But because we’ve got more infrastructural budgets, and we say that as long as it’s going to be used twice or more across different agencies, then it qualifies as infrastructure. So we can afford to pay the upfront cost of red teaming, of collaborative red teaming, even of collective evaluation of all those penetration testing, all the things that you have to do, like building a software bill of material and things like that, to prepare it for open source release, which is actually quite expensive. But if you think of it as safety engineering, as part of the bridges or highways, then it’s actually not that much. So I think it all depends on whether you frame open source as just a public good that you share with the private sector, or it is actually public infrastructure that the government should provide in the first place, like digital signatures and so on. Again, because its value are super modular and it only makes sense when the entire society is adopting it. So for these ones that we got funding, then there’s a lot of funding for the free software and open source communities to work with. Hope I answered your question.

Keyboard shortcuts

j previous speech k next speech