In this episode of the Open at Intel podcast, host Katherine Druckman spoke with open source community veteran Deb Bryant about her current role with the Open Source Initiative, focusing on the intersection of open source software and public policy in Europe and the United States. They explored many of the evolving challenges and opportunities in the open source space. Enjoy this transcript of their conversation.
“A lot of the values from the open source community of transparency, accessibility, inclusion are the same values in a perfect world that government have. They want to be accessible. They want to provide access.”
— Deb Bryant, Director, US Policy and Founder, Open Policy Alliance
Open Source Initiative
Katherine Druckman: Deb Bryant, thank you so much for joining me. I really appreciate you taking a little time.
Deb Bryant: Yeah, absolutely. Thank you for having me.
Katherine Druckman: If you wouldn't mind, would you introduce yourself a little bit? Tell us a little bit about how you got to where you are and then tell us what you do right now.
Government and Open Source Software
Deb Bryant: All right. My name's Deb Bryant. I've been around for a minute in the open source community. I'll start with where I am today and I can talk a little bit about how I got here. Today I'm here in a role on behalf of the Open Source Initiative to have a panel on public policy. I'm talking about the role of open source software and the ecosystem and public policy both in Europe and the US.
Now, why did I end up being a policy person? Years ago, I worked for Oregon State University's Open Source Lab, and I used to put on a government open source congress, conference rather, and I spent a lot of years helping state and local government and then eventually federal agencies figure out how to adopt open source software to their government operations. I actually spent five years as a deputy state CIO. I understood how the government worked, and I saw the benefit to the government of adopting open source and using it and even using the model to develop their own software tools through that collaboration model.
Years later, I'm landing in a spot where I'm familiar with the government, I understand how policy is made, and things have happened recently that have brought us to that point. But in between the days where I was working for the government and I'm landing where I am today, I've had a lot of really wonderful experiences.
Experiences in the Private Sector
I spent eight years as Red Hat's open source program office director. I had a wonderful team of community architects and had the privilege of spending a lot of time helping and supporting communities around open source projects and practices. I also spent years early in my career in the private sector in emerging technology spaces, from supercomputing to the internet as it became commercialized, so the early days of the networks.
And so I've had a lot of texture over the years and I've had an opportunity to bring all those experiences to the work I'm doing today to help open source, especially open source foundations, figure out how to meet the needs and interests of policymakers where there's literally no policy being done five or six years ago in the space.
Katherine Druckman: I've also been around quite a while actually. And the meaning of open source and the open source community, and its attachment to its own ideology, has changed quite a bit in the last 20 years. How does that impact the work that you do in public policy?
Deb Bryant: Well, it's interesting, especially in the last several years, and this is actually how I ended up making a decision to exit my corporate life and go back to doing work in the public sector. There is a public benefit space where open source software and its projects have broad benefits both for government operations, but also to the capabilities that are beneficial to the public. For example, the United Nations created a digital compact, the Digital Public Goods Alliance to define digital public goods. I had the privilege of helping them think through how they would define software as digital public goods. Lawmakers, especially in Europe, are increasingly aware of the benefits of open source software in societal contexts.
A lot of the values from the open source community of transparency, accessibility, inclusion are the same values that governments should have, in a perfect world. They want to be accessible, they want to provide access, they want equitability. We can argue and debate whether we're successful or not, but those are the values that we’re all aiming for. You see them very much in civil service work, where you're trying to convey benefits to broad society. I think that's one of the reasons you're seeing more interest.
Cybersecurity and Open Source
Deb Bryant: Now, the other side of the coin is that as open source has become more mainstream and more well understood and adopted, we've also become an important actor in the area of cybersecurity.
Suddenly the community is on the radar because cybersecurity is a challenge. And some of the well-publicized vulnerabilities haven't actually been because anything bad happened. But it suddenly raises an awareness of how prevalent open source software is on government operations. And especially the U.S. government, we just went, "Oh, shoot, we don't actually know what software we have." That isn't just an open source problem, it's also a proprietary software problem. It really brought the discussion into the public about how open source was important in the supply chain and the way people are adopting open source. We saw government officials testify that all source software is important to their agency for innovation, and there was no going back, because it was an integral part of their work.
There’s also an opportunity to help improve the situation from a cybersecurity point of view. That discussion included the topic of who will pay to help improve our ability to keep software secure. That's the part of the debate that’s in the public policy arena, both in the US and in Europe. In Europe. The Cybersecurity Resilience Act brought this conversation to the fore, and no one really saw it coming. That particular act was originally intended to impact connected devices. It was really a hardware bill, and it wasn't until the very 11th hour they decided to add the word “software”.
But they did that without consulting anyone in the software industry, so it wasn't really well understood. After that, we had another conversation about how the act would impact the open source community, and it's been a really wonderful evolution over the last year. We've gone from the position where no one knew we should even be at the table, to now figuring out how to institutionalize having the open source community voice at the table for these really important discussions.
Katherine Druckman: That’s so important. We often hear statistics like 96% of software contains open source components, yet many people don’t realize it. I’ll bring it up in conversations and say, "Basically, all software is open source," and people look at me like I’m crazy. Of course, there’s proprietary software, but the bulk of it relies on open source code. Sure, there’s some "secret sauce" here and there, but open source is everywhere.
Sustainability in Open Source
Deb Bryant: That’s right. The U.S. government has been both a consumer and a contributor to open source software. Some agencies have explicit policies allowing employees to contribute back to projects, and they’re looking to expand that further. But this has also sparked a conversation about sustainability. We saw this when the Critical Infrastructure Security Agency (CISA) put out a request for public comments, asking for ideas on how to make open source software more secure, but also how to make it more sustainable.
Katherine Druckman: What was your idea?
Deb Bryant: I actually wrote up my idea and submitted it to the request for comments.
When you think about procurement, the U.S. government has been incredibly influential—it sets many technology standards just by the way it consumes technology. Most large vendors selling software to the government rely on open source in some way. Agencies want flexibility, interoperability, and often look to reduce costs by incorporating open source rather than building everything from scratch.
My idea was to leverage U.S. federal procurement to support open source sustainability. Right now, certain businesses—like minority-owned or women-owned businesses—receive extra points when bidding on public contracts. I proposed a similar system where companies could earn extra points if their commercial offerings were underpinned by open source. To qualify, they’d have to demonstrate that they contribute engineering resources or help fund open source projects they rely on in their solution stack.
Katherine Druckman: That's interesting.
Deb Bryant: That was fun. I had a number of the foundations that thought that was a good idea too, so we'll just keep bringing it up until someone decides to adopt it.
Katherine Druckman: I wonder though, that reminds me tangentially of credit systems, assigning credit, bragging rights or whatever for contributing to projects. I wonder, can that be gamed? Could that be gamed in a scenario like that? In a way that-
Deb Bryant: Yeah, I'm not sure. Part of the recommendation was to establish a public-private group that could help define how that worked and what the system would look like and how you would verify an audit. But the idea centered on sustainability, because we still have the problem of free writing where a lot of companies are benefiting, and it's not unethical. I mean, it's consistent with the way we distribute software.
It's software, it's available, we make it, then we license it that way. That's the rules of engagement. But we also know that it's been a bit lopsided and there are concerns about sustaining projects, and I think we should do what we can. And I think your question is a good question, and considering that, because that could ensure it could be gamed, but we recommended they establish a committee to help create something that it at least likely to be gamed.
Katherine Druckman: Yeah. Sustainability is a critical question. Again, we talk about how prevalent open source is, but if we're all depending on it, we all have an interest in seeing it sustain and be successful and continue and be stable and secure and all of these things. But back to the gaming idea and the free riders and those concerns. I wonder also if I could get your thoughts on how that kind of thing impacts the ebb and flow of open source ideology and licensing, we've seen companies switch licenses recently. We see a lot of forking. We see people going closed and open, and there's a…
Deb Bryant: And open again.
Katherine Druckman: Yes, exactly. Yeah.
Deb Bryant: In a recent case. Yeah.
Katherine Druckman: So how does all that fit together?
Deb Bryant: Well, I say that the OSD and OSI approved software keeps things simple, and that's at least one constant, and I don't think we really want to re-litigate it. And it's important that companies and individuals and small projects are able to rely on something where they don't have to re-litigate and re-negotiate a license.
Katherine Druckman: You know what you get when you have an established open source license. You know what that means.
Deb Bryant: That's an important piece. The other permutations of license offerings, in my mind, are more business strategies. And as long as someone is clear in what the license offers and they're not burying language somewhere trying to hook someone, then there's room for that too. There's room in the world for proprietary software. I think it's just important that we're clear in what we're offering and what our goals are.
Katherine Druckman: Yeah, interesting. So, what advice would you have for people out there in the community relying so heavily on open source software? I mean, I always say if you really are truly relying on a thing, and it is business critical, it is, we're making money was a thing, it behooves you to get a seat at the table and it behooves you to contribute. But I wonder the economic realities shift and belts get tightened. Are people losing sight of that?
Deb Bryant: Well, ideally, companies should always contribute upstream, not just to support a project’s sustainability, but also because it benefits them. When I was running Red Hat’s first Open Source Program Office, I strongly advocated for this. Companies that contribute don’t just help the community, they also gain valuable insights and learn from the process.
I used to say, "If you want to know what a soup is, then spend time in the kitchen." And so becoming part of the community is greatly beneficial, but I know that's not always possible. There are small companies, especially startups that may not have the technical staff or acumen to do that. There's a lot of different ways to contribute to open source, and you probably have a podcast to recount all the ideas.
Katherine Druckman: Maybe yeah, good idea.
Deb Bryant: There's things from direct contributions and financial contributions, and Tidelift has a way of getting money to containers, and GitHub has a program to get funds, so maybe it would be nice to index all of them. There are ways to do that. I think that how a company shows up and contributes should come out of their own understanding of the project impacts their company and the bottom line to evaluate whether they can make direct contributions or not. And if they don't have the capacity to see what they can do financially to really build that into their thinking, because imagine the cost for licensing or even their own RMD but it takes someone to take a look at that analytically and then find a champion to build that into the company's plan.
Future of Open Source and AI
Katherine Druckman: Yeah, I love it. What is the next big thing on the horizon for you policy wise?
Deb Bryant: Well, I think right now we are in the middle of the next big thing, and it's going to be rolling for a while, and that is responding to the need to sort through how AI will impact our ecosystem and how it's going to impact licenses. And then through our work, OSI is a member of the Digital Public Goods Alliance to understand how AI can be used to benefit mankind and the public. OSI also recently joined Carnegie Mellon University-led initiative called Open Forum for AI. So rather than being industry-focused it's academic focused, research focused, practitioners and thinking about more human-centered AI by developing prototypes and instance of papers, it's brand new.
That it's such a huge problem that we need lots of different people thinking about it from different angles. I wouldn't say that's the next big thing because it's landed, but it's going to be with us for a time. If you think about when OSI created the open source definitions, they already had 15 or 20 years of experience with software. We all had enough examples and use case where they could say, "Okay, this worked, but this didn't work." We're not there with AI. There's so much we don't do.
Katherine Druckman: Pioneering is tough.
Deb Bryant: So right now we're in the hype cycle, and everybody has a different opinion. It's just going to take a while to work through that. I think for me personally, the next big thing is a little bit different than all of that in that we are now facing regulations and legislation from the US, from the EU. My concern is that we have eight or nine different sets of security standards, eight or nine different sets of AI standards, and it's going to make it really difficult economically and personal-wise to comply with the other. I would like to see more harmonization of efforts. I'd like to see us stand up an organization that can build consensus among all the open source foundations. And we're really proud of the fact that we're highly opinionated, that we do have different missions, plus these and different members and different constituencies.
But there are some common overarching problems that we have around security, around sustainability, and I don't think we quite yet have a forum to convene these organizations to figure out how we can have a collective response rather than scattering like mice when something big comes in a room trying to figure out how to respond to it. For me, that's what I've been thinking about. I've spent some time with international organizations, so we're mulling over what a model would look like to convene all the open source foundations for some of these collective problem from face.
Katherine Druckman: When you say something like human-centric AI, what does that mean to you?
Deb Bryant: Well, for me, that means shaping policies, practices, and research that focus on how AI impacts people. You can develop something like ChatGPT and immediately think about how to monetize it, but we’re trying to approach AI differently, where the first instinct isn’t, “how do you monetize this?” but rather, “how do you sustain it?”
The real question is: How do we ensure AI serves people? How do we consider human impact, reduce bias, and prioritize ethical outcomes? That’s what a human-centered approach to AI is all about.
Conclusion and Final Thoughts
Katherine Druckman: Fantastic. Is there anything else that you hoped that I would ask you, and I didn't?
Deb Bryant: I don’t think so. I was just grateful to have your time.
Katherine Druckman: Well, I am very grateful that you shared some time with us.
Deb Bryant: Yeah, thank you so much.
Katherine Druckman: You've been listening to Open at Intel. Be sure to check out more about Intel’s work in the open source community at Open.Intel, on X, or on LinkedIn. We hope you join us again next time to geek out about open source.
About the Guest
Deb Bryant, Director, US Policy and Founder, Open Policy Alliance
Throughout her career, Deborah has lent her voice to supporting open source projects and developers, building bridges between academia, industry, non-profits, and government along the way. Today she provides guidance to open source foundations seeking to support public policy development in open technology domains. She has worked in emerging technology and has been an advocate of free and open source software and the community that makes it so since the 1990s.
Deborah is board director emeritus at the Open Source Initiative (OSI); serves on the DemocracyLab board; serves on the advisory boards of Open Source Elections Technology Foundation and the OASIS Open Project, and as an advisor to the Brandeis University Open Technology Management program. She also represents OSI as a member of the Digital Public Goods Alliance. For eight years prior to her reentry into the nonprofit world, she led one of the world’s largest open source program offices (OSPO) at Red Hat where her global team was responsible for the company’s strategy and stewardship in open source software communities. While at Red Hat she served on the Eclipse Foundation board for two years.
Deborah’s published academic research includes the Use of Open Source in Cybersecurity in the Energy Industry and Collaborative Models for Creating Software in the Public Sector.
About the Host
Katherine Druckman, Open Source Security Evangelist, Intel
Katherine Druckman, an Intel open source security evangelist, hosts the podcasts Open at Intel, Reality 2.0, and FLOSS Weekly. A security and privacy advocate, software engineer, and former digital director of Linux Journal, she's a long-time champion of open source and open standards. She is a software engineer and content creator with over a decade of experience in engineering, content strategy, product management, user experience, and technology evangelism. Find her on LinkedIn.