiling plugin and you get a full flame graph. So you can see, these are all the functions and this one ran and this one ran and the stack looks like this and so you can see the full flame graph of what happened and when and full timing information. This kind of insight that nothing else really gives you. >> Yeah, Erica, every time we have a new technology we go through this kind of diffusion of innovation that goes through. Remember back, I go back thinking about when virtualization came, people, what is it, how do I use it? We saw that in containers and each wave seems to be going faster and faster so there's still plenty of people I talked to that were like, "serverless what?" You know, some new as a service, I mean I thought I knew it with SAS and everything else like that. You're digging into these environments further. Can you give us, what are some of the kind of key use cases you're seeing, what are the challenges that customers are having? What works, what doesn't work, help us unpack that some? >> So, I think there's a number of challenges that users run into today. One is the fact that it is new so some of the tools are still evolving. Operations tools, development tools are still evolving. Just this week, Amazon announced SAM local so you can do editing and debugging locally on your machine or your laptop. That wasn't available before, right? So these tools, we're very much still in a learning phase for some of the tools, but some of the things like what we're doing with IOpipe, in some ways is more traditional because we're bringing in some of the basic monitoring tools and capabilities that you would expect from other platforms. But the other side, also innovating because we're bridging that development and operations into a single tool so it's not development and operations, it's, not even just different tools for those two things, but single tools for those. So I think that's part of the solution, part of the problem, in terms of workloads, I think there's a lot of ETLs, streaming applications, very infrequent things like chron jobs, web applications, you can take flask applications or express applications and just port them directly over to Lambda with almost a lift and shift for those, right? So there's a lot of power for bringing on the web 'cause you pay per the request. You don't scale your application and build your application for the number of servers that you need to handle the requests, it scales it per request and you pay per request and that's what's powerful in both scale of operations and team and like financially, but also, yeah, I lost train of thought there, but it all scales that way, right? Like just according to the request. >> Yeah, bring us into a typical customer, I know there are no typical customers, everyone's a little bit different, but you've got the developers, you've got the operators, finance has always had, you know, there's challenges with cloud in general but serverless at least promises that it's going to be less expensive. What are those dynamics from an organizational standpoint that you see inside? >> In terms of cost? >> Not just cost, but do the developers make something and the operators are like, wait, you know, there's challenges there? Or who drives this initiative in general? Does finance come and say, has finance heard about this and said hey, I heard I could save 60-70% on my cloud if you just re-architect this on Lambda. Or is it the developers coming through and saying, oh, wow, this is great, and can do it, or are operators, who's driving the initiatives and what are some of those dynamics? >> So I see a combination of these things. Some organizations, and I don't want to say names 'cause I don't want to like, you know, they did this and that's how it is. But I get the impression that certain organizations they have a top-down approach where they're going like, everything is going to be serverless and the cost really matters. So you're going to build serverless unless you can't, right? Serverless by default, anything else as an exception. Then there's organizations where developers are really pushing for it because it simplifies their requirements, right? It's a self-service aspect, right, even if they can spit out VMs, even if they have self-service VMs, they won't have to spit out VMs, they don't have to build docker images, they don't have to look at how the operating system is configured. They write code and they deploy code. There's no other steps, right? They're not like, oh, what version of Python is on here and how do I install all the libraries and how do I, right, like with serverless you just write the code and you ship the code. Which is really, really nice. So, in a way it's like having a golden image that you can't change, and you just know you're always going to build for in every application and every organization is going to the same golden image. Which simplifies a lot of things. >> Stu and I were talking about serverless, the whole concept, because it's really not truly serverless it's just different server, or it's a different flavor of it basically. So, first off, what gave birth to that and then where do you think, with serverless computering, serverless application, so on and so forth, where's that going? >> Yeah. >> What's going to be the real value at the end of the day of that? >> So, first of all the term "serverless," I look at it as, yes there are servers, serverless is servers are not my concern as a developer, right, I am not worrying about what the server looks like or operating the servers necessarily. I care about building my application which is why we're looking at building tools that are bridging development and operations so that operations is part of your development. But I see, the direction of serverless, really interesting in a few ways. One is that it's going to be available for more use cases. So right now there's certain use cases that make sense and one of the challenges is figuring out which use cases it doesn't work for. Eventually, you're not going to have that question, potentially, right? So maybe we get to a point where you don't have to ask, the challenge isn't, is serverless good for this use case? Maybe it's good for all use cases eventually down the road, maybe. Another thing is... >> If I could just follow up on that. Some of the announcements today like AWS Glue has serverless in the background there. Seems very promising, things like machine learning, artificial intelligence, serverless, IOT where you know, I need to balance the surface area of attack there but with serverless it won't be active as much and there will be links that are a little bit more dynamic. So, lots of those new use cases seem to be built really well for serverless. What are some of the cases today that you just say, hey, don't even go serverless there. >> Oh don't go serverless, where to do that? Well, so, Lambda has an execution time window which can be limiting for some things that you might want to do. So, like, Lambda in particular may not be the best case for all video encoding tasks. Some video encoding tasks if you can time limit it can be fine. But it's not good for all video encoded tasks because it's a batch process, potentially. Serverless processes that can let's say paralyze that and say, we're going to run Lambda but we're going to say split this up into segments, for instance, you can do that, or if you do it as a stream, right? Like you pipe a video and blocks into Kinesis, right, you can make that work. But it becomes a challenge to those kinds of use cases. >> Yeah, there was the example I think in the keynote was, this high process that would have taken five years, we can do 155 seconds. >> Right, but you have to paralyze it, right? >> Stu: Exactly. >> And if you can't paralyze a task and you can't do it within five or ten minutes, you can't use Lambda for it today. But it also depends on how you define serverless, right, because if serverless is Lambda, that's one thing. But if serverless is these other SAS products as well potentially, like AWS Transcode service, well is that serverless? If it is, then there you go. There's a solution potentially for you. So there's very blurry lines sometimes around what is serverless, and we're looking at IOpipe around serverless functions. I feel the same way around cloud in general was that there's cloud compute and it kind of evolved over time and the cloud is everything like all these things are in a cloud. But originally when we're talking cloud, five years ago, ten years ago, it was all compute. That's what we were talking about. So these terms change over time, so it's hard to say what serverless will be in five years or ten years because it'll mean something different. >> Or next week, for that matter. >> Yeah. >> Erica, last question I have. $2.5 million, what's that going to drive, what should we expect to see from your company and give us any final thoughts on what you'd like to see for the maturation of the serverless technology field? >> Yeah, so we've been hiring and building out a team, we're working on improving the user experience of the product, we are adding additional plugins and enhancements to the service. We feel that we have a really good base with our 1.0 announcement, 'cause we're not just the 2.5 million, we also announced our 1.0. And the 1.0 has a really good base of functionality and we're looking at adding additional plugins and additional features that can extend the service. So we're looking at doing that with that money. And with serverless in general, I think this is really compelling, what we're going to see in the next year, because we're going to see more large enterprises and more enterprise adoption, I think. I mean I was involved early in cloud. I was involved early in docker. And this point of serverless is very much at the early days of these technologies, and I definitely see a rocket ship taking off, and I think in the next year it's going to be really interesting to kind of see it starting to orbit a little bit. >> Well, new product, new funding, and a new day for IOpipe. >> Yes. >> So congratulations on a good day and thank you for being with us here on the CUBE. >> Thank you very much. >> You bet, we'll continue here at the Javits Center we're in midtown Manhattan continuing our coverage of the AWS Summit, here on the CUBE. (futuristic music)

(upbeat music) >> Hello, and welcome back to AWS Startup Showcase, I'm John Furrier, your host. This is the Hero panel, the AWS Heroes. These are folks that have a lot of experience in Open Source, having fun building great projects and commercializing the value and best practices of Open Source innovation. We've got some great guests here. Liz Rice, Chief Open Source Officer, Isovalent. CUBE alumni, great to see you. Brian LeRoux, who is the Co-founder and CTO of begin.com. Erica Windisch who's an Architect for Developer Experience. AWS Hero, also CUBE alumni. Casey Lee, CTO Gaggle. Doing some great stuff in ed tech. Great collection of experts and experienced folks doing some fun stuff, welcome to this conversation this CUBE panel. >> Hi. >> Thanks for having us. >> Hello. >> Let's go down the line. >> I don't normally do this, but since we're remote and we have such great guests, go down the line and talk about why Open Source is important to you guys. What projects are you currently working on? And what's the coolest thing going on there? Liz we'll start with you. >> Okay, so I am very involved in the world of Cloud Native. I'm the chair of the technical oversight committee for the Cloud Native Computing Foundation. So that means I get to see a lot of what's going on across a very broad range of Cloud Native projects. More specifically, Isovalent. I focus on Cilium, which is it's based on a technology called EBPF. That is to me, probably the most exciting technology right now. And then finally, I'm also involved in an organization called OpenUK, which is really pushing for more use of open technologies here in the United Kingdom. So spread around lots of different projects. And I'm in a really fortunate position, I think, to see what's happening with lots of projects and also the commercialization of lots of projects. >> Awesome, Brian what project are you working on? >> Working project these days called Architect. It's a Open Source project built on top of AWSM. It adds a lot of sugar and terseness to the SM experience and just makes it a lot easier to work with and get started. AWS can be a little bit intimidating to people at times. And the Open Source community is stepping up to make some of that bond ramp a little bit easier. And I'm also an Apache member. And so I keep a hairy eyeball on what's going on in that reality all the time. And I've been doing this open-source thing for quite a while, and yeah, I love it. It's a great thing. It's real science. We get to verify each other's work and we get to expand and build on human knowledge. So that's a huge honor to just even be able to do that and I feel stoked to be here so thanks for having me. >> Awesome, yeah, and totally great. Erica, what's your current situation going on here? What's happening? >> Sure, so I am currently working on developer experience of a number of Open Source STKS and CLI components from my current employer. And previously, recently I left New Relic where I was working on integrating with OpenTelemetry, as well as a number of other things. Before that I was a maintainer of Docker and of OpenStack. So I've been in this game for a while as well. And I tend to just put my fingers in a lot of little pies anywhere from DVD players 20 years ago to a lot of this open telemetry and monitoring and various STKs and developer tools is where like Docker and OpenStack and the STKs that I work on now, all very much focusing on developer as the user. >> Yeah, you're always on the wave, Erica great stuff. Casey, what's going on? Do you got some great ed techs happening? What's happening with you? >> Yeah, sure. The primary Open Source project that I'm contributing to right now is ACT. This is a tool I created a couple of years back when GitHub Actions first came out, and my motivation there was I'm just impatient. And that whole commit, push, wait time where you're testing out your pipelines is painful. And so I wanted to build a tool that allowed developers to test out their GitHub Actions workflows locally. And so this tool uses Docker containers to emulate, to get up action environment and gives you fast feedback on those workflows that you're building. Lot of innovation happening at GitHub. And so we're just trying to keep up and continue to replicate those new features functionalities in the local runner. And the biggest challenge I've had with this project is just keeping up with the community. We just passed 20,000 stars, and it'd be it's a normal week to get like 10 PRs. So super excited to announce just yesterday, actually I invited four of the most active contributors to help me with maintaining the project. And so this is like a big deal for me, letting the project go and bringing other people in to help lead it. So, yeah, huge shout out to those folks that have been helping with driving that project. So looking forward to what's next for it. >> Great, we'll make sure the SiliconANGLE riders catch that quote there. Great call out. Let's start, Brian, you made me realize when you mentioned Apache and then you've been watching all the stuff going on, it brings up the question of the evolution of Open Source, and the commercialization trends have been very interesting these days. You're seeing CloudScale really impact also with the growth of code. And Liz, if you remember, the Linux Foundation keeps making projections and they keep blowing past them every year on more and more code and more and more entrance coming in, not just individuals, corporations. So you starting to see Netflix donates something, you got Lyft donate some stuff, becomes a project company forms around it. There's a lot of entrepreneurial activity that's creating this new abstraction layers, new platforms, not just tools. So you start to see a new kickup trajectory with Open Source. You guys want to comment on this because this is going to impact how fast the enterprise will see value here. >> I think a really great example of that is a project called Backstage that's just come out of Spotify. And it's going through the incubation process at the CNCF. And that's why it's front of mind for me right now, 'cause I've been working on the due diligence for that. And the reason why I thought it was interesting in relation to your question is it's spun out of Spotify. It's fully Open Source. They have a ton of different enterprises using it as this developer portal, but they're starting to see some startups emerging offering like a hosted managed version of Backstage or offering services around Backstage or offering commercial plugins into Backstage. And I think it's really fascinating to see those ecosystems building up around a project and different ways that people can. I'm a big believer. You cannot sell the Open Source code, but you can sell other things that create value around Open Source projects. So that's really exciting to see. >> Great point. Anyone else want to weigh in and react to that? Because it's the new model. It's not the old way. I mean, I remember when I was in college, we had the Pirate software. Open Source wasn't around. So you had to deal under the table. Now it's free. But I mean the old way was you had to convince the enterprise, like you've got a hard knit, it builds the community and the community manage the quality of the code. And then you had to build the company to make sure they could support it. Now the companies are actually involved in it, right? And then new startups are forming faster. And the proof points are shorter and highly accelerated for that. I mean, it's a whole new- >> It's a Cambrian explosion, and it's great. It's one of those things that it's challenging for the new developers because they come in and they're like, "Whoa, what is all this stuff that I'm supposed to figure out?" And there's no right answer and there's no wrong answer. There's just tons of it. And I think that there's a desire for us to have one sort of well-known trot and happy path, that audience we're a lot better with a more diverse community, with lots of options, with lots of ways to approach these problems. And I think it's just great. A challenge that we have with all these options and all these Cambrian explosion of projects and all these competing ideas, right now, the sustainability, it's a bit of a tricky question to answer. We know that there's a commercialization aspect that helps us fund these projects, but how we compose the open versus the commercial source is still a bit of a tricky question and a tough one for a lot of folks. >> Erica, would you chime in on that for a second. I want to get your angle on that, this experience and all this code, and I'm a new person, I'm an existing person. Do I get like a blue check mark and verify? I mean, these are questions like, well, how do you navigate? >> Yeah, I think this has been something happening for a while. I mean, back in the early OpenStack days, 2010, for instance, Rackspace Open Sourcing, OpenStack and ANSU Labs and so forth, and then trying, having all these companies forming in creating startups around this. I started at a company called Cloudccaling back in late 2010, and we had some competitors such as Piston and so forth where a lot of the ANSUL Labs people went. But then, the real winners, I think from OpenStack ended up being the enterprises that jumped in. We had Red Hat in particular, as well as HP and IBM jumping in and investing in OpenStack, and really proving out a lot of... not that it was the first time, but this is when we started seeing billions of dollars pouring into Open Source projects and Open Source Foundations, such as the OpenStack Foundation, which proceeded a lot of the things that we now see with the Linux Foundation, which was then created a little bit later. And at the same time, I'm also reflecting a little bit what Brian said because there are projects that don't get funded, that don't get the same attention, but they're also getting used quite significantly. Things like Log4j really bringing this to the spotlight in terms of projects that are used everywhere by everything with significant outsized impacts on the industry that are not getting funded, that aren't flashy enough, that aren't exciting enough because it's just logging, but a vulnerability in it brings every everything and everybody down and has possibly billions of dollars of impact to our industry because nobody wanted to fund this project. >> I think that brings up the commercialization point about maybe bringing a venture capital model in saying, "Hey, that boring little logging thing could be a key ingredient for say solving some observability problems so I think let's put some cash." Again then we'd never seen that before. Now you're starting to see that kind of a real smart investment thesis going into Open Source projects. I mean, Promethease, Crafter, these are projects that turned off companies. This is turning up companies. >> A decade ago, there was no money in Dev tools that I think that's been fully debunked now. They used to be a concept that the venture community believed, but there's just too much evidence to the contrary, the companies like Cash Court, Datadog, the list goes on and on. I think the challenge for the Open Source (indistinct) comes back to foundations and working (indistinct) these developers make this code safe and secure. >> Casey, what's your reaction to all of this? You've got, so a project has gained some traction, got some momentum. There's a lot of mission critical. I won't say white spaces, but the opportunities in the big cloud game happening. And there's a lot of, I won't say too many entrepreneurial, but there's a lot of community action happening that's precommercialization that's getting traction. How does this all develop naturally and then vector in quickly when it hits? >> Yeah, I want to go back to the Log4j topic real quick. I think that it's a great example of an area that we need to do better at. And there was a cool article that Rob Pike wrote describing how to quantify the criticality. I think that's sort of quantifying criticality was the article he wrote on how to use metrics, to determine how valuable, how important a piece of Open Source is to the community. And we really need to highlight that more. We need a way to make it more clear how important this software is, how many people depend on it and how many people are contributing to it. And because right now we all do that. Like if I'm going to evaluate an Open Source software, sure, I'll look at how many stars it has and how many contributors it has. But I got to go through and do all that work myself and come up with. It would be really great if we had an agreed upon method for ranking the criticality of software, but then also the risk, hey, that this is used by a ton of people, but nobody's contributing to it anymore. That's a concern. And that would be great to potential users of that to signal whether or not it makes sense. The Open Source Security Foundation, just getting off the ground, they're doing some work in this space, and I'm really excited to see where they go with that looking at ways to stop score critically. >> Well, this brings up a good point while we've got everyone here, let's take a plug and plug a project you think that's not getting the visibility it needs. Let's go through each of you, point out a project that you think people should be looking at and talking about that might get some free visibility here. Anyone want to highlight projects they think should be focused more on, or that needs a little bit of love? >> I think, I mean, particularly if we're talking about these sort of vulnerability issues, there's a ton of work going on, like in the Secure Software Foundation, other foundations, I think there's work going on in Apache somewhere as well around the bill of material, the software bill of materials, the Secure Software supply chain security, even enumerating your dependencies is not trivial today. So I think there's going to be a ton of people doing really good work on that, as well as the criticality aspect. It's all like that. There's a really great xkcd cartoon with your software project and some really big monolithic lumps. And then, this tiny little piece in a very important point that's maintained by somebody in his bedroom in Montana or something and if you called it out. >> Yeah, you just opened where the next lightening and a bottle comes from. And this is I think the beauty of Open Source is that you get a little collaboration, you get three feet in a cloud of dust going and you get some momentum, and if it's relevant, it rises to the top. I think that's the collective intelligence of Open Source. The question I want to ask that the panel here is when you go into an enterprise, and now that the game is changing with a much more collaborative and involved, what's the story if they say, hey, what's in it for me, how do I manage the Open Source? What's the current best practice? Because there's no doubt I can't ignore it. It's in everything we do. How do I organize around it? How do I build around it to be more efficient and more productive and reduce the risk on vulnerabilities to managing staff, making sure the right teams in place, the right agility and all those things? >> You called it, they got to get skin in the game. They need to be active and involved and donating to a sustainable Open Source project is a great way to start. But if you really want to be active, then you should be committing. You should have a goal for your organization to be contributing back to that project. Maybe not committing code, it could be committing resources into the darks or in the tests, or even tweeting about an Open Source project is contributing to it. And I think a lot of these enterprises could benefit a lot from getting more active with the Open Source Foundations that are out there. >> Liz, you've been actively involved. I know we've talked personally when the CNCF started, which had a great commercial uptake from companies. What do you think the current state-of-the-art kind of equation is has it changed a little bit? Or is it the game still the same? >> Yeah, and in the early days of the CNCF, it was very much dominated by vendors behind the project. And now we're seeing more and more membership from end-user companies, the kind of enterprises that are building their businesses on Cloud Native, but their business is not in itself. That's not there. The infrastructure is not their business. And I think seeing those companies, putting money in, putting time in, as Brian says contributing resources quite often, there's enough money, but finding the talent to do the work and finding people who are prepared to actually chop the wood and carry the water, >> Exactly. >> that it's hard. >> And if enterprises can find peoples to spend time on Open Source projects, help with those chores, it's hugely valuable. And it's one of those the rising tide floats all the boats. We can raise security, we can reduce the amount of dependency on maintain projects collectively. >> I think the business models there, I think one of the things I'll react to and then get your guys' comments is remember which CubeCon it was, it was one of the early ones. And I remember seeing Apple having a booth, but nobody was manning. It was just an Apple booth. They weren't doing anything, but they were recruiting. And I think you saw the transition of a business model where the worry about a big vendor taking over a project and having undue influence over it goes away because I think this idea of participation is also talent, but also committing that talent back into the communities as a model, as a business model, like, okay, hire some great people, but listen, don't screw up the Open Source piece of it 'cause that's a critical. >> Also hire a channel, right? They can use those contributions to source that talent and build the reputation in the communities that they depend on. And so there's really a lot of benefit to the larger organizations that can do this. They'll have a huge pipeline of really qualified engineers right out the gate without having to resort to cheesy whiteboard interviews, which is pretty great. >> Yeah, I agree with a lot of this. One of my concerns is that a lot of these corporations tend to focus very narrowly on certain projects, which they feel that they depend greatly, they'll invest in OpenStack, they'll invest in Docker, they'll invest in some of the CNCF projects. And then these other projects get ignored. Something that I've been a proponent of for a little bit for a while is observability of your dependencies. And I don't think there's quite enough projects and solutions to this. And it sounds maybe from lists, there are some projects that I don't know about, but I also know that there's some startups like Snyk and so forth that help with a little bit of this problem, but I think we need more focus on some of these edges. And I think companies need to do better, both in providing, having some sort of solution for observability of the dependencies, as well as understanding those dependencies and managing them. I've seen companies for instance, depending on software that they actively don't want to use based on a certain criteria that they already set projects, like they'll set a requirement that any project that they use has a code of conduct, but they'll then use projects that don't have codes of conduct. And if they don't have a code of conduct, then employees are prohibited from working on those projects. So you've locked yourself into a place where you're depending on software that you have instructed, your employees are not allowed to contribute to, for certain legal and other reasons. So you need to draw a line in the sand and then recognize that those projects are ones that you don't want to consume, and then not use them, and have observability around these things. >> That's a great point. I think we have 10 minutes left. I want to just shift to a topic that I think is relevant. And that is as Open Source software, software, people develop software, you see under the hood kind of software, SREs developing very quickly in the CloudScale, but also you've got your classic software developers who were writing code. So you have supply chain, software supply chain challenges. You mentioned developer experience around how to code. You have now automation in place. So you've got the development of all these things that are happening. Like I just want to write software. Some people want to get and do infrastructure as code so DevSecOps is here. So how does that look like going forward? How has the future of Open Source going to make the developers just want to code quickly? And the folks who want to tweak the infrastructure a bit more efficient, any views on that? >> At Gaggle, we're using AWS' CDK, exclusively for our infrastructure as code. And it's a great transition for developers instead of writing Yammel or Jason, or even HCL for their infrastructure code, now they're writing code in the language that they're used to Python or JavaScript, and what that's providing is an easier transition for developers into that Infrastructure as code at Gaggle here, but it's also providing an opportunity to provide reusable constructs that some Devs can build on. So if we've got a very opinionated way to deploy a serverless app in a database and do auto-scaling behind and all stuff, we can present that to a developer as a library, and they can just consume it as it is. Maybe that's as deep as they want to go and they're happy with that. But then they want to go deeper into it, they can either use some of the lower level constructs or create PRs to the platform team to have those constructs changed to fit their needs. So it provides a nice on-ramp developers to use the tools and languages they're used to, and then also go deeper as they need. >> That's awesome. Does that mean they're not full stack developers anymore that they're half stack developers they're taking care of for them? >> I don't know either. >> We'll in. >> No, only kidding. Anyway, any other reactions to this whole? I just want to code, make it easy for me, and some people want to get down and dirty under the hood. >> So I think that for me, Docker was always a key part of this. I don't know when DevSecOps was coined exactly, but I was talking with people about it back in 2012. And when I joined Docker, it was a part of that vision for me, was that Docker was applying these security principles by default for your application. It wasn't, I mean, yes, everybody adopted because of the portability and the acceleration of development, but it was for me, the fact that it was limiting what you could do from a security angle by default, and then giving you these tuna balls that you can control it further. You asked about a project that may not get enough recognition is something called DockerSlim, which is designed to optimize your containers and will make them smaller, but it also constraints the security footprint, and we'll remove capabilities from the container. It will help you build security profiles for app armor and the Red Hat one. SELinux. >> SELinux. >> Yeah, and this is something that I think a lot of developers, it's kind of outside of the realm of things that they're really thinking about. So the more that we can automate those processes and make it easier out of the box for users or for... when I say users, I mean, developers, so that it's straightforward and automatic and also giving them the capability of refining it and tuning it as needed, or simply choosing platforms like serverless offerings, which have these security constraints built in out of the box and sometimes maybe less tuneable, but very strong by default. And I think that's a good place for us to be is where we just enforced these things and make you do things in a secure way. >> Yeah, I'm a huge fan of Kubernetes, but it's not the right hammer for every nail. And there are absolutely tons of applications that are better served by something like Lambda where a lot more of that security surface is taken care of for the developer. And I think we will see better tooling around security profiling and making it easier to shrink wrap your applications that there are plenty of products out there that can help you with this in a cloud native environment. But I think for the smaller developer let's say, or an earlier stage company, yeah, it needs to be so much more straightforward. Really does. >> Really an interesting time, 10 years ago, when I was working at Adobe, we used to requisition all these analysts to tell us how many developers there were for the market. And we thought there was about 20 million developers. If GitHub's to be believed, we think there is now around 80 million developers. So both these groups are probably wrong in their numbers, but the takeaway here for me is that we've got a lot of new developers and a lot of these new developers are really struck by a paradox of choice. And they're typically starting on the front end. And so there's a lot of movement in the stack moved towards the front end. We saw that at re:Invent when Amazon was really pushing Amplify 'cause they're seeing this too. It's interesting because this is where folks start. And so a lot of the obstructions are moving in that direction, but maybe not always necessarily totally appropriate. And so finding the right balance for folks is still a work in progress. Like Lambda is a great example. It lets me focus totally on just business logic. I don't have to think about infrastructure pretty much at all. And if I'm newer to the industry, that makes a lot of sense to me. As use cases expand, all of a sudden, reality intervenes, and it might not be appropriate for everything. And so figuring out what those edges are, is still the challenge, I think. >> All right, thank you very much for coming on the CUBE here panel. AWS Heroes, thanks everyone for coming. I really appreciate it, thank you. >> Thank you. >> Thank you. >> Okay. >> Thanks for having me. >> Okay, that's a wrap here back to the program and the awesome startups. Thanks for watching. (upbeat music)