►
From YouTube: Open source in the enterprise - GitHub Satellite 2019
Description
Presented by Kathy Simpson, Senior Director of Product Management
Open Source Programs Offices (OSPOs) can be effective for running open source programs inside your enterprise. In this session, you'll learn how an OSPOs work, see how GitHub's tools can help your developers be productive and safe with open source, and get a peek at what's ahead.
About GitHub Satellite 2019
A community connected by code
Explore our interconnected community—and how collaboration turns ideas into innovations.
Join us in November at San Francisco's Palace of Fine Arts for GitHub Universe - https://githubuniverse.com/
A
A
A
Now
that
earthquake
lasted
about
five
minutes,
that's
a
really
long
time
for
an
earthquake
to
be
shaking
I
haven't
even
been
up
here
talking
for
a
minute
and
that
earthquake
would
still
be
going
on.
It
registered
a
9.2
on
the
Richter
scale,
and
that
makes
it
the
most
powerful
earthquake
ever
recorded
in
the
United
States
history
and
the
second
most
powerful
ever
recorded
in
the
world,
and
that
earthquake
spanned,
a
radius
of
about
1.3
kilometers
and
the
effects
were
felt
far
beyond
the
borders
of
Alaska.
A
In
Seattle,
there
were
reports
of
the
Space
Needle,
swaying
back
and
forth.
That
earthquake
was
so
powerful
that
almost
every
single
state
that
had
a
Richter
scale
in
the
United
States
registered
all
the
way
to
New
York
City,
and
it
kicked
off
a
whole
series
of
tsunamis
that
spread
throughout
the
Pacific
Ocean
all
the
way
down
the
coast
of
British
Columbia
into
Washington,
Oregon
California.
A
It
affected
Hawaii
and
even
even
Japan,
and
it
even
raised
sea
levels
in
Australia
and
what
happened
in
the
subsequent
weeks
after
that
earthquake
struck
was
thousands
of
strong
aftershocks
kept
on
going
and
going.
Some
of
these
were
recorded
at
6.2
on
the
Richter
scale,
which
in
and
of
itself,
is
a
massive
aftershock.
A
So
do
you
think
the
citizens
of
Alaska
at
that
time
when
they
were
sitting
down
to
dinner?
Do
you
think
they
knew
that
that
earthquake
was
going
to
happen,
so
I
actually
grew
up
in
Alaska
and
preparing
for
that
inevitable
earthquake?
It's
something
that
I'm
super
familiar
with.
In
fact,
my
parents
were
in
Alaska
in
1964,
they
lived
in
Anchorage
and
they
both
survived
that
earthquake.
They
loved
telling
me
about
all
of
the
things
that
they
lost
in
their
house.
A
They
didn't
lose
anything
that
big
I
think
my
father
lost
a
jar
of
peanut
butter
and
my
mother
lost
a
couple
paintings
off
the
wall,
but
they
still
talk
about
that.
To
this
day
they
call
it
the
Great
Alaska
big
one
and
the
thing
about
earthquakes
is,
you
definitely
cannot
predict
them
and
you
can't
prevent
them.
So
what
we
do
is
we
prepare
ourselves.
A
Now,
today,
I
live
in
San
Francisco,
so
earthquakes
are
still
a
really
big
part
of
my
life
and
because
I
live
in
a
high-risk
area.
I
really
need
to
be
able
to
stay
abreast
of
earthquake
news
and
information,
so
that
I
can
better
be
prepared
for
a
possible
earthquake
that
might
impact
my
neighborhood
and
there's
another
place.
I
live
that
can
sometimes
be
affected
by
unpredictable
and
unpreventable
events
and
I.
Think
all
of
us
in
this
room
share
this.
We
also
live
online,
writing
and
building
software
and
just
like
living
in
an
area.
A
A
A
So
when
you
look
at
modern
art,
sometimes
people
would
look
at
this
and
think
yeah
I
could
do
that.
I
could
probably
take
some
paint.
I
can
put
it
on
a
canvas
and
I.
Think
I
could
probably
create
something.
That's
a
lot
like
that,
but
actually
massive
amounts
of
time
and
expertise
and
study
and
energy
and
collaboration
go
into
creating
a
piece
of
artwork.
So
this
family,
that's
looking
at
this
they're,
not
looking
at
just
some
paint
on
a
canvas
they're.
Looking
at
all
the
time
that
went
into
creating
a
masterpiece.
A
99%
of
software
projects
today
have
open
source
dependencies
and
developers
are
handling
more
code
integrations
than
they
ever
have
before,
and
by
using
open
source
libraries
you're
leveraging,
not
just
the
code
itself.
You
get
more
code
coverage,
more
documentation
and
ultimately
you
get
more
time
for
your
team.
You
and
your
teams
to
think
about
building
products
so
as
we
use
more
open
source,
the
complexity
also
shifts
from
thinking
about
the
code
to
thinking
about
things
like
licenses
and
versions
and
vulnerabilities.
A
It's
not
enough
today
to
check
all
of
that
information
for
on
your
dependencies
at
the
time
that
you
put
them
into
your
product
or
into
your
project.
You've
got
to
be
constantly
vigilant
and
staying
on
top
of
the
ever
changing
security
landscape
and
often
the
teams
that
are
staying
informed
in
your
organization.
A
Sometimes
it's
the
office
of
the
CTO
and
whether
you're
just
getting
started
with
an
open-source
program
office
or
you've,
been
doing
this
for
a
while
there's
a
lot
of
really
great
information
available
for
getting
started
and
managing
open
source
programs
in
your
organization,
and
so
these
are
two
of
the
resources
that
I
really
like
to
use.
One
is
the
to
do
group
and
the
other
is
open
source
guides.
A
The
to
do
group
is
an
open
group
of
companies
who
want
to
collaborate
on
practices
and
tools
and
other
ways
to
run
successful.
Effective,
open
source
projects
and
programs
and
open
source
guides
are
a
collection
of
resources
for
individuals
for
communities
and
companies
who
want
to
learn
how
to
run
and
contribute
to
an
open
source
project.
So
I
definitely
encourage
you
to
check
these
out.
A
So
when
we're
thinking
about
an
osco,
there
are
some
basics
that
I
want
I,
want
you
to
remember
and
walk
away
from
what
is
an
ospa
really
need
to
be
effective,
and
so
this
is
really
getting
at
the
core
of
it
and
that
all
starts
with
policies
that
minimize
friction.
What
we're
looking
at
for
this
is
really
the
minimum
possible
policy
that
gets
at
your
core
risks
and
your
core
concerns,
and
you
want
these,
these
policies
to
be
automatable
oftentimes.
A
Do
you
get
gain
insights
into
everything
that
they're
using
or
that
you're
using
across
your
organization?
You
cross
those
tools
with
the
data
and
then
you
can
understand
where
you
might
be
vulnerable
and
where
you
might
have
to
go
into
an
organization
and
enact
some
of
your
policies,
and
so
these
are
just
some
of
the
basics
of
what
an
auspi
needs
and
we're
working
with
a
lot
with
some
of
our
partners
in
the
space
to
bring
relevant
and
more
critical
information
to
every
enterprise
using
open
source.
A
You
heard
about
one
of
them
this
morning
in
the
keynote
keynote
shank
you
mentioned,
white
source
and
white
source
is
really
working
to
bring
security,
vulnerability
data
to
organizations
at
scale
so
that
you
can
better
understand
what's
going
on
with
your
open
source.
So
speaking
of
the
tools
that
the
Osmo
needs
to
be
successful,
I
want
to
show
you
a
little
bit
more
about
what
we've
been
working
on
to
bring
visibility
about
dependencies
inside
of
your
project.
A
So
this
is
a
demo
organization
that
we
put
together
to
show
a
little
bit
more
about
dependency
insights.
We
know
that
today,
enterprises
use
a
lot
of
open
source
code
and
managing
those
dependencies
can
sometimes
be
a
challenge.
Sometimes
I've
seen
people
try
to
manage
dependencies
and
spreadsheets
before
sometimes
so.
What
we
really
want
to
do
is
is
empower
people
to
get
break
out
of
the
spreadsheet,
so.
A
A
Here,
I'm
going
to
drill
into
a
drill
into
dependency
insights
and
look
at
my
test
organization.
A
little
bit
more
I
can
see
everything
a
tagged.
Little
'evil
I
can
see
the
licenses,
but
what
I'm
really
interested
in
is
what's
going
on
with
my
critical
vulnerabilities
and
so
I'm
going
to
click
into
this
bar
graph,
and
this
actually
filters
everything
by
what
I
want
to
focus
on
first,
which
is
all
of
those
critical
security,
vulnerabilities
and
I'm
gonna.
A
Look
at
this
first
one
action
view:
I
can
already
start
to
pick
up
a
little
bit
more
information
about
this
I
can
see
it
has
two
security
advisories
issued
for
it
and
I'm
gonna
go
and
look
at
its
dependence
and
right
away.
I
can
see
this
version,
has
an
active
security
advisory
and
should
not
be
used.
A
So
that
was
drilling
into
the
information
about
a
particular
component,
but
if
I
have
multiple
organizations
within
my
enterprise,
I
really
want
to
be
able
to
look
across
my
whole
business
and
zoom
out
to
see
dependencies
dependency
insights
across
all
of
the
organizations
that
I
manage,
so
that
I
can
see
all
this
information
at
scale.
So
what
we're
looking
at
here
is
a
way
to
really
spice
and
dice
the
information
about
and
maybe
serve.
A
So,
on
the
organization
view
of
dependency,
insights,
I
can
search
for
a
specific
license
type
here,
I'm
searching
for
a
gplv3
and
see
whether
or
not
any
of
the
projects
or
see
whether
or
not
anybody's,
using
a
project
that
has
this
particular
license
and
I
can
do
that
instead
of
going
into
every
single
organization
and
spending
a
day
trying
to
research
and
find
where
this
might
show
up.
I
can
do
that
from
from
this
view,
across
all
of
my
organizations,.
A
A
They
were
actually
able
to
implement
a
broad
earthquake
monitoring
system
that
gathered
data
to
help
engineers
develop
earthquake,
resistant
structures
that
help
to
limit
property
damage
and
and
injuries,
and
also
this
thing
called
the
tsunami
warning
center
was
created,
and
this
gives
everybody
who
might
be
impacted
by
a
tsunami
that
much
broader
range
of
who
could
be
impacted
by
an
earthquake.
This
gives
them
information
about
what
to
do
in
case.
A
In
case
one
happens,
so
we
can
learn
a
lot
from
security
risks
just
like
these
scientists
learned
from
what
was
going
on
after
that
earthquake
hit
and
we
have,
but
we
have
to
really
be
paying
attention
to
what's
going
on,
and
so
what
dependency
insights
is
giving.
You
is
all
of
the
data
and
all
of
the
information
that
you
need
to
go
in
and
understand
everything
that
that
all
of
the
open
source
across
your
whole
organization.
A
So,
if
you're
interested
in
this
space,
I
encourage
you
to
reach
out
to
us,
there
are
a
lot
of
people
here
today
who
worked
on
these
projects.
There's
a
lot
of
talks
throughout
the
day
as
well.
There's
one
this
afternoon
about
security,
vulnerabilities
from
Justin,
Hutchings
and
Brian.
Clark.
Definitely
encourage
you
to
go
check
that
one
out
and
I
think
Jeff.
Mike
Haffer
is
also
in
the
audience
Jeff.
Can
you
raise
your
hand
we
just
right
over
here?
A
A
I
want
you
to
all
come
and
get
some
hands-on
with
these
tools
and
we
can
walk
through
some
of
the
scenarios
that
you
might
have
and
then
and
answer
some
questions
about
what
is
powering
dependency
insights
and
what
how
else
you
could
slice
and
dice
this
data.
So
please
come
talk
to
me
and
Jeff
afterwards.
There
are
also
some
people
who
worked
on
this
and
built
this
downstairs
as
well.