Openness ensures scalability, accessibility, resiliency, and innovation, said Change Healthcare’s Aaron Symanski at Open Source Leadership Summit.

Blockchain technology is heralded to become a broadly disruptive force in the coming years. According to a Forbes story, blockchain is already revolutionizing contracts, payment processing, asset protection, and supply chain management. However, partly due to the industry’s emphasis on records, authentication and people-centric processes, healthcare is predicted to be one of the fields that blockchain will truly transform.

That was the key message at an Open Source Leadership Summit keynote address titled “Blockchain Technology at Change Healthcare” by Aaron Symanski, CTO at Change Healthcare. In his talk, Symanski said that blockchain is already impacting the healthcare system.

Symanski made the point that from the 1960s through now, computers, networks, mobility and automation have driven societal change, and now blockchain is set for disruption. Specifically, he said that blockchain will usher in a healthcare future where information is:

  • Immediately available
  • Identical everywhere it is stored
  • Immutable
  • User-centric and controlled by the contributor

He also emphasized that open source efforts, such as The Linux Foundation’s Hyperledger Project, are driving blockchain forward and are essential. He said that openness ensures scalability, accessibility, resiliency, and innovation. “Participating in The Hyperledger Project has made a lot of sense for us,” Symanski noted. “It protects protocol governance, node management, consensus mechanisms, and more and these are all very important in the healthcare industry.”

Trusted workflow

“Trust is very different in healthcare that it is, in say, financial applications,” he emphasized. “Healthcare is very fragmented, especially in the U.S. What is identity? Who has the right to see records? What portions of the record can a person see?”

Change Healthcare works with Hyperledger Fabric for its blockchain applications, partly because it’s a modular, extensible architecture. It has enabled smart contracts, flexible consensus management, and applicability across industries ranging from insurance to healthcare itself.

“Claims management is one of the first applications that our healthcare network has leveraged blockchain for,” Symanski said. “It helps streamline data and rights management and the platform helps manage visibility and transparency.” Hyperledger Fabric is at the core of the platform that ensures that, say, an insurance provider can process claims with Change Healthcare efficiently.

Symanski emphasized that Change Healthcare is still in the early stages of its planned use cases for blockchain. Indeed, the whole healthcare industry is. According to a report from Frost and Sullivan Research: “At its core, blockchain offers the potential of a shared platform that decentralizes health data, ensuring access control, authenticity, and integrity of protected health information. Further, the blockchain-based distributed network consensus with cryptography techniques provides an additional layer of trust to minimize cybersecurity threats for healthcare IT systems. This never-before blockchain-based trusted workflow with a “single source of truth” presents the healthcare industry with radical new possibilities for outcome-based care delivery and reimbursement models.”

Meanwhile, according to a recent post on the Hyperledger blog, “Hyperledger remains the fastest growing open source project ever hosted by The Linux Foundation.” To find out more about blockchain and Hyperledger, check out the case studies, a webinar, and training resources available from

Watch the entire Open Source Leadership Summit presentation below:

Learn more about Hyperledger in this upcoming webinar from The Linux Foundation. Join Tracy Kuhrt & David Boswell, Tuesday, April 17, 2018 at 10:00am Pacific as they discuss the various Hyperledger projects and how to get involved.

software security

Software security requires discipline and diligence, said Mårten Mickos, speaking at the Open Source Leadership Summit.

Achieving effective security takes constant discipline and effort on everyone’s part – not just one team or group within a company. That was Mårten Mickos’s message in his keynote speech appropriately titled, “Security is Everyone’s Responsibility,” at The Linux Foundation’s recent Open Source Leadership Summit (OSLS).  

Mickos, CEO of HackerOne, which he described as a “hacker-powered security company,” told the audience that $100 billion has been spent on cybersecurity, yet, “Half of the money is wasted. We’ve been buying hardware and software and machines and walls and all kinds of stuff thinking that that technology and [those] products will make us secure. But that’s not true.”

Even if you ply your network with hardware to create a perimeter around it, it won’t make your organization any more secure, Mickos said. The answer is much simpler, he maintained, and the magic bullet is sharing.

“You share the defense, you share information, you work together,’’ he said. “You can’t have secure software if just some of your software engineers are in charge of security. You can’t just delegate it or relegate it to a security team. If you do that it won’t happen.”

Mickos likened that approach to the 1990s, when companies had quality managers and people got ISO certifications. “It didn’t help. It reduced quality in the companies, because people felt that quality now was the job of somebody else, not of you.”


Software security, Mickos said, “only happens when we’re very disciplined.”

Mickos’ company has 160,000 contributors, including security researchers, ethical hackers and “white hats;” people who have signed up to find flaws in software, he said.  Security vulnerabilities can emanate from situations even when there are no bugs, he noted, adding that HackerOne hacked the U.S. Air Force in eight minutes.

“We found 200 vulnerabilities in the Air Force’s systems, 20 of those were found by Jack Cable, a 17-year-old high school student from Chicago, Ill.,” he said.

HackerOne has fixed over 65,000 security vulnerabilities, Mickos claimed. “So that has removed a lot of holes where criminals could have entered. But there are still tens of millions of vulnerabilities; no one knows the exact number. But if we deploy 100 billion lines of code every year … there’s a lot of security to look after.”

Pooled Defense

In his speech, Mickos promoted the notion of a “pooled defense;” the idea that “the number of defenders is far larger than the number of bad guys.’ He said there are far more white hats in the world than there are cyber criminals or “black hats.”

Cyber threats are often characterized as being asymmetric, he said, in the sense that one single criminal attacker can cause a lot of harm — so much so that a company needs 100 people to defend against it.

“If companies can get together and pool their defense, you … suddenly you have 10 times the power of the attackers,’’ he said. “If you share information, share the defense, share best practices, and share the act of responding to threats, then you overcome the asymmetry and you turn it around.”

It takes discipline and diligence, Mickos said, recalling how Equifax had “so many failures and acts of negligence or … omissions in the way they handle security,” and that “it was one single software vulnerability that led to the data breach in their systems.” Meanwhile, he added, “There’s nobody here who has a software system with just one vulnerability.”

While people often complain about long passwords or having to use multi-factor authentication because it is so time-consuming, they had better get used to it, he cautioned.

“Security doesn’t come for free. The only thing that … acts against these threats is the discipline and diligence [and] remembering long passwords,’’ Mickos said. “Even when somebody invents a method where we don’t need passwords anymore, you will be asked to do something else which is burdensome and every day, and where you’re not allowed to miss it one single time.”

Mickos also had a message for educational institutions: “Don’t call it computer science and software engineering unless there’s security in it. Today, you can graduate in CS without taking a single course in security.” He said he didn’t pay attention to the importance of security when he was in college, but different times call for a different approach. Today, security “has to become part of everything we do.”

We Can Turn the Ship

When everyone recognizes that security is a shared responsibility, he stressed, “the ship will turn. It’s a big ship, so it turns slowly, but it will turn, and we will get to a state that is similar to what we have with airline safety or hospital hygiene or … automotive safety, where today it all works. But it works because we do it together and we jointly take responsibility for it.”

Watch the complete presentation below:

Open Source Investments panel at OSLS:Erica Brescia, Bitnami; Jake Flomenberg, Accel; Jocelyn Goldfein, Zetta Venture Partners; Rashmi Gopinath, Microsoft Ventures; Idit Levine,; Gary Little, Canvas Ventures; Sirish Raghuram, Platform 9

Interest in evaluating and investing in open source startups is on the rise again after a dip in the past couple of years, according to speakers at a panel discussion on investment startups in the open source world.

The discussion took place at The Linux Foundation’s recent Open Source Leadership Summit (OSLS).  In terms of investment activity in the open source startup space, “there is good appetite for the acquirers as well as the public markets, depending on the value proposition that these companies … have to offer,’’ said Rashmi Gopinath, a partner with Microsoft Ventures, the corporate venturing arm for Microsoft. She noted that Microsoft acquired Deis in 2017, an open source startup specializing in the Kubernetes container orchestration platform.

Monetizing something that’s free

Venture capital firms are always concerned with monetization and how to monetize something that fundamentally is free, observed another panelist, said Jocelyn Goldfein, a partner at Zetta Venture Partners, a venture capital firm that invests in enterprise startups solving problems with big data and AI.

“I think that Red Hat was the only one that seemed to seriously make a go of ‘Well, the software is free, but we’ll sell support,’” Goldfein noted. Although there was a belief when cloud computing was introduced that money could be made from hosting software, “I think we also have yet to see really big successes come there,’’ she said.

Goldfein, however, pointed to GitHub as one company that is “killing it on a monetization side.” This is because it is “selling an enterprise product with an enterprise feature set with a free open source version that does not in the least feel artificially crippled or constrained by its user base.” She called the GitHub model a “really exciting” and “inspiring” example of a company that identified “a proprietary business model on top of a foundation that’s free and open source.”

Open source is the rule

Goldfein added that “We’ve gone from a world where open source is the exception, to open source is the rule. There’s probably at least two dozen venture firms that invest a lot in open source now.” If people are going to build another database, now the tendency is to ask not why would it be open source, but why wouldn’t it be? That’s been the fundamental change over the past decade, she said.

Success for open source will come when people stop talking about it as a business model, because it essentially is a development model, maintained Jake Flomenberg, a partner at Accel, a global VC firm that focuses on both consumer and enterprise companies.

Accel looks at startups from what Flomenberg called a “Three-P Framework:” project, product and profit. “What that means is if you can’t build a project that people care about in a truly meaningful way and deploy a mission-critical use case, who cares,’’ he said.

Gary Little, co-founder of Canvas Ventures, which has invested Jaspersoft, MuleSoft, Soni Type, and Platform 9, said they have found that “the people who love open source are developers. Developers don’t have money and if they have money, they don’t want to spend it. But open source is great for basically being distributed and viral growth within the developer community.”

So investing boils down to finding a niche use case. For Jaspersoft, he said, its market was selling reporting software to developers. MuleSoft provides integration software to connect applications, data and devices.

As a business model, Little said, open source works for adoption purposes, but is “really poor for monetization, unless you’re monetizing at different levels.”

Open source momentum

Almost every company has some aspect of open source in their strategy at least in the software space now, said Erica Brescia, co-founder and COO of Bitnami, which offers a catalog of over 150 open source apps on all the major cloud platforms.

“They’re either using or building around open source like … the Kubernetes ecosystem for example, where companies are investing heavily there, and then building products around it and networking,’’ she said.

Open source has gained a lot of momentum, and that is incentivizing firms to want to invest in startups, Brescia said.

Flomenberg concurred, saying that there has been a rise in initial public offerings of companies that are fundamentally open source in the past year and a half, and he expects more in the next year. “I think we’ve seen a small uptick in buys in medium-scale open source companies including some pretty recent transactions,’’ he said.

The panel was asked whether, when pitching VC firms for funding, it is efficacious to be an open source company.

“The beauty of open source from an investor’s perspective is distribution, not innovation — it’s contribution to marketing, not to [research and development],” said Goldfein. She recalled a quote she’d heard, and, although she didn’t remember who said it, she wanted to share. “It’s something like, ‘Look, startups are in a race with big companies. Startups have innovation. Big companies have distribution. You’re in a race to get distribution before the big company can get innovation.’”

The panel of investors and entrepreneurs also included Sirish Raghuram, co-founder and CEO at Platform 9, which delivers open source cloud frameworks as a service, and Idit Levine, founder and CEO of, a company that streamlines the cloud stack.


Keynote speakers announced for The Linux Foundation Open Source Leadership Summit.

The Linux Foundation Open Source Leadership Summit is the premier forum for open source leaders to convene to drive digital transformation with open source technologies and learn how to collaboratively manage the largest shared technology investment of our time.

Confirmed keynote speakers and panelists for this year’s event include:

  • Deepak Agarwal, VP of Artificial Intelligence at LinkedIn
  • Subbu Allamaraju, VP of Technology, Expedia
  • Dustin Bennett, Software Engineer Sr. Manager, The Home Depot
  • Austen Collins, Founder & CEO, Serverless Inc.
  • Justin Dean, SVP Platform & TechOps, Ticketmaster
  • Ashley Eckard, Sr. Software Engineer, The Home Depot
  • Dr. Mazin Gilbert, Vice President of Advanced Technology, AT&T Labs
  • Chen Goldberg, Director of Engineering, Google Cloud
  • Nidhi Gupta, SVP of Engineering, Hired
  • Patrick Heim, Operating Partner & CISO, ClearSky Security
  • John M. Jack, Board Partner, Andreessen Horowitz and Advisor to The Linux Foundation
  • Edward Kearns, Chief Data Officer, National Oceanic and Atmospheric Administration
  • Marten Mickos, CEO, HackerOne
  • Mark Russinovich, CTO, Microsoft Azure, Microsoft
  • Tarry Singh, Author, AI, ML & Deep Learning Executive, and Deep Learning Mentor, Coursera
  • Aaron Symanski, Chief Technology Officer, Change Healthcare
  • Rachel Thomas, Co-Founder,
  • Jim Zemlin, Executive Director, The Linux Foundation

Open Source Leadership Summit fosters innovation, growth, and partnerships among the leading projects and corporations working in open technology development. Business and technical leaders will gather at the summit to advance open source strategy, implementation and investment.

Here’s How To Join Us at Open Source Leadership Summit:


Are you a business or technical leader looking to advance open source strategy, implementation and investment? Join us and share your expertise at Open Source Leadership Summit. View the full list of suggested topics and submit a proposal by 11:59pm PST on Sunday, January 21, 2018.  


Attendance to Open Source Leadership Summit is limited to members of The Linux Foundation and LF Hosted Projects, as well as media, speakers and sponsors. If you are a member, and would like to attend, email us at  For media attendance inquiries, email Dan Brown at


Showcase your thought leadership among a vibrant open source community and connect with top influencers driving today’s technology purchasing decisions. Learn how to become a sponsor.

Open Source Leadership Summit

Share your knowledge, best practices, and strategies at Open Source Leadership Summit.

Open Source Leadership Summit (OSLS) is an invitation-only think tank where open source software and collaborative development thought leaders convene, discuss best practices, and learn how to manage today’s largest shared technology investments.

The Linux Foundation invites you to share your knowledge, best practices, and strategies with fellow open source leaders at OSLS.  

Tracks & Suggested Topics for Open Source Leadership Summit:

OS Program Office

  • Consuming and Contributing to Open Source
  • Driving Participation and Inclusiveness in Open Source Projects
  • Standards and Open Source
  • Managing Competing Corporate Interests while Driving Coherent Communities
  • How to Vet the Viability of OS Projects
  • Open Source + Startup Business Models
  • Project Planning and Strategy
  • Internal vs. External Developer Adoption

Best Practices in Open Source Development / Lessons Learned

  • Contribution Policies
  • Promoting Your Open Source Project
  • Open Source Best Practices
  • Open Source Program Office Case Studies and Success Stories
  • Standards and Open Source

Growing & Sustaining Project Communities / Metrics and Actions Taken

  • Collaboration Models to Address Security Issues
  • Metrics for Understanding Project Health

Automating Compliance / Gaps & Successes

  • Using Trademarks in Open Communities
  • Working with Regulators / Regulated Industries
  • Working with the Government on OS
  • How to Incorporate SPDX Identifiers in Your Project
  • Legal + Compliance
  • Licensing + Patents
  • Successfully Working Upstream & Downstream

Certifying Open Source Projects

  • Security
  • Safety
  • Export
  • Government Restrictions
  • Open Source vs. Open Governance
  • New Frontiers for Open Source in FinTech and Healthcare


  • Upcoming Trends
  • R&D via Open Source
  • Sustainability

Business Leadership

  • Cultivating Open Source Leadership
  • How to Run a Business that Relies on Open Source
  • How to be an Effective Board Member
  • How to Invest in Your Project’s Success
  • Managing Competing Corporate Interests while Driving Coherent Communities
  • Monetizing Open Source & Innovators Dilemma

View here for more details on suggested topics, and submit your proposal before the Jan. 21 deadline.

Get inspired! Watch keynotes from Open Source Leadership Summit 2017.

See all keynotes from OSLS 2017 »

This week in Linux and open source news, John Shewchuk explains why training programs like that of The Linux Foundation are key to educating enterprise teams, many announcements from Open Source Leadership Summit in Lake Tahoe, and more! Keep reading to stay OSS-informed!

1) Journalist John Shewchuk explains that The Linux Foundation’s training courses are an excellent way for businesses to avoid blindly leaping into the open source movement.

Why Enterprises Should Embrace Open Source– The Next Web

2) Want to know how your business can get the most from open source? This free ebook can help.

Linux Foundation Releases Business Open Source Basics Ebook– ZDNet

3) “Renesas has joined the Civil Infrastructure Platform (CIP) project, which provides a base layer for industrial-grade open-source software for civil infrastructure.”

Renesas Joins Industrial Linux Organization–

4) Brian Behlendorf, Executive Director of the Hyperledger Project, shares 1-year milestone blog during Open Source Leadership Summit Hyperledger Blockchain Turns One – Director Brian Behlendorf Updates–

5) “The city will investigate how long it will take and how much it will cost to build a Windows 10 client ahead of a vote on whether to replace its Linux-based OS from 2021. Linux Champion Munich Takes Decisive Step Towards Returning to Windows– TechRepublic

Some of the world’s largest and most successful companies gathered this week at Open Source Leadership Summit in Lake Tahoe to share best practices around open source use and participation. Companies from diverse industries — from healthcare and finance, to telecom and high tech — discussed the strategies and processes they have adopted to create business success with open source software.

Below, are five lessons learned, taken from a sampling of talks by engineers and community managers at Capital One, Google, and Walmart, which have all adopted a strategic approach to open source.  

1. Give developers freedom to contribute

Walmart has worked hard to develop a culture that embraces open source. Key to this cultural transformation has been convincing managers that it’s beneficial to devote developer resources to open source contributions — and to give developers the freedom to contribute however they wish.

“We’ve found that the team members that have a choice of what (open source projects) to work on are the most passionate about really diving in,” said Megan Rossetti, senior engineer, cloud technology, at Walmart.

2. Always be evaluating open source options

Walmart has also created an open source management structure and process to help institutionalize and enable open source participation. The company has an internal open source team to find and shepherd new open source projects and contributions.

“As we onboard new projects, we are always evaluating where does it make sense to bring in open source and to contribute back to open source,” said Andrew Mitry, a senior distinguished engineer at Walmart.

3. Use the right license

Capital One has also made significant strides to become a good open source partner in a way that doesn’t compromise customers or violate financial industry regulations. The company sees a great benefit in releasing open source projects that encourage broad use and participation from other companies. They’ve learned that this means projects must be structured in a way that encourages openness.

“If you want to make sure your code can be used, you really should pick a license written by someone who knows what they’re doing, preferably one of the ones approved by the FSF (Free Software Foundation) or OSI (Open Source Initiative),” said Jonathan Bodner, lead software engineer, technology fellows at Capital One.

“Also, if you want to encourage companies to join the community for your software you probably should pick one of the permissive licenses.”

4. Lead from behind

Kubernetes, an open source project hosted by the Cloud Native Computing Foundation, is one of the fastest growing open source communities on GitHub. Despite massive participation, the project always needs good leaders – those willing to “chop wood and carry water,” said Sarah Novotny, head of the Kubernetes Community Program at Google.

“Being a leader in the open source community is not always about control and it is not always about making sure you have the most commits or the only viewpoint or the only direction,” Novotny said. “We need people willing to do work that is not as glamorous, that’s not as much in the fore. This is very much leadership from behind… It’s making sure that you have influence in the community that is longstanding and promotes the health of the project long term.”

5. Let go of IP

By releasing its Kubernetes container orchestration technology as open source and donating it to The Linux Foundation (under CNCF), Google opened up the project to outside contribution and increased enterprise participation. That, in turn, helped the technology become ubiquitous and profitable for Google which built cloud services on top of the project. Letting go of the project’s intellectual property was ultimately what created that success, said Craig McLuckie, CEO and founder of Heptio, and founder of Kubernetes at Google.

“Nothing poisons an ecosystem faster than playing heavy with trademark,” McLuckie said. “One of the first things we did with Kubernetes was donate it to the Linux Foundation to make it very clear that we were not going to play those games. And in many ways that actually opened up the community…

“It would have really held us back if we had held the IP. If we’d held that trademark and copyright on the project it would have hurt us.”


Want to learn more about open source in the enterprise? Recorded keynote talks from Open Source Leadership Summit 2017 are available now on YouTube. Watch now! 


Executives, experts, analysts, and leaders in open source technology will convene this week at Open Source Leadership Summit in Lake Tahoe. The event is invitation-only but The Linux Foundation is pleased to offer free live video streaming of all keynote sessions on Tuesday, Feb. 14 – Thursday, Feb. 16, 2017.

Catch the livestream to hear some of the world’s largest and most successful organizations discuss how to start, build, participate in and advance open source strategy and development.  

AT&T, Cloud Foundry Foundation, Goldman Sachs, Google, IBM, IDC, Leading Edge Forum, Mozilla, and VMware are among the many organizations that will keynote next week.

The livestream will begin on Tuesday, Feb. 14 at 9 a.m. Pacific. Sign up now! You can also follow our live event updates on Twitter with #LFOSLS.

All keynotes will be broadcast live, including talks by Camille Fournier, former CTO of Rent the Runway and author of O’Reilly’s forthcoming book The Manager’s Path: A Guide for Tech Leaders Navigating Growth and Change; Dan Lyons, New York Times best-selling author of Disrupted; Donna Dillenberger, IBM Fellow at the Watson Research Center; and entrepreneur William Hurley aka ‘whurley’ whose retirement savings startup Honest Dollar was acquired last year by Goldman Sachs.

Other featured keynotes include:

  • Katharina Borchert, Chief Innovation Officer, and Patrick Finch, Strategy Director, Mozilla who will discuss community innovation.

  • Al Gillen, GVP of Software Development and Open Source at IDC, will provide an analysis of open source in 2017 and beyond.

  • Abby Kearns, Executive Director of Cloud Foundry Foundation, will share how cross-foundation collaboration is a win for open source.

  • Chris Rice, SVP at AT&T Labs and Domain 2.0 Design and Architecture at AT&T, will talk about the future of networking and orchestration.

  • And more.

View the full schedule of keynotes.

And sign up now for the free live video stream.

Once you sign up, you’ll be able to view the livestream on the same page. If you sign up prior to the livestream day/time, simply return to this page and you’ll be able to view.

This year, more than 20,000 tech professionals gathered at 150 Linux Foundation events worldwide to learn and share open source technologies and best practices. Held in 46 cities across 14 countries — from the U.S. and Canada, to Germany, Spain, China and Japan — Linux Foundation events are where the creators, maintainers and practitioners of the world’s most important open source projects meet.

As 2016 comes to a close, we have taken a look back at some of the highlights from this year’s events and compiled 10 great moments into a photo gallery, including the 25th anniversary of Linux Gala, the first Kids Day at LinuxCon, and Cory Doctorow speaking on FLOSS. Please share your favorite moments with us in the comments!

Thanks to all of the speakers, attendees, sponsors, and staff who made 2016 the best year yet for The Linux Foundation’s open source events. We look forward to seeing you all again in 2017.

You can see the complete 2017 event schedule now.