(upbeat music) >> Hello, and welcome to this Cube Conversation kicking off 2022, I'm John Furrier, your host of theCUBE. We're with Loris Degioanni, Chief Technology Officer and founder of Sysdig. A company that's in the pioneering cloud native and cloud native security, open source, big part of the CNCF, CUBECon coverage. Of course, we know them as of that environment as well as DockerCon which we've covered many times. Sysdig is a very successful company. Loris, welcome to theCUBE Conversation. >> Thank you and thanks for having me. >> Well, we know a lot about you, but a lot of folks are learning about you guys with your success. Congratulations on the funding and the validation of your product, which is not a surprise. We've been saying on theCUBE open source has been powering innovation for some time and getting stronger, faster. The predictions in the Linux Foundation about this open source contributions continue to be blown away by their projections and more and more is coming. A new generation is upon us. Cloud Native, Edge, Kubernetes. All of these things are powering a modern application environment which is changing business. And under the covers, you guys are a big part of it. So take us through who Sysdig is, what you guys do for the folks out there and let's get into it. Obviously open source is a big part of it. Take us through who is Sysdig and what do you guys do. >> Yeah, Sysdig helps you run your software in the cloud in a way that is secure and confidently. We have a security solution that covers containers, cloud and Kubernetes. And we cover you in the life cycle of modern application. So the Sysdig security platform helps you secure application in a way that ranges from like shift left in CSD and finding vulnerabilities in your CSD pipeline to run time security that is very important in the cloud in particular with orchestrated infrastructures like the ones that are run by Kubernetes. And then of course, everything that has to do with the forensics, threat-hunting and so on. And the world is changing, security is changing, and Sysdig is one of the startups, one of the companies that is at the forefront of true modern cloud native security. >> So I got to ask you. Were you sitting in your backyard one day thinking, hey, I'm going to start a company? How did this all come together? I mean, the originator story, because we saw open source, we saw even more before CNCF was formed, you saw what cloud was doing. Again, we saw OpenStack and all these other things happening around technology. What was the driver behind the founding of Sysdig, and then how did that progress? Because again, there's an open source component here I want to get into. >> Yeah, and it's interesting that you say backyard because actually Sysdig was actually started in my backyard. Just outside of here. So the backyard metaphor is very, very fitting here. And in a general way, let's say I come from a background in open source for a very long time. Sysdig is my second company. My first company was called Case Technologies. It was the company behind an open source network analyzer called Wireshark, which is widely used by millions and millions of people around the world to do network troubleshooting and network analysis. And when we were doing network packets, we were using like the network devices to collect information. The data that is being transferred on the network has some very nice properties, it's rich. It's very deep. When you can see and decode what's happening on the network, you can understand what applications are doing, what the users are doing. I used to say, packets never lie, right? Because you could connect to the router and collect this data and they have a very good picture without any two instrument libraries to link, to install stuff and so on. And all of a sudden, we're moving to the cloud and the router that was like the vintage point for this beautiful way of doing security and visibility disappears. And you're renting instances that are floating in the Amazon cloud. And when the world changed that way from one point of view, I was sure that what we're doing before was useful and was powerful for the users. But I was also sure, okay, the world is going to change. The retrofitted solutions are not going to work. We can take our product, but then we have the innovator dilemma. We have a product that we cannot completely radically change. So I decided let's start from scratch. Let's start Sysdig. Let's try to understand actually what this cloud is going, where containers are going. There's this new Kubernetes thing that everybody's talking about. What does it mean to offer deep, rich, but at the same time lightweight and easy to deploy security and visibility for this kind of new way of writing software and that's how Sysdig was born. >> So if I remember correctly back in that timeframe, that couple you said you found a millions people using that application. If I remember correctly, that was software network monitoring. Is that true? Is that open source at that time? Was that an open project or was that? >> Yeah, like Wireshark is a network analyzer and the software that we're doing was heavily open source oriented and was mostly software and there were also potentially appliances because this was data center more kind of stuff. >> That was before cloud even came here. So again, defined data center software and defined clouds happening. So again, good segue into kind of where security, you mentioned footprints, you can track people with packets. So to your point, is this the tie into security, tell us how this fits in with open source and security with the software piece? >> Yeah, what Sysdig did essentially, the idea was let's learn from our prior life. I always say that every new wave of technology is built on the shoulders of the previous one. And you'd never reinvent anything. You just apply it and evolve it. And the same thing we did with Sysdig. So we learned what was working with our previous approaches that were based on observing the applications behavior by looking essentially at network traffic, but we adapted it to modern infrastructures. And open source was our mantra before with Wireshark and became our mantra with Sysdig. Sysdig, the company name comes from the open source tool that we released was the first thing that we released in our company. And then few years later with Falco, which now is the premier open source project that was created by Sysdig and is now part of the CNCF, it's an incubating project. And it's essentially the runtime security tool for containers, Kubernetes, and cloud. >> Take us through that Falco, because I think this is an important distinction on your success trajectory because CNCF has a nice playbook where companies can contribute to the CNCF at the same time, that creates an open environment for all, and then have a business model tied to it. This is kind of a new, not new, but this is a successful way to be open source and have a commercial opportunity. >> Yeah, and very much a substantial portion of our commercial product is let's say an extension of Falco. But let's say our approach was like, let's first produce something that is truly useful for the community and fits in the proper way with the ecosystem, with the rest of the ecosystem. Nowadays in every field security as well, you don't build any more a single solution. You build something that needs to fit very well in the stack. Kubernetes, Prometers, network meshes and DCO and this kind of stuff, these all fit together. So Falco, which is the runtime security component needs to fit as well. So initially our focus was like, okay, we need to fill the gap of runtime security for containers, for Kubernetes, and also for cloud. But we need to do that in a way that is community first and data really helps, but also engages and takes advantage of the users, of the broader community. At that point, going to the CNCF and telling the CNCF, hey, look, we developed these, are you interested in partnering with us and being essentially the organization behind this project, was very natural. And that's what we did in 2016, sorry, 2018. 2016 is when Falco started, 2018. And at that point, you know, it's a great partnership because the CNCF is really a great home for all of these projects and really makes it possible for the users to trust a project in a way that they know that even if the commercial banker, even if the original creators, even if the team rotates and changes and evolves, the end users can still use this project, trust this project and know that it's community driven. And it's been a great journey for us. >> How would you describe what Falco is and what are the key use cases? >> Yeah, Falco is, I compare it to the security camera for your containers, your house and your cloud infrastructure. So the same way that the security camera allows you to observe maybe what's happening in your home, even if you have a lock, is still useful to have a security camera, right? To understand when something breaks in what they're doing, when they do it, get an alarm when something better happens. Similarly, in software infrastructures, you can still have your lock, your firewall and so on, but then you use a security camera like Falco that is able to observe every single container, every single process, every single machine, every single network connection and so on. Keep an eye on it and then it has sort of a points-based system that includes a bunch of policies that come essentially pre-packaged that allow the users to detect when something dangerous or suspicious happens in the infrastructure. For example, I don't know somebody is spawning or sharing their radius container. Or somebody is logging in AWS without multi-factor authentication. Falco keeps a constant eye and lets you know, it gives you an alert when something like that happens. >> You know what I love about what you guys do and kind of highlights what we've been saying on theCUBE for many, many years is that the networking concepts of the older generations have been moving up the stack with cloud because you got rule engines, policy automation, all these things are now part of connected systems. So if you have the cloud, which is essentially a distributed computing, you have more networks, more connections. And so the networking paradigms of packets can be moved over to software, well, software maintenance, if you will, or anything, any middleware, whatever you want to call it. I mean, this is kind of a new paradigm. So, what's your reaction to that? I want to get your take on this because this is kind of really happening. >> Yeah, and you are absolutely right. And what us as a Falco community or as Sysdig as a company is exactly that. We're taking the concepts that were maybe at the base of the previous generation of the data center in terms of policies, in terms of one clause and we're sort of elevating them to what modern cloud is. To give you an example, I don't know if you remember, but a Falco was inspired by a tool called Snort and the company also was Sourcefire. Snort used to listen on the network, constantly observe the network traffic and the deploy policies to tell you, okay, somebody uploaded a file from China and this file contains a malware. Now we do this, but we're able to see inside containers. We have cloud context. We understand the regions. We understand Kubernetes namespace and all these kinds of stuff. So we're able to put so much more context and be so much closer to the user, but the concepts are the same. We're just, as I was saying, sitting on the shoulders of people before us that invented this and we're modernizing them. >> Well, this is what refactoring is all about. This is the benefit of the cloud. I think, this is why a lot of the cloud native success is happening because companies are realizing that they can actually not just re platform in the cloud, but actually refactor their business, completely different. Using other paradigms and not necessarily rip and replace or just cut and paste. They can take concepts and codify them in their workloads, not necessarily general purpose. So again, key cloud concept and only going to get stronger with the edge developing. So again, more and more complexity, connected complexity. >> Yeah, complexity that more and more you manage through automation, right? Which is another key concept in the cloud. So we are able as a market, as a community to have and manage more and more complex infrastructures because we have tools that are able to automate, to take care of stuff for us, to potentially remediate, which is another big theme in modern security for us and so on. And of course, again, companies like Sysdig, try to really read these in the plight, in a proper way that can be the most possible useful. >> And hackers love complexity, right? And love chaos. And so unless you tame that with really good software, this is the key challenge. >> You need to manage chaos and you need good software to help you manage chaos. >> All right, final question for you. How is Sysdig and the Falco community working with AWS? >> Yeah, in a number of ways. One of the beauties, as I was telling before of essentially being built on an open source project like Falco is that you can really work together with cloud providers like AWS with mutual advantage. For example, AWS and team members at Amazon have done many contributions to Falco and the Sysdig system and integrations and so on. We partnered as Falco community and Sysdig with AWS to offer proper support for Falco versus the products on Fargate, which is, managed containers are the future, are very powerful. Everybody wants to go there, but then you need to make sure that you are covered, you have security from the point of view of severability and so on. Sysdig and AWS work together on doing a P trace based implementation, this is a technical thing, but essentially it means that a tool like Falco can give you invitations, can be the security camera for Fargate as well. And in general way, Amazon is a great partner for us on a daily basis as a community and as a company. >> Loris, you've got a great company there. And again, it was great to see you guys grow from the beginning and the wave is here. As they say, in California, you guys are riding the right wave. And I think it's just the beginning. I think you're going to see more and more security be programmable, built in, automated, under the covers, invisible, but working. And I think the same is going to be true for data and other things. So a lot more to do. And again, it's distributed computing. We've seen this movie before, but not in this environment. So new tools are coming and you guys are a big part of it. Thank you so much for coming on theCUBE and sharing what you guys are doing and the technology behind Sysdig. Thanks for coming on. >> Thank you very much and thank you for the great conversation. >> Okay, this is theCUBE I'm John Furrier your host for Cube conversations with Sysdig's Loris Degioanni, CTO of Sysdig. Thanks for watching. (gentle music)

from the silicon angle media office in Boston Massachusetts it's the queue now here's your host David on tape hello everyone and welcome to this week's episode of the cube insights powered by ETR this week cisco CEO Chuck Robbins has invited a number of analysts and press to San Francisco for an event to talk about the future of Cisco and no doubt the role of the company in the next decade and I will be there so in this breaking analysis I thought that I'd focus on Cisco and its prospects in this era of next-generation cloud of course last week we attended AWS reinvent and you can catch all our coverage on the cube net but the key takeaways are that we're entering a new era of cloud that is heavily emphasized emphasizing getting more value out of data with machine intelligence and things like sage maker now AWS was heavily focused on this notion of transformation putting forth the strong case that enterprises have to transform not just incrementally it was a clear message that CEOs really have to lead and AWS are striking directly at the heart of what a device had Andy Jesse calls the old guard namely IBM Dell Oracle HPE and many others including of course Cisco saying that you can't just transform incremental e CEOs you have to transform whole house so today I want to look at six areas and I'm showing them here on this on this slide but the first thing I want to do is just review the overall spending climate and then what I want to do is discuss Cisco in the context of industry leadership playing on Jesse's themes and then you know we'll look at the spending momentum in the latest ETR survey for those leaders next thing I want to do is I'm going to talk about the cloud and it's impacting everyone and I want to take a look specifically at how it's impacting Cisco and how Cisco is faring in the face of competent from the public cloud which we've talked about a lot across a number of vendors we're then going to look at Cisco's business overall from a spending perspective and then I'll wrap with some some comments on what I see is opportunities for Cisco like edge I want to talk specifically about multi cloud and of course cloud in general so let's start drilling into the spending climate overall now remember the EGR data tells us that spending on balance is reverting to pre 2018 levels but it's not falling off the cliff buyers member are narrowing their experimentation on new technologies and they're placing more focused bets as part of the digital transformations we're also seeing more replacements of redundant systems that buyers were running in parallel as a hedge on their bets and that is affecting overall spending and it's somewhat compressing spending so with that as a backdrop let's look at some of the the latest data from ETR and focus on the leaders from the latest survey so what I'm showing here is data from ETRS October 2019 Syria one thousand three hundred and thirty six IT buyers who responded and I've selected market share as the metric across all sectors as you can see here in number eight now remember market share is a measure of pervasiveness and it's calculated by dividing the total vendor Mensch mentions divided by the sector total so now the remember the ETR methodology allows for multiple responses by a vendor so you can see in the y-axis there can be more than a hundred percent okay because of those multiple responders respondents now note that Microsoft Cisco Oracle AWS and IBM have the highest shared ends or mentions and you can see the pervasiveness of Microsoft and its prominence which is not surprising but Cisco Oracle and IBM generally have held from again pervasiveness standpoint pretty well as you can see the steady rise as well in AWS is market share so cisco really the bottom line there is cisco is a clear leader in this industry and it's maintaining its leadership position and you can of course on that chart you can see the others who really didn't make the top five but they're prominently you know mentioned with the shared ends that's VMware Salesforce Adobe's up there and of course Dell EMC is the you know 90 to 100 billion dollar company now let's take a look specifically at spending momentum you know what we're showing here in this chart is the exact same cut except we've changed the metric from market share to net score now remember net score is a measure of spending momentum that's calculated by essentially subtracting the percent of customers that are spending less in a given survey from those that are spending more and that's the net score and you can see the picture changes pretty dramatically AWS jumps up to the top spot with a 62% you know net score over taking Microsoft but then look at Cisco it's very strong with the 36 about 34 percent net score you know not nearly as high as AWS and Microsoft but very respectable and holding you know fairly strongly and notably ahead of IBM and Oracle which are both in the red you see that red area which signals caution now what I want to do is address the question of how is the cloud affecting Cisco's business you've seen me do this with a number of other vendors let's drill into what it means for Cisco so if you've been following these breaking analysis segments you know we've been reporting that the the pace at which the cloud is eating away at a traditional on-prem data data data center business continues now here's a quote from an IT Pro that summarizes the situation for networking in general and then we'll come back and specifically talk about Cisco he says or she says as we migrate the data centers to AWS networking costs will decline over three years this is a director of tech strategy for a large telco so the question I have is does the et et our data back this up let's take a look so what this chart shows is a cut of cloud spenders there are 818 in the latest ETR survey and the net score within those accounts specifically for Cisco so it's spenders on AWS asier and Google cloud and you can see the steady decline post 2010 for Cisco so just as I've reported for Dell EMC HPE Oracle and others you can see that the clouds steady march continues to challenge the on-prem suppliers so each of these companies has really got to figure out how to respond now in the case of Cisco it's moving from owning the network market to really participating in the public cloud and interconnecting clouds so we've seen Cisco make many acquisitions that can allow them to work with AWS for example app D which is application performance management VIP teller which is SD win clicker which is orchestration duo in cloud security and then you've seen bets on kubernetes which are going to help them span hybrid you know as well you've seen them make partnerships with the leading cloud some suppliers and I'll make some comments later on when I talk about multi cloud so let's look at how these diversification moves have impacted Cisco overall because they've not sat still you can see that in this chart what it shows is Cisco's market share across all of its businesses including analytics security telephony and of course core networking but also servers storage video conferencing and virtualization so the point is that by diversifying its business the company has expanded its Tam its total available market and as I showed you before has maintained a leadership position in the data center is measured by market share now here's a deeper sector analysis of Cisco's business by various sectors and what we're showing here is Cisco's business across a number of sectors comparing the October 18 survey with July 19 and the October 19 surveys so this is net score view and you can see across all customers that Cisco's second-half net score for these sectors which are in the green are showing strong momentum relative to a year ago so here you go Meraki which includes Cisco's wireless business its telephony business parts of its security business core Cisco Networking they're all showing strength now parts of its security portfolio like Open DNS and Sourcefire which is intrusion detection which Cisco bought about six years ago and some at Cisco's voice and video assets are showing slower momentum but Cisco's overall spending momentum is holding on pretty well all right let me talk a moment about some of Cisco's opportunities they're trying to transform into more of a software company with assets like duo app dynamics and they want to focus less on selling boxes and ports and more on licenses and subscriptions so it's also got its got to use software also to unify its many platforms so I want to talk about for a moment about multi cloud hot new area right everybody's talking about it cisco recently made some organizational moves to take its separate cloud group and better align it with Cisco's core operations in a new group that they call cloud strategy and compute now cisco competes in multi cloud with vmware IBM curves Red Hat Microsoft and Google even though they partner with Microsoft and Google so here's some ETR data that looks at key Cloud sectors including the three did I pulled out cloud computing container orchestration and container platforms so these are buyers spending on these three areas so there's 937 in the latest survey you can't see that and because I'm hiding it with the pulldown but trust me but you can see the big players with spending momentum and while cisco doesn't you know show the momentum of an azure or a red hat or even a Google it's in that multi cloud game and my my premise is that cisco is coming at this opportunity from its strengths and networking and it's got more than a fighting chance why because cisco is in my view in the position to connect multiple clouds to on-prem and convince buyers that cisco is the best partner to make networks higher performance more secure and more cost-effective than the competition now let me wrap with some critical comments and then i'll end up on an opportunity with with some comments on edge so the first thing I want to say is well Cisco is dominant in a space it's missed a number of opportunities VMware has beaten Cisco to the punch in the initial move of course to virtual machines and then the nice Sara acquisition NSX as I've shown before is clearly has strong momentum in the market and is really eating into Cisco's core business Cisco's ACI does okay but it's definitely a sore spot Francisco and this represents a crack in the companies Armour containers the move to cloud native architectures is mostly a move to public cloud so it's a replacement or a displacement more so than a head-to-head competition that hurts Cisco here is John Fourier says you have you have cloud native and if you take the T out of cloud native you have cloud naive so cisco along with others must not beat cloud naive rather it has to remain relevant in the cloud as we discussed earlier in the multi cloud discussion now Cisco they were the king of converged infrastructure if you remember with the first wave of Vblock along with the Flex pod from NetApp and it you know changed the server game and drove UCS adoption and then guys like IBM and pure jumped in Cisco really became the standard now well hyper-converged infrastructure didn't really displace Cisco Networking you know Dell VMware with it with VX rail and Nutanix as well as HPE who's in the third position are posing a challenge that's so cisco cisco they everything they really don't play in the lucrative high margin external storage business but there's some challenges there that from a tam standpoint but I don't worry so much about that because despite all the rumors over the years specifically in storage that Cisco is going to buy a storage company and I think there are better opportunities in soft where in the end the edge and as I've said before storage right now is kind of on the back burner it's not it's a very difficult market for a company like Cisco to to enter so I want to talk more about the edge because they think it's a way better opportunity for Cisco Cisco among all the legacy tech vendors and my view could really compete for the edge and the reason I say this is because Cisco is the only legacy player in my opinion that is a solid solid developer strategy and it's because of dev net dev net is the initiative to make all Cisco products programmable we talk a lot about the API economy and infrastructure of code as code and what Cisco is doing is they're taking Cisco certified engineers like CC IES and all these people that they've trained over the years huge number of IT pros and they're retraining them and teaching them how to code on Cisco products to create new use cases new workloads and new applications specifically at the edge and Cisco products are designed to be programmable so they have a developer play and I've always said the edge is going to be won by developers this is why frankly I was so excited last week at reinvent about AWS outpost and the move they're making at the edge because they're essentially bringing their stack to the edge and making it programmable IBM failed to do this with bluemix they couldn't attract developers they they had to go by Red Hat for thirty four billion dollars you know Dell MC they have VMware and they have an opportunity with pivotal but that's got to come together they currently have very little developer synergy in my view specifically with Dell Hardware at least that I can see and there seems to be little or no effort to retrain storage admins and VM admins in the same way that cisco is is doing this with CC IES HPE essentially I see them like Dallin away throwing server boxes over the fence to the edge you know versus really attracting developers to identify sort of new workload new use cases so I like Cisco strategy in this regard and it's something that we're gonna continue to watch very closely and probe this week with Chuck Robbins okay this is date Volante sounding out from this episode of the cube insights powered by ETR thanks for watching everybody and we'll see you next time

(bright symphony music) >> Hello, I'm John Furrier, the founder of SiliconANGLE Media and co-host of theCUBE. We're here in Paulo Alto at our studio here. I'm joining with Joseph Jacks, the founder and general partner of OSS Capital. Open Source Software Capital, is what OSS stands for. He's also the founder of KubeCon which now is part of the CNCF. It's a huge conference around Kubernetes. He's a cloud guy. He knows open source. Very well respected in the industry and also a great guest and friend of theCUBE, CUBE alumni. Joseph, great to see you. Also known as JJ. JJ, good to see you. >> Thank you for having me on again, John. >> Hey, great to have you come on. I know we've talked many times on theCUBE, but you've got some exciting news. You got a new firm, OSS Capital. Open Source Software, not operational support like a telco, but this is an investment opportunity where you're making investments. Congratulations. >> Thank you. >> So I know you can't talk about some of the specifics on the funds size, but you are actually going to go out, talk to entrepreneurs, make some equity investments. Around open source software. What's the thesis? How did you get here, why did you do it? What's motivating you, and what's the thesis? >> A lot of questions in there. Yeah, I mean this is a really profoundly huge year for open source software. On a bunch of different levels. I think the biggest kind of thing everyone anchors towards is GitHub being acquired by Microsoft. Just a couple of weeks ago, we had the two huge hadoop vendors join forces. That, I think, surprised a lot of people. MuleSoft, which is a big opensource middleware company, getting acquired by Salesforce just a year after going public. Just a huge outcome. I think one observation, just to sort of like summarize the year 2018, is actually, starting in January, almost on sort of like a monthly basis, we've observed a major sort of opensource software company outcome. And sort of kicking off the year, we had CoreOS getting acquired by Red Hat. Brandon and Alex, the founders over there, built a really interesting company in the Kubernetes ecosystem. And I think in February, Al Fresco, which is an open source content portal taking privatization outcome from a private equity firm, I believe in March we had Magento getting acquired by Adobe, which an open source based CMS. PHP CMS. So just a lot of activity for significant outcomes. Multibillion dollar outcomes of commercial open source companies. And open source software is something like 20 years old. 20 years in the making. And this year in particular, I've just seen just a huge amount of large scale outcomes that have been many years in the making from companies that have taken lots of venture funding. And in a lot of cases, sort of partially focused funding from different investors that have an affinity for open source software and sort of understand the uniqueness of the open source model when it's applied to business, when it's applied to company building. But more sort of opportunistic and sort of affinity oriented, as opposed to a pure focus. So that's kind of been part of the motivation. I'd say the more authentically compelling motivation for doing this is that it just needs to exist. This is sort of a model that is happening by necessity. We're seeing more and more software companies be open source software companies. So open source first. They're built in a distributed way. They're leveraging engineers and talent around the world. They're just part of this open source kind of philosophy. And they are fundamentally kind of commercial open source software companies. We felt that if you had a firm basically designed in a way to exclusively focus on those kind of companies, and where the firmware actually backed and supported by the founders of the largest commercial open source companies in the world before sort of the last decade. That could actually deliver a lot of value. So we've been sort of blogging a little bit about this. >> And you wrote a great post on it. I read about open source monetization. But I think one of the things I'm seeing as well that supports your thesis, and I like to get your reaction to it because I think this is something that's not really talked about, but open source is still young. I mean, you go back. I remember the days when we used to have to hide in the shadows to get licenses and pirate stuff and do all those crazy stuff. But now, it's only a couple decades away. The leaders that were investing were usually entrepreneurs that've been successful. The Rob Bearns, the Amar Wadhwa, the guy that did Spring. All these different open source. Linux, obviously, great success story. But there hasn't any been any institutional. Yeah, you got benchmark, other things, done some investments. A discipline around open source. Where open source is now table stakes in all software development. Cloud is scaling, scaling out globally. There's no real foc- There's never been a firm that's been focused on- Just open source from a commercial, while maintaining the purity and ethos of open source. I mean, is that. >> You agree? >> That's true. >> 100%, yeah. That's been the big part of creating the firm is aligning and solving for a pure focused structure. And I think what I'll say abstractly is this sort of venture capital, venture style approach to funding enterprise technology companies, software companies in general, has been to kind of find great entrepreneurs and in an abstract way that can build great technology companies. Can bring them to market, can sell them, and can scale them, and so on. And either create categories, or dominate existing categories, and disrupt incumbents, and so on. And I think while that has worked for quite a while, in the venture industry overall, in the 50, 60 years of the venture industry, lots of successful firms, I think what we're starting to see is a necessary shift toward accounting for the fundamental differences of opensource software as it relates to new technology getting created and going, and new software companies kind of coming into market. So we actually fundamentally believe that commercial open source software companies are fundamentally different. Functionally in almost every way, as compared to proprietary closed source software companies of the last 30 years. And the way we've sort of designed our firm and we'll about ten people pretty soon. We're just about a month in. We're growing the team quickly, but we're sort of a small, focused team. >> A ten's not focused small, I mean, I know venture firms that have two billion in management that don't have more than 20 people. >> Well, we have portfolio partners that are focused in different functional areas where commercial open source software companies have really fundamental differences. If you were to sort of stack rank, by function, where commercial open source software companies are really fundamentally different, sort of top to bottom. Legal would be, probably, the very top of the list. Right, in terms of license compliance management, structuring all the sort of protections and provisions around how intellectual property is actually shipped to and sold to customers. The legal licensing aspects. The commercial software licensing. This is quite a polarizing hot topic these days. The second big functional area where we have a portfolio partner focused on this is finance. Finance is another area where commercial open source software companies have to sort of behaviorally orient and apply that function very, very differently as compared to proprietary software companies. So we're crazy honored and excited to have world experts and very respected leaders in those different areas sort of helping to provide sort of different pillars of wisdom to our portfolio companies, our portfolio founders, in those different functional areas. And we provide a really focused kind of structure for them. >> Well I want to ask you the kind of question that kind of bridges the old way and new way, 'cause I definitely see you guys definitely being new and different, which is good. Or as Andy Jassy would say, you can be misunderstood for a while, but as you become successful, people will start understanding what you do. And that's a great example of Amazon. The pattern with success is traditionally the same. If we kind of encapsulate the difference between open source old and new, and that is you have something of value, and you're disrupting the market and collecting rents from it. Or revenue, or profit. So that's commercial, that's how businesses run. How are you guys going to disrupt with open source software the next generation value creation? We know how value's created, certainly in software that opensource has shown a path on how to create value in writing software if code is value and functionality's value. But to commercialize and create revenue, which is people paying something for something. That's a little bit different kind of value extraction from the value creation. So open source software can create value in functionality and value product. Now you bring it to the market, you get paid for it, you have to disrupt somebody, you have to create something. How are you looking at that? What's the vision of the creation, the extraction of value, who's disrupted, is it greenfield new opportunities? What's your vision? >> A lot of nuance and complexity in that question. What I would say is- >> Well, open source is creating products. >> Well, open source is the basis for creating products in a different kind of way. I'll go back to your question around let's just sort of maybe simplify it as the value creation and the value capture dynamics, right? We've sort of written a few posts about this, and it's subtle, but it's easy to understand if you look at it from a fundamental kind of perspective. We actually believe, and we'll be publishing research on this, and maybe even sort of more principled scientific, perhaps, even ways of looking at it. And then blog posts and research. We believe that open source software will always generate or create orders of magnitude more value than any constituent can capture. Right, and that's a fundamental way of looking at it. So if you see how cloud providers are capturing value that open source creates, whether it's Elasticsearch, or Postgres, or MySQL or Hadoop. And then commercial open source software companies that capture value that open source software creates, whether it's companies like Confluent around Kafka, or Cloudera around Hadoop, or Databricks around Apache Spark. Or whether it's the creators of those projects. The creators of Spark and Hadoop and Elasticsearch, sometimes many of them are the founders of those companies I mentioned, and sometimes they're not. We just believe regardless of how that sort of value is captured by the cloud providers, the commercial vendors, or the creators, the value created relative to the value captured will always be orders and orders of magnitude greater. And this is expressed in another way, which this may be easier to understand, it's a sort of reinforcing this kind of assertion that there's orders of magnitude value created far greater than what can be captured. If you were to do a survey, which we're currently in the process of doing, and I'm happy to sort of say that publicly for the first time here, of all the commercial open source software companies that have projects with large significant adoption, whether, say for example, it's Docker, with millions of users, or Apache Hadoop. How many Hadoop deployments there are. How many customers' companies are there running Hadoop deployments. Or it may be even MySQL. How many MySQL installations are there. And then you were to sort of survey those companies and see how many end users are there relative to how many customers are paying for the usage of the project. It would probably be something like if there were a million users of a given project, the company behind that project or the cloud provider, or say the end user, the developer behind the project, is unlikely to capture more than, say, 1% or a couple percent of those end users to companies, to paying companies, to paying customers. And many times, that's high. Many times, 1% to 2% is very high. Often, what we've seen actually anecdotally, and we're doing principled research around this, and we'll have data here across a large number of companies, many times it's a fraction of 1%. Which is just sort of maybe sometimes 10% of 1%, or even smaller. >> So the practitioners will be making more money than the actual vendors? >> Absolutely right. End users and practitioners always stand to benefit far greater because of the fundamental nature of open source. It's permissionless, it's disaggregated, the value creation dynamics are untethered, and it is fundamentally freely available to use, freely available to contribute to, with different constraints based on the license. However, all those things are sort of like disaggregating the creating of technology into sort of an unbounded network. And that's really, really incredible. >> Okay, so first of all, I agree with your premise 100%. We've seen it with CUBE, where videos are free. >> And that's a good thing. All those things are good. >> And Dave Vellante says this all the time on theCUBE. And we actually pointed this out and called this in the Hadoop ecosystem in 2012. In fact, we actually said that on theCUBE, and it turned out to be true, 'cause look at Hortonworks and Cloudera had to merge because, again, the market changed very quickly >> Value Creation. >> Because value >> Was created around them in the immediate cloud, etc. So the question is, that changes the valuation mechanisms. So if this true, which we believe it is. Just say it is. Then the traditional net present value cash flow metric of the value of the firm, not your firm, but, like, if I'm an open source firm, I'm only one portion of the extraction. I'm a supplier, and I'm an enabler, the valuation on cash flow might not be as great as the real impact. So the question I have for you, have you thought about the valuation? 'Cause now you're thinking about bigger construct community network effects. These are new dynamics. I don't think anyone's actually crunched a valuation model around this. So if someone knew that, say for example, an open source project created all this value, and they weren't necessarily harvesting it from a cash flow perspective, there might be other ways to monetize it. Have you though about that, and what's your reaction to that concept? 'Cause capitalism would kind of shake down the system. 'Cause why would someone be motivated to participate if they're not capturing any value? So if the value shifts, are they still going to be able to participate? You follow the logic I'm trying to- >> I definitely do. I think what I would say to that is we expect and we encourage and we will absolutely heavily invest in more business model innovation in the area of open source. So what I mean by that is, and it's important to sort of qualify a few things there. There's a huge amount of polarization and lack of consensus, lack of industry consensus on what it actually means to have or implement an open source based business model. In fact there's a lot of people who just sort of point blankedly assert that an opensource business model does not exist. We believe that many business models for monetizing and commercializing open source exist. We've blogged and written about a few of them. Their services and training and support. There's open core, which is very effective in sort of a spectrum of ways to implement open core. Around the core, you can have a thin crust or a thick crust. There's SAS. There are hardware based distribution models, things like Sourcefire, and Cumulus Networks. And there are also network based approaches. For example, project called Storj or Stor-J. Being developed and run now by Ben Golub, who's the former CEO of Docker. >> CUBE alumni. >> Ben's really great open source veteran. This is a network, kind of decentralized network based approach of sort of right sizing the production and consumption of the resource of a storage based open source project in a decentralized network. So those are sort of four or five ways to commercializing value, however, four or five ways of commercializing value, however what we believe is that there will be more business model innovation. There will be more developments around how you can better capture more, or in different ways, the value that open source creates. However, what I will say though, is it is unrealistic to expect two things. It is unrealistic and, in fact, unfair to expect that any of those constituents will contribute back to open source proportional to the value that they received from it, or the benefit, and I'm actually paraphrasing Doug Cutting there, who tweeted this a couple of years ago. Very profoundly deep, wise tweet, which I very strongly agree with. And it is also unrealistic to expect a second thing, which is that any of those constituents can capture a material portion of the value that open source creates, which I would assert is many trillions of dollars, perhaps tens of trillions of dollars. It's really hard to quantify that. And it's not just dollars in economic sense, it's dollars in productivity time saved, new markets, new areas, and so on. >> Yeah, I think this is interesting, and I think that we'll be an open book at that. But I will say that what I've observed in looking through all these CUBE interviews, I think that business model innovation absolutely is something that is an IP. >> We need it. Well, it's now intellectual property, the business model isn't, hey I went to business school, learned this at Babson or Harvard, I learned this business model. We're going to do SAS premium. Okay, I get that. There's going to be very interesting new innovations coming, and I think that's the new IP. 'Cause open source, if it's community based, there's going to be formulas. So that's going to be really inter- Okay, so now let's get back to actual funding itself. You guys are doing early stage. Can you take us through the approach? >> We're very focused on early stage, investing, and backing teams that are, just sort of welcoming the idea of a commercial entity around their open source project. Or building a business fundamentally dependent on an open source project or maybe even more than one. The reason for that is this is really where there's a lot of structural inefficiency in supporting and backing those types of founders. >> I think one of the things with ... is with that acquisition. They were pure on the open source side, doing a great job, didn't want to push the business model too hard because the open source, let's face it, you got people like, eh, I don't want to get caught on the business side, and get revenue, perverse incentives might come up, or fear of incentives that might be different or not aligned. Was a great a value. >> I think so. >> So Red Hat got a steal on that one. But as you go forward, there's going to be certainly a lot more stuff. We're seeing a lot of it now in CNCF, for instance. I want to get your thoughts on this because, being the co founder of KubeCon, and donating it to the CNCF, Kubernetes is the hottest thing on the planet, as we talked about many years ago. What's your take on that, now? I see exciting things happening. What is the impact of Kubernetes, in your opinion, to the world, and where do you see that evolving rapidly, and where is the focus here as the people should be paying attention to? >> I think that Kubernetes replaces EC2. Kubernetes is a disaggregated API for distributed computing anywhere. And it happens to be portable and able to run on any kind of computer infrastructure, which sort of makes it like a liquid disaggregated EC2-like API. Which a lot of people have been sort of chasing and trying to implement for many years with things like OpenStack or Eucalyptus. But interestingly, Kubernetes is sort of the right abstraction for distributed computing, because it meets people where they are architecturally. It's sort of aligned with this current movement around distributed systems first designs. Microservices, packaging things in small compartmentalized units. >> Good for integrating of existing stuff. >> Absolutely, and it's very composable, un-opinionated architecturally. So you can sort of take an application and structure it in any given way, and as long as it has this sort of isolation boundary of a container, you can run it on Kubernetes without needing to sort of retrofit the architecture, which is really awesome. I think Kubernetes is a foundational part of the next kind of computing paradigm in the same way that Linux was foundational to the computing paradigm that gave rise to the internet. We had commodity hardware meeting open source based sort of cost reduction and efficiency, which really Linux enabled, and the movement toward scale out data center infrastructure that supported the Internet's sort of maturity and infrastructure. I think we're starting to see the same type of repeat effect thanks to Kubernetes basically being really well received by engineers, by the cloud providers. It's now the universal sort of standard for running container based applications on the different cloud providers. >> And think having the non-technical opinion posture, as you said, architectural posture, allows it to be compatible with a new kind of heterogeneous. >> Heterogeneity is critical. >> Heterogeneity is key, 'cause it's not just within the environment, it's also within each vendor, or customer has more heterogeneity. So, okay, now that's key. So multi cloud, I want to get your thoughts on multi cloud, because now this goes into some of things that might build on top of if Kubernetes continues to go down the road that you say it does. Then the next question is, stateful applications, service meshes. >> A lot of buzz words. A lot of buzz words in there. Stateful application's real because at a certain point in time, you have a maturity curve with critical infrastructure that starts to become appealing for stateful mission critical storage systems, which is typically where you have all the crown jewels of a given company's infrastructure, whether it's a transactional system, or reading and writing core customer, or financial service information, or whatever it is. So Kubernetes' starting to hit this maturity curve where people are migrating really serious mission critical storage workloads onto that platform. And obviously we're going to start to see even more critical work loads. We're starting to see Edge workloads because Kubernetes is a pretty low footprint system, so you can run it on Edge devices, you can even run it on microcontrollers. We're sort of past the experimental, you know, fun and games was Raspberry Pi, sort of towers, and people actually legitimately doing real world Edge kind of deployments with Kubernetes. We're absolutely starting to see multi-geo, multi-replication, multi-cloud sort of style architectures becoming real, as well. Because Kubernetes is this API that the industry's agreeing upon sufficiently. We actually have agreement around this sort of surface area for distributed system style computing that if cloud providers can actually standardize on in a way that lets application specific vendors or new types of application deployment models innovate further, then we can really unlock this sort of tight coupling of proprietary services inside cloud providers and disaggregate it. Which is really exciting, and I forget the Netscape, Jim Barksdale. Bundling, un-bundling. We're starting to see the un-bundling of proprietary cloud computing service API's. Things like Kinesis, and ALB and ELB and proprietary storage services, and these other sticky services get un-bundled because of two big things. Open source, obviously, we have open source alternative data paths. And then we have Kubernetes which allows us to sort of disaggregate things out pretty easily. >> I want to hear your thoughts, one final concept, before we break, 'cause I was having a private conversation with three people besides myself. A big time CIO of a company that if I said the name everyone would go, oh my god, that guy is huge, he's seen it all going back many, many ways. Currently done a lot of innovation. A hardcore network chip guy who knows networking, old school infrastructure. And then a cloud native application founder who knows a lot about software development and is state-of-the-art cloud native. So cloud native, all experienced, old-school, kind of about my age, a cloud native app developer, a big time CIO, and a chip networking kind of infrastructure guy. And we're talking, and one thing that came out, I want to get you thoughts on this, he says, so what's going on with DevOps, how do you see this service mesh, is a stay for (mumbles) on top of the stack, no stacks, horizontally scalable. And the comment that came out was storage and networking have had this relationship with everything since day one. Network moves a packet from point A to point B, and nothing happens in between, maybe some inspection. And storage goes from here now to the then, because you store it. He goes, that premise moves up the stacks, so then the cloud native guy goes, well that's what's happening up at the top, there's a lot of moving things around, workloads and or services, provisioning services, and then from now to then state. In real time. And what dawned on the next conversation the CIO goes, well this is exactly our challenge. We have under the hood infrastructure being programmable, >> We're having some trouble with the connection. Please try again. >> My phone's calling me. >> Programmable connections. >> So you got the programmable on the top of the stack too, so the CIO said, that's exactly the problem we're trying to solve. We're trying to solve some of these network storage concepts now at an application level. Your thoughts to that. >> Well, I think if I could tease apart everything you just said, which is profound synthesis of a lot of different things, I think we've started to see application logic leak out of application code itself into dedicated layers that are really good at doing one specific thing. So traditionally we had some crud style kind of behavioral semantics implemented around business logic. And then, inside of that, you also had libraries for doing connectivity and lookups and service discovery and locking and key management and encryption and coordination with other types of applications. And all that stuff was sort of shoved into the single big application binary. And now, we're starting to see all those language runtime specific parts of application code sort of crack or leak out into these dedicated, highly scalable, Unix philosophy oriented sort of like layers. So things like Envoy are really just built for the sort of nervous system layer of application communication fabric up and down the layer two through layer seven sort of protocol transport stack, which is really profound. We're seeing things like Vault from Hashicorp handle secure key storage persistence of application dedication, authorization, metadata and information to sort of access different systems and end points. And that's a dedicated sort of stateful layer that you can sort of fragment out and delegate sort of application specific functionality to, which is really great for scalability reasons. And on, and on, and on. So we've started to see that, and I think one way of looking at that is it's a cycle. It's the sort of bundling and un-bundling aspect. >> One of the granny level services are getting a really low level- >> Yeah, it's a sort of like bundling and un-bundling and so we've got all this un-bundling happening out of application code to these dedicated layers. The bundling back may happen. I've actually seen a few Bay Area companies go like, we're going back to the monolith 'cause it actually gives us lots of efficiencies in things that we though were trade offs before. We're actually comfortable with a big monorepo, and one or two core languages, and we're going to build everything into these big binaries, and everyone's going to sort of live in the same source code repository and break things out through folders or whatever. There's a lot of really interesting things. I don't want to say we're sort of clear on where this bundling, un-bundling is happening, but I do think that there's a lot of un-bundling happening right now. And there's a lot of opportunity there. >> And the open source, obviously, driving it. So final question for you, how many deals have you done? Can you talk a little bit about the firm? And exciting things and plans that you have going forward. >> Yeah, we're going to be making a lot of announcements over the next few months, and we're, I guess, extremely thrilled. I don't want to say overwhelmed, 'cause we're able to handle all of the volume and inquiries and inbound interest. We're really honored and thrilled by the reception over the last couple weeks from announcing the firm on the first of October, sort of before the Hortonworks Cloudera merger. The JFrog funding announcement that week. The Elastic IPO. Just a lot of really awesome things happened that week. This is obviously before Microsoft open sourced all their patents. We'll be announcing more investments that we've made. We announced our first one on the first of October as well with the announcement of the firm. We've made a good number of investments. We're not able to talk to much about our first initiative, but you'll hear more about that in the near future. >> Well, we're excited. I think it's the timing's perfect. I know you've been working on this kind of vision for a while, and I think it's really great timing. Congratulations, JJ >> Thank you so much. Thanks for having me on. >> Joesph Jacks, also known as JJ, founder and general partner of OSS Capital, Open Source Software Capital, co founder of KubeCon, which is now part of the CNCF. A real great player in the community and the ecosystem, great to have him on theCUBE, thanks for coming in. I'm John Furrier, thanks for watching. >> Thanks, John. (bright symphony music)

>> Announcer: Live from San Francisco, it's theCUBE, covering DevNet Create 2017, brought to you by Cisco. >> Welcome back everyone, we're here live in San Francisco for theCUBE's special exclusive coverage of Cisco's inaugural event, DevNet Create, a foray into the developer opensource world as they extend their classic DevNet core developer program, three years old now, going into the opensource world, this is theCUBE, I'm John Furrier with my cohost, Peter Burris, our next guest is Matt Howard, EVP and CMO of Sonatype, knows something about opensource, Matt, great to have you on theCUBE, thanks for joining us. >> Thanks for having me. >> So first, talk about Sonatype, what do you guys do? Give a quick minute to describe the company, then I got some pointed questions for you. >> Well, we provide tools and intelligence to modern development organizations to basically reinvent how opensource components are flowing through the pipeline, through the value chain, through the development lifecycle. >> You guys are a service, SaaS service, are you guys a subscription? >> It's a subscription service, and we provide two products, there's a product which is a repository manager called Nexus where you store, organize, and distribute software binaries into the development lifecycle, and then there's a second server product called Nexus IQ, which provides intelligence on top of those binary, so think of it as like FDA food labeling database, so if you're looking at a bag of potato chips as a consumer, you can see that there's calories, sugar, salt, it's gluten-free. If you're looking at a software binary, you're able to see metadata that we provide, which allows you as a developer to make intelligent decisions with respect to, this component's good for my application 'cause it's properly licensed, or this component's good for my application because it doesn't have any-- >> So you're a verifying code, basically, in a way. >> Yeah, absolutely. Verifying and qualifying the opensource-- >> John: And the problem you solve for the customer as well. >> The customer basically gets to build applications at scale, at speed, with quality opensource components. >> So you take the worries off, like, with the licensing, does it work well, you're like Yelp for software? There're comments? >> Sort of, more like Amazon reviews for opensource binaries. >> Okay, great, cool, thanks for taking the time. So we was just talking in our intro, opensource, I'm old enough to know when we used to pirate software, and then opensource, woo, this is great, and then it became a tier two in the enterprise player, Red Hat brought it to tier one. It's booming. Communities are changing. You're in the middle of it, what's happening? Give us your take on how opensource is evolving, because it's the classic case of cliche, opensource, I'm standing on the shoulders of giants before me, and now the next generation is standing on the current generations of shoulders, a new generation's happening, what's going on? >> So, just think of supply and demand, simple supply. We live in a world right now where development organizations are facing an infinite supply of opensource, there's a thousand new opensource projects a day, 10,000 new versions and 14 releases per year. The supply is massive. And in a world where supply is incredible, consumption is equally incredible, last year alone, there were 52 billion download requests from Maven Central for Java binaries, 50 billion-plus requests for NPM packages in the JavaScript ecosystem, so we are basically dealing with a world where software is no longer a marginal cost to doing business, it is the business. Developers are king, developers are the lifeblood that's flowing through every great enterprise today, because innovation is ultimately the thing that will allow companies to compete and win on a global playing field! >> I mean, it's almost intoxicating for these guys who are just drinking from the trough of free software, because if you compound the new projects with the fact that Google and these guys are donating awesome libraries, Amazons, machine-learning stuff, it's not something to shake a stick at, it's great software! >> Yeah! >> TensorFlow, Spanner, I mean, all this stuff-- >> It's great software, and just think, in a world of infinite choice, which is the world we're living in, how do you make the best choice? >> So where's the growth coming from? Peter and I were speculating that, in talking to Abby Kearns yesterday from Cloud Foundry, and then with the Cloud Native Foundation, a lot of money's coming in so the business model for players and vendors are coming in, and suppliers now helping out and donating software, but we're speculating that there's a whole growth area that's different than we've seen before. Are we on that? Your comment to that, your thoughts on where this evolution's coming from, the next wave, is it horizontal? >> Our view is that the devops transformation from waterfall-native development to devops-native software development is happening and it's real, and it's arguably in the early days, but it's no stopping that train now. As organizations continue to reconcile demand from board members and shareholders and CEOs, how do you remain relevant, how do you be, put yourself into a position where you're innovating with software fast enough to remain competitive? And that's a tremendous pressure, and it's driving transformational change like devops, and so as that demand for speed continues to grow, we think it only increases the appetite for opensource, and it creates opportunities for organizations like ours to basically automate how that opensource innovation happens. >> We do a lot of crowd chats, to surface the landscape and the common theme that comes up is, oh, your organizational mindset has to change, and were commenting, Peter and I were talking yesterday about, if your org's not set up, you'll have, what's the law? >> Conway's law. >> Conway's law, where the output matches the organization, but the bigger question is, Ford CEO got fired, he's been in the job for less than four years, he didn't have time to transform, so the question is, how does opensource help people transform faster, do you have any observations around that? Because that's the number one question we get is, okay, I need to configure resources to do that, and then the other theme that we're hearing, I'd love to get your reaction on is, "Oh my God, I'm going to lose my job through automation." And certainly Cisco has networking guys who are looking down the barrel of potentially being irrelevant if they don't make the network programmable, so this is, we've lived through cycles, is it the mainframe guys who kind of lose their jobs, kind of thing going on? Or is it a transformative opportunity for the people as well? >> Yeah, it's a great question, there's a lot there, but I think the notion that they say software eats the world, a different way of viewing is automation eats the world, and if you look at, we refer to the 100-10-1 rule, today, in every large IT organization, you got 100 developers for every 10 IT operations professionals for every one security professional. It's impossible for the application security professionals to maintain governance over 100 software developers. If the old way of doing something like application security in this world where we're talking about infinite supply of opensource, needs to be automated with machine intelligence, it needs to be scalable early, everywhere, and throughout the entire development lifecycle, and unless it's not, you're going to basically get some of the benefit of opensource, but not all of the benefit of opensource. >> I want to push you a little bit in this, Matt, because, one might argue, and I'm going to be a little bit apocryphal here for a second, but one might argue that we also have an infinite supply of different types of bubblegum. And at the end of the day, one can say, "Well, do we need another bubblegum?" And we may or may not, and yet we do. So the reason why I'm bringing that up is I want to square the infinite supply, which I don't disagree with, with the idea that, certainly our clients, especially the big data side, are still concerned about the fact that they can't find tooling, or combinations of opensource tooling, that can help them with their use case. And so as you think about, one of the things that intrigued me about what your company does is the idea of to what degree can you start with a business problem, use that business problem to do some design work, and then based on that, start finding the tooling that will be most appropriate for solving the problem. >> Yeah, it's a great question, and I think it goes back to this idea of automation, let's just give a real world use case, this is one of many, but if the demand for speed and innovation is what shareholders, boards, and CEOs are looking for out of their IT organizations and their development teams, then the first thing you do, in the theory of constraints is you look for where is the friction, right? So theory of constraints basically points to something like the process inside of a large financial organization that involves a developer requesting approval for using an opensource component. How long does that take? How many people are involved in that process? How many hours, how many dollars? Does it have to be that hard? Or can you basically create policy, and define policy, and build, effectively, a firewall that then automatically governs the flow of opensource, healthy opensource components, into the development lifecycle? With no human intervention at pace, right? And that's the idea of what we're doing when we talk about scaling opensource innovation early, everywhere, and across the entire development lifecycle, it starts at the perimeter, the moment the development requests the opensource component for use, it has to be automated, you can't afford to take three months to approve it, he needs it now! >> So let me turn that around, and see if this is a service that you are providing, or actually could provide. Given that you probably visibility into a lot of the problems that the developer's trying to solve, and therefore, their ability to check opensource in and out from a variety of different sources, are you also gaining visibility in the types of stuff that people can't find, and making that information available to the world about, here's some of the places where the opensource world could step up and do perhaps a better job of delivering that software? And I'm specifically thinking of the big data universe, because there's so many, for example, I got a client, big financial institution, who is tearing his hair out right now trying to come up with some standard components for complex machine-learning pipelines. Real, real hard job, a lot of different tools, they work together at some level, but they're not solving the problem, 'cause they're more focused on solving each other project's problem. Am I making this? >> You are making a lot of sense, and you should introduce us to your friend, because we would love to have a conversation and talk exactly how it is that you can create prescriptive architectures with opensource components to remove friction back to the theory of constraints concept, I mean, this process of innovation has to flatten out, and we are very narrowly focused on one particular piece of that pipeline, and it is the making sure that the development organization is benefiting from all of the greatness that opensource has to offer, but none of the bad, and you have to do that with automation. >> So just really quick, John, for those of you who don't know, the theory of constraints, to a computer science person, looks like Amdahl's law. Speed up that which you do most frequently, for those of you who've ever done computer design. >> Herbie the Boy Scout. >> Exactly, so it's speed up the thing that is causing the most pain. >> Right, right, right. >> So the question I have for you this, okay, given what you guys do, which is a great service, cutting edge, it's in the devops wheelhouse, so, what is, in your opinion, the most important metric for your customer's success, vis a vis devops, okay, I'm in, I've been hearing about this cloud native thing and devops, we've got to change to Agile, we wrote a manifesto, we changed the organization, what is the important metric that you think they should look for for success? >> You know, there's a lot of metrics, there's no one answer, but I'll give you a really great one, since you mentioned Red Hat earlier. Red Hat is an amazing company that has probably done more for the evolution of opensource than anyone. They have a phenomenal track record of managing RHEL, the Red Hat Enterprise Linux stack, upstream and downstream, to the point where today, they publicly tell that the Red Hat Summit just recently in Boston, I think it's a day or two meantime to repair for a zero-day vulnerability. They understand the supply chain for RHEL extremely well, and from our perspective, we are trying to create the same type of hygiene for custom software development that RHEL has long practiced in support of Red Hat, Red Hat has long practiced in support of RHEL, and so meantime to repair, for example. If a zero-day vulnerability hits, do you have a software bill of materials? Are you wondering where that particular component is? Do you even have the component? How many applications in production are affected? I mean, this is a real-world scenario, just two weeks ago, with Struts 2, how many organizations are still working today to figure out the answer to that question? You'd be surprised, it takes organizations months-- >> Peter: But this is more than a library. >> This is more than a library. >> So explain why it's more than a library. >> Struts 2? >> No, what you're doing. >> What we're basically doing is imagining a software supply chain, so step back and imagine a world where you could build software applications the same way that Toyota builds cars. You have Deming's principles, which says you basically take and source the components or the parts from the fewer suppliers, and you source the absolute best parts, and you track and trace the location of those parts to every step of the supply chain all the way into production, so that Toyota recently had to conduct an orderly and effective recall for four million Takata airbags. Right? In software terms, the next time you're basically sitting on top of a zero day, you need the equivalent of that orderly effective recall so you can in a matter of minutes, not months, patch that vulnerability. >> Hence why you use Goldratt's theory of constraints, so in many respects, this is a digital supply chain tool? >> We believe it's software supply chain automation. >> What about digital? Can I also think about how digital objects can be included in that? Again, going back-- >> Containers? >> Going back to the big data notion? >> Yeah, absolutely, this is, supply chain theory is well understood in a physical goods world, certainly, if you look at how physical goods move through a supply chain, and you come to grips with what's happening in digital transformation today and the evolution of devops and the proliferation of opensource, continuous integration, continuous delivery, speed is king, it's all going in the direction of a supply chain. >> So, when you have so much bubblegum, as Peter said, after it loses its flavor, you get a new piece, right? So, same with software. Final question for you. You guys are doing well, I can imagine that operationally, as coming to operational as opensource, you're a key component there, and that seems like a good opportunity. How early are you on that operational progress? I mean, you just get started, you're making some money, which is good. >> To be frank-- >> You're the customer on the journey, in other words, people realize, "I got a operation on," so they're just doing it, not having a checks and balance. >> Our business is really interesting in the sense that product market fit for any young company can take quite a while, and we're fortunate enough to have a CEO who is remarkably patient and savvy and experienced, his name is Wayne Jackson, for anybody knows, here at the Cisco conference, he was previously the CEO of Sourcefire, so an interesting connection there, but patience is key, and we're being rewarded right now because all of the trends that you guys have already talked about here, and everything we've talked about at Cisco DevNet point to a simple fact, which is that software is key to how companies will compete and win in the future, and as long as that's true, they're going to be looking for ways to improve innovation. Right now, our business is early, we're still creating budget in some situations, but that's increasingly changing, and I would say that you should expect our business to continue to grow-- >> So people are operationalizing opensource, and they're getting serious about some of these things-- >> We're seeing budget now that we didn't see last year, for operationalizing the flow of opensource into a devops-- >> Final, final question, since I want to get your take on the show, Cisco's moves here into this world, obviously, a good move in our opinion, I'm sure you agree, risky for them, a good move, progress, what should they do next? Your thoughts and reaction to DevNet Create, 'cause man, they got DevNet, a growing, robust community of Cisco developers. DevNet Create, a new opportunity, what's your thoughts? >> I've learned a lot, I'm glad to be here, and just saw some things yesterday that make it very, very clear that DevNet Create and what Cisco's doing with it is a great move, I mean, my personal belief is that developers are king, and as you expose core services, network services to developers, an innovation happens, and value gets created, and so they've done so much at the network layer for so many years, and if they're now exposing that network sort of innovation to developers, it'll be exciting to see what kind of innovation happens. >> Matt, thanks for coming on theCUBE, really appreciate it, I'm glad we got you in, great to meet you last night, and congratulations on your startup that you're working with, and growth, and been around the industry a long time, you've seen a lot of waves, and appreciate the insight here on theCUBE, appreciate it. >> Appreciate you having me. >> Alright, we are live in San Francisco for exclusive coverage of Cisco's inaugural event DevNet Create, I'm John Furrier, Peter Burris, stay with us for more day two coverage after this short break. >> Hi, I'm April Mitchell, and I'm the Senior Director of Strategy and Planning for Cisco.