Join us at Open Source SecurityCon Europe on March 23, 2026

Tag

What’s in the SOSS Podcast

Aug 12
Love0

What’s in the SOSS? Podcast #37 – S2E14 Open Source Security: OSTIF’s 10-Year Journey of Collaborative Audits

By Podcast

Summary

In this episode of “What’s in the SOSS,” Derek Zimmer and Amir Montezari from the Open Source Technology Improvement Fund (OSTIF) discuss their decade-long mission of providing security resources to open source projects. They focus on collaborative, maintainer-centric security audits that help projects improve their security posture through expert third-party reviews, without creating fear or overwhelming developers.

Conversation Highlights

00:00 Introduction
00:22 Podcast Welcome
01:04 OSTIF Founders Introduction
02:31 OSTIF’s Mission and Approach
05:28 Relationship Management and Expertise
08:01 Evolution of Security Engagement Methods
12:15 Making Security Audits Less Intimidating
18:00 Rapid Fire Questions
20:45 Closing, Call to Action

Transcript

CRob 0:22
Welcome, welcome. Welcome to What’s in the SOSS, the OpenSSF podcast, where I get to talk to some of those amazing people on the planet that are helping secure the open source software we all know we all use every day and that we love today, I have some very special friends with us that are doing the yeoman’s work trying to help work with projects to help improve their security posture. I have Amir and Derek from OSTIF. Can I give you guys just a brief moment to introduce yourselves?

Derek Zimmer: 0:54
Sure, I’m Derek Zimmer, founder of OSTIF. We’ve been doing this for 10 years now and take it away. Amir.

Amir Montezary: 1:04
Thank you. Amir Montezary, Managing Director of OSTIF, open source technology improvement fund, yeah, absolutely thrilled to be here on the podcast and to be talking with you, CRob, and to be talking about the work that we do. As Derek mentioned, this is our 10 year anniversary. So coming up on 10 years of really developing this organization, the processes and really fine tuning to a degree what we do and the value that we provide to the open source ecosystem. So absolutely thrilled to be here and to talk about it.

CRob 1:40
That’s amazing. So happy birthday OSTIF, for our audience that might not be familiar directly with your work. Could you maybe tell it? Tell us what OSTIF is, and what do you all do?

Derek 1:53
Sure. So we founded the organization 10 years ago on the idea that we needed a maintainer centric organization that could bring security resources to projects. There were some efforts in the past to do something similar to what we do, but most of the time, those were very corporate centric. So the ideas that circulated around them were very were dictating what open source should be doing and not we’re here to help. And here’s some resources so that that different perspective was the the kickoff for why we wanted to create something different.

Amir 2:36
Yeah, absolutely. And and still today we see that open source projects, because of their very nature, you know, they need a very strong, independent body to to help them. We provide that platform, being a nonprofit organization, being vendor neutral, being neutral in all senses of the word, and just solely focused on, as Derek mentioned, helping projects, getting them the security resources that they need, and in a way, most importantly, being able to provide those resources in a way that directly impacts the project and its security posture was really what drove us to start this organization. You know, typically, open source developers, maintainers, are not security experts, and that’s okay. Security is a very difficult topic, and like, like a lot of other things, it’s best to be left to the experts. So while, of course, there are things individual developers and maintainers can do to, you know, improve their their hygiene, so to speak, and improve the security posture of their projects, we found that getting independent third party expert audit review in a way that is again meant to be collaborative, as in, these auditors work with the maintainers, as opposed to kind of dictating to maintainers or telling them, you know, things to do, work with them on improving, kind of the holistic security posture of their project, and we found that to be really successful. A lot of research suggests that this is a very good practice to do. I come from a background in it, auditing, reviewing critical payment systems in the United States. That is a great field, and that we saw that that level of independent review, or third party review, that kind of due diligence, really helps improve the the state or posture of a software project. So so it was really. Founded on the need for it to exist. We saw there was a big need for this, that a mechanism to get security help, to open source projects, working directly with maintainers, and doing it in a way that is inclusive and impactful and most importantly, efficient, is kind of what drove us to do what we do, and so in terms of kind of how we do that, it’s largely a lot of just relationship management. So we’ve in the last 10 years, built a really vast network of security experts, researchers, a lot of which are solely focused in the open source security space, so they kind of understand some of the idiosyncrasies involved in open source software, and can, again, can actually provide meaningful review work and collaboration and essentially handle that whole process, because there are quite a lot of moving parts between. You know, typically you have a separate body funding the work, you have the maintainers or contributor base that could be very much distributed around the world. You don’t always have, I guess, established kind of decision making structures, as you might see in a corporate setting or in a more commercial environment. So we kind of handle all of that, all of that goodwill building, relationship building, project management, contract management, basically all of the pieces so that all that, all that’s needed for a funder, for example, someone who wants to fund security outcomes, or the project you know that would like to improve their security posture, they can just focus on that, and we, as an organization, as an independent body, essentially handle all of the all of the minutia and the administrivia and the facilitation and management to make it, to make it a very streamlined and efficient process. So that’s kind of high level overview.

CRob 7:23
As you both are aware, you have been long time participants and partners with our foundation and also our friends over at Alpha-Omega. From your perspective, kind of with your 10 years of working in this particular space. What do you all see as the main value that projects get out of these types of engagements?

Derek 7:47
So actually, this has changed over time, because we started out experimentally trying things just to see what works and what doesn’t. Initially, we started out as a bug bounty organization. So our concept was that companies would donate money to us, we’d establish bug bounties for projects, and then those projects would get the security benefits. What we quickly found out was this does not work well for projects that don’t have a lot of security resources, because they get buried in bunk reports things that are not actually problems. And then there’s also the bag bounties, where some dependency has a vulnerability, and then someone will go shop around to every project that depends on that dependency and try to get a bug bounty out of it and and so on and so forth. And then, increasingly, AI is also becoming a problem because it is doing automated reports to maintainers which are not accurate and then have to be thrown away, and they can be done at a much greater pace than an individual could just a few years ago. So essentially, we, we abandoned that entire thing and went to the idea of having professionals come in, give all of the support that they can give to the project, and kind of meet them where they are, and then extend their their testing so that they get long term benefit from the review as well. So So it started out with skin in our knees and finding stuff that didn’t really work, and then progressed over time, after a lot of feedback to where we are now, which seems to be extremely helpful.

Amir 09:34
So yeah, and to echo that, I would say, I would say the main value of our engagements is that direct impact. You know, we go directly to the project, to the main work with the maintainers or contributors of a project, actually going to the source. You know, the source as in reviewing and improving the code of a project. Project its design, and as Derek mentioned, one way we’ve added even more value as part of our engagements over time is creating or augmenting tooling for projects as well, so that they can continue to have security scrutiny and tools that can help them in their development cycles and to help projects mature. So I would say that that direct focus on the projects, on their code base and on the on the tried and true practice of a expert third party review is how we’re really delivering a lot of value. I would say through our engagements, we’re coming up, as I mentioned on our on our 10 year anniversary next month, and I think we have found well over 100 high or critical vulnerabilities and these projects as parts of our as part of our audits. Thank you. Thank you. We’re really we’re really proud of what we’ve been able to do and the positive impact we’ve been able to make. And yeah, and I think that really comes from sticking to our mission and to our commitment to this best practice of, you know, expert third party review, but doing it in a way that is collaborative and impactful. So so we didn’t just find all of those, those vulnerabilities, those have all been fixed and remediated, and a lot of those, at least a good portion of them were kind of design bugs or or classes of bugs that very well, you know, could eliminate future problems very effectively, not in a, unfortunately, not in a very Easily, easy to measure way, but, but the feedback suggests that the projects are, in fact, much in a much better state after our engagements. So we’re really happy to be able to do that.

CRob 12:15
That’s phenomenal. I love the fact that you all started off in one direction, and then you learned a little bit, and you’ve pivoted so you’ve evolved yourselves. Thinking about your engagements over the last almost decade, is there one thing you wish a project or a developer knew or did prior to coming into one of these engagements that would make the whole enterprise be more successful or go more smoothly. What was one thing you wish people did or knew?

Derek 12:46
So the big takeaway is that if you do a security engagement with us, it’s not scary, because we are here to help. We will offer you any support and resources that we have. You know we’re not going to find a big pile of bugs that you don’t understand, dump a document on you and walk away. The whole point of this is to help projects improve by giving them everything that they need and meeting them where they are. So the FAQ we usually get from maintainers is, you know, how long is this going to take? How much time do I have to invest into this? And then always the questions about, are you going to drop zero days on me at the end of this engagement? And of course, we follow disclosure policies that everybody agrees on and also we are very flexible. So if there’s a design level problem that requires a big rewrite, we’re not going to just drop it on the internet in 90 days. We’re going to be forgiving. So the pressure from us is very low, and I think that that’s one thing that maintainers would really like to hear from, you know, working with us.

Amir 14:07
yeah, plus one to that, Derek, I would say it’s very not meant to be a collaboration. It’s meant to be a engagement that is collaborative in nature. And I, I do wish more developers knew that it wasn’t as again, to echo you Derek, it’s not, it’s not a scary thing. It’s not you’re like, you’re going to be going in front of a tribunal, and you know, it’s very much, let’s work together to make this project better. And I’ve, I’ve I’ve observed personally that it’s one of those types of things where the more you put in, so the more that developers, maintainers, contributors, the more that they’re able to put into the engagement, in terms of providing audit teams with in. Site or with feedback or context, because I think that’s the piece that really is missing significantly with a lot of the, as Derek mentioned, kind of the tooling and some of the other kind of at scale things that at scale solutions, they really lack that context that is really important, especially in terms of security, when it comes to security in a code base, so it definitely has a multiplier effect. You know, the more we’ve seen projects being engaged in the audit, typically, we found much better results. And I can even give a direct case study example, where one an engagement that we were involved in. The audit team and the developer team happened to be our train ride apart, so they were able to arrange, essentially, an in person kind of orientation, kind of to really just discuss and get to know each other and gets in, you know, it was a really cool thing, and we learned that that led to a much better understanding of the code base as the team was auditing it, and that allowed them to find more significant findings, because, again, they had that greater understanding as a result of the context provided By the by the team and and, and actually that that same team that we worked with on this direct engagement yesterday at one of our virtual meetups, we learned that they did something similar. So their client wasn’t as was a quick it was a flight. But flights in Europe are shorter just and they were able to get together with the with the main maintainers of the project, and do, again, a very similar thing, where they were able to get together discuss, and that led to a much better understanding of the project, and allowed the auditors to add that much more value as part of the audit. So I to sum it up, I would say, as I said, add value. That’s I would that’s how I would sum it up. Is that I wish more developers knew that this is about adding value. It’s about collaborating. It’s not about, you know, making you feel bad about making mistakes or anything like that. You know, human beings will always, will always, you know, will always have that, that, you know, human error, and it’s totally normal and fine. And that’s why this as a practice is so important, because, you know, it’s such a common practice in software and really in the in the greater kind of landscape, you know, independent review. And so, yeah, I would say, you know, it’s meant to be collaborative. It’s not the scary thing. It’s really more about, as Derek said, helping and giving you resources to make your project better than anything else.

CRob 17:53
That’s amazing, and I really appreciate just kind of the innovative ideas and the coming to where the project is mentality and really you guys are making sure that security audits aren’t scary at all. But let’s move on to the rapid fire part of the interview. Are you ready for rapid rapid rapid fire? Got a couple wacky questions. Just give me the first thoughts to come out of your mouths, vi or Emacs?

Derek 18:22
oh, VI

Amir 18:25
yeah. Second that excellent.

CRob 18:26
There are no wrong answers, but there are better answers than others, right? What’s your favorite open source mascot?

Derek 18:36
Oh, I’d have to say the VLC cone. Nice, just because it’s nonsense, and they admit that it’s nonsense, and they constantly get asked about it and give nonsense answers. So it’s fantastic.

Amir 18:51
That’s a good point. And you can always tell who the VLC people are at, like FOSDEM, for example, because they have the big, the big cone on the head. And that’s a really good question. There’s a lot of really good ones out there. I’ve honestly found that the this the simpler ones mascots are, I tend to remember them more, but there’s, I’d say, for me, there’s too many good ones to pick so…

CRob 19:16
That’s a very diplomatic answer. I appreciate that. Spicy or mild food?

Derek 19:22
spicy all the way

CRob 19:28
nice, that is always the right answer.

Amir 19:30
Some of our greatest ideas came over spicy food. So…

CRob 19:35
And finally, and most importantly, Star Trek, or Star Wars.

Derek 19:40
So I’d say I’m Star Trek. I I like the idea of everybody working together toward, you know, a peaceful, wide, reaching society,

CRob 19:52
Open source of you. That’s awesome.

Amir 19:54
I would also say Star Trek. I missed the Star Wars kind of lore growing up, yeah, my experience with Star Wars, I had a high school teacher who, anytime he would not be able to make class, instead of a substitute teacher, he would just play the beginning of the first Star Wars movie. I think it was episode four, so I’ve seen the first 30 minutes plenty of times. So maybe that left a bad taste in my mouth with Star Wars.

CRob 20:27
I see we’ve had very different life experiences. That’s great. Well, thank you, gentlemen. I really appreciate you putting up with the nonsense. And then finally, as we wrap up, do you have a call to action for the community or developers, as we kind of close out

Derek 20:45
Sure, I would say we really operate on the principles of Spoon Theory. Have you ever heard of that? It’s from psychology. And the principle is that you have so many spoons of energy that you can devote to various things, and the way that we apply this to open source is thinking about the security knowledge and the just general energy available among open source communities. Some of them are very well supported. They have dedicated staff that are paid, and it’s their job to be there and be available. And then you have the complete opposite end of the spectrum, which is a solar solo maintainer invented a thing. That thing somehow became a really important piece of infrastructure. They don’t have any security knowledge, so they do what they can, you know, reading documents and and whatever, but they don’t have the available energy to invest in security so that that’s where I’m coming from. When I say, meet projects, where they are, and the call to action would be, if you are a security researcher and you’re interacting with open source, this is what you need to consider is their position on that spectrum of knowledge and available energy. So…

CRob 22:09
Amir?

Amir 22:10
Yeah, plus one to that, and to add, I would just say that if there’s one thing I’ve learned, you know, from doing this for 10 years, it’s that. It’s it’s important work, and it needs there. There’s almost an unlimited demand for it. You know, I was really shocked when I saw how some of the you know, projects, biggest names and open source projects, household names that we hear every day, really needed almost the same, if not more, security help than maybe the smaller projects, because, for example, some of the really big projects, because they have so much more scrutiny, they have a lot more noise to go through, for example, or they have, they could potentially have huge backlogs of bugs that they just haven’t gotten the time or resources to go through. And so I think my call to action would be, you know, we are one of the one tool in the in the toolkit, but I do think what we do really does help open source projects and we can do more with more. So we always are typically trying to do the most we can with what we have and which we always do, of course, but I think we really could do more with more so we can add more more help for projects, more diligence for projects, more ongoing support for projects. The work that we’ve been doing, doing tooling, augmentations, for example, has been really successful. And, you know, we, and we as a small organization, we are always happy and willing to take on more work. So we’re always open to new collaborations, new collaborate tours and helping how we can to fulfill our mission, which has been to help open source projects improve their security. So yeah, come talk to us. We’re involved in a lot of the open source security foundation working groups and events. As you mentioned, we’ve been strategic partner for Linux Foundation and OpenSSF for some time now. So yeah, we are always happy to collaborate and help how we can in the nature of open source. And so I’d say that’s that’s all I have. All right,

CRob 24:38
Derek and Amir from OSTIF, thank you all for your amazing work and helping collaborate with our developer community, and that’s going to be a wrap. Happy open sourcing, everybody. We’ll talk to you all soon. Goodbye.

Amir
Cheers, everyone. Thanks.

Outro
Like what you’re hearing. Be sure to subscribe to What’s in the SOSS on Spotify, Apple podcasts and Antenna, Pocket Cast, or wherever you get your podcasts. There’s a lot going on with the OpenSSF, and many ways to stay on top of it all. Check out the newsletter for open source news, upcoming events and other happenings. Go to openssf.org/newsletter to subscribe. Connect with us on LinkedIn for the most up to date. OpenSSF, news and insight and be a part of the OpenSSF community. At OpenSSF.org/getinvolved. Thanks for listening, and we’ll talk to you next time on What’s in the SOSS.

Jun 03
Love0

What’s in the SOSS? Podcast #32 – S2E09 Yoda, Inclusive Strategies, and the Jedi Council: A Conversation with Dr. Eden-Reneé Hayes

By Podcast

Summary

In this enlightening and entertaining episode of What’s in the SOSS, host Yesenia Yser sits down with DEI strategist, social psychologist, and Star Wars superfan Dr. Eden-Reneé Hayes. From her academic roots to her entrepreneurial journey, Dr. Hayes shares how diversity, equity, inclusion, and accessibility (DEIA) drive sustainable growth—and how she found inspiration for her TED Talk in the wisdom of Yoda. The two discuss the myths around DEIA, how the Jedi Council reflects ideal collaboration, and why unlearning old beliefs is key to progress. Plus, stay for the rapid-fire questions and discover if Dr. Hayes is more Marvel or DC.

Conversation Highlights

00:00 – Introduction
01:30 – Career Journey
03:10 – Navigating DEIA in Today’s Landscape
07:49 – TED Talk Inspiration: Star Wars & DEI
11:31 – The TED Experience
13:12 – The TED Talk Message
14:38 – Favorite Yoda Quote
16:34 – Rapid Fire Round
18:37 – Final Thoughts
19:10 – Outro

Transcript

00:18 Yesenia Yser:
Hello and welcome to this podcast where we talk to interesting people throughout the open source ecosystem. My name is Yesenia Yser, I’m one of your hosts, and today we have an amazing treat. I’m talking to a very, very dear friend of mine and someone that comes from a galaxy far, far away, Dr. Eden-Renee Hayes. Eden-Renee, please introduce yourself to the audience and tell us a little bit about yourself.

00:45 Dr. Eden-Reneé Hayes:
I just have to say how fun it is to be announced as an amazing treat and from a galaxy far, far away. Not taken from your TED Talk, was it? So again, I’m Eden-Renee, or Dr. E is also totally fine. But basically, I’m in that dirty little acronym, DEI, diversity, equity, and inclusion. But I basically help companies to drive sustainable growth through inclusive strategies, aligning people, purpose, and performance, which basically leads to them keeping their employees longer.

01:20 Yesenia Yser:
Nice. And then we’ll start with the first question. I’ll continue on from that. For those who may not be familiar with the background, can you share your career journey with us?

01:30 Dr. Eden-Reneé Hayes:
Sure. I have been in academia for a really long time, but now I am an entrepreneur, so I’ll fill in the gaps. So I was a tenured professor. My area within psychology is social psychology. So I’m not a clinician. I’m more studying the research. I’m working in research and understandings around what happens with people in different situations. And with that, I always focused on the ideas related to diversity, equity, and inclusion. So from academia, I moved into administration, but still in colleges. And I liked doing that because I had a much greater impact on what was going on at each school. I was also the director of a multicultural center, but then I decided to branch out and become a solo. entrepreneur, where I have that opportunity to help companies to be able to use my vast knowledge within social psychology to be able to figure out what they need to do in order to have more equitable hiring practices that are fair for everybody, to be able to keep their employees with inclusive practices and lots of other things in between. 

02:38 Yesenia Yser:
Nice. And that brings you here to today. I believe you own your own, you run your own consulting business, if that’s what I understood. That’s right. Nice. Given that, and with the recent shifts in the U.S., I’m sure that’s kind of taken a little change in the way you approach now, especially with the U.S. administration stance on DEIA, diversity, equity, inclusion, accessibility. What challenges have you observed in the industry?

03:10 Dr. Eden-Reneé Hayes:
And if you want to speak more on that. course. Yeah, no, it feels like a lot of people are worried. Yeah, absolutely. I mean, I think it’s important to think about all of the things that they were doing previously, and is that consistent with the legal landscape? And actually, it is. DEIA is not illegal. As stated by 16 different attorney generals, and to make it very, very clear that all of those best practices are still 100% legal because they’re consistent with the things that have been placed into law that are much harder to overturn than with just an executive order. What’s also very interesting to me is the executive order’s focus on merit and fairness, and so does DEIA. So that is one of the wonderful things is just really reiterating to people, this is what’s going on. We were always about fairness. We were always about ensuring that the person that has the greatest merit gets the position. But DEIA is not just about hiring and just about, like, talent acquisition. There’s more to it, because DEIA also focuses on those external things, like the way that we present our companies to the masses. So how is it that we can do that in a way that is inclusive, that is reaching all of our potential clients? Because we have a very, very diverse world, and it’s getting more and more diverse by the minute. Literally, each, you know, like, there’s a new baby born every minute. A lot of those babies, they’re all people of color. And what we see now is, what is it? I think something like 46, 49% of Generation Z are people of color. So Generation Alpha, who are currently in elementary school, are even more diverse ethnically. But that’s not the only diversity we can have. DEIA is also not just about what’s going on with ethnic groups. It’s also gender. It’s gender identity and expression. So that’s a big part of it. And so I think that’s a big part of it. And I think that’s thinking about our trans and non-binary friends. It’s also disability. What about neurodiversity in the workplace? What about well-being in the workplace? It’s also about different people and their needs regarding the different languages that we speak, the different passports that we may hold. It’s so many different, of course, sexualities, so LGBTQ. And there’s so many different demographics to be thinking about. If you were actually to try to put everybody in a demographic, it’d be a minority of people that basically don’t fit within one of those, what we call underprivileged or minoritized or basically what tends to be undervalued groups. So it’s a lot more likely that we are going to be thinking a lot about the full human being in all the demographics that we inhabit and what that great benefit is. So I think that’s a big part of it. And I think that’s a big part of it. is to our various workplaces. So the changes that I’m seeing is really more helping people to understand that to be the truth instead of those myths that people believe about DEI not being about fairness and about having quotas, which aren’t actually legal and weren’t before, about trying to hire people because of their demographics instead of their skills and experience. So it’s a lot more likely that we’re going to be thinking about that. So a lot of the changes that I’m seeing is really just making DEI more clear so that people know that this is what it is. And that’s one of the reasons why I did my TED Talk.

06:59 Yesenia Yser:
Oh, there you go. You’re ready for the next one. I wonder why. But yeah, it just sounds like for DEI, I’m used to saying DEI. So just like my brain’s like, there’s an A. It’s just an umbrella of things because you said it very nicely. It’s the human aspect. And as a human, we identify in different aspects from our gender, from where we live, from the culture’s experiences. But moving on to the next question, you and I actually met at a TED Talk cohort that has continued into this fabulous group. And you recently delivered your TED Talk. Congratulations. It’s one of my favorites. Share with the audience what inspired you to speak on that particular idea. Share what the idea is. And what was the overall experience like?

07:49 Dr. Eden-Reneé Hayes:
Okay, so this is an unexpected answer about what inspired me. What inspired me was actually the failure of my partner to watch Star Wars as a child.

08:04 Yesenia Yser:
Tell us more. I still remember in like college, my first, I’m going to sidetrack real quick. My first job, I was there for like a couple months. They found out that I didn’t watch Star Wars. So they’re like, you cannot work until you watch Star Wars. I spent literally a whole week at work. They paid me just to watch Star Wars. And they’re like, okay, now we’ll give you IT tickets. And I was like, sure. I’m educated now.

08:25 Dr. Eden-Reneé Hayes:
I love that they paid you to do it. And yes, you are educated now. So by the time I, it’s pretty funny. I’m such a Star Wars geek that immediately when my friends found out that he didn’t watch Star Wars, they’re like, oh my gosh, are you going to break up with him now? And it’s like, no, they’re just movies. You just have to sit down and watch them. So we finally did like sit down and start watching. And for the Star Wars geeks out there, we watched in episode order, not chronological release order. That’s a general question that many people will ask. So we start with episode one. So not when they were released, but basically when you’re starting with Baby Anakin. So just watching the movies again in the, the climate that we’re in, in, uh, in being an entrepreneur and trying to help people to understand what DEI is and how it’s valuable. And just being in that space, like while watching it next to someone who’s never seen these before and only has like cursory idea of what might happen. And I just starting putting two and two together. It’s just like, oh my goodness. I knew that I’m in DEI because like, and I start my, Ted talk this way. My mom sat me down and like Yoda was my babysitter. So that, that is how I learned in the first place. And of course I get the education. I literally have a PhD in DEI. I, I really do have the, like both the lived experience, the, um, the sci-fi knowledge as, as well as the, the educational academic background that comes all together in one, but watching it with him, like I had to go grab my phone and pull up the notes app. And start like really typing in that. There’s all of these different ideas and quotes that just like, of course, this is where I am now because this seed in star Wars, all the diversity that we see. I mean, even look at the Jedi high council. It’s like, everybody’s from a completely different species and what are they doing? They are working together. Think about a boardrooms look like that. You know, if everyone’s coming in from a different angle of their upbringing and of their educational experience, and then, like they’re in the same space, trying to reach the same goals, you’re able to attack that problem with those angles that you need in order to figure out, okay, how can we get to the best place? And most efficiently in with as few hiccups as possible, because you don’t want something to be unrolled. And then it’s like, oh my goodness, we forgot this. And we didn’t think about the impact on this group. And now we’re getting a lot of negative press that you want to think about all those things and ensure that that’s not like, oh, we’re not going to be able to do this. That’s not likely to be the problem. And that you’re not likely to waste time, like trying to go and fix something that shouldn’t have been an issue in the first place. If you had more voices in the room. 

11:31 Yesenia Yser:
Yeah, it’s really great. And then what was your experience like with the TED talk? 

11:35 Dr. Eden-Reneé Hayes:
Oh my gosh, it was so much fun. For me, it was the epitome of that thing people say about enjoying the journey just as much as the destination. I enjoyed every minute of sitting and writing down, like practicing it and talking about ideas with our TED cohort, with practicing –  because one of the things about TED that’s less likely known is that it’s not like, oh, I write down what I want to say. And I get up on the stage and I say it’s like, no, there’s, there’s training, there’s editing, there’s, there’s time, there’s a pretty long runway from you’re going to have a TED to actually being on the stage. It’s not like three days and you’re on the stage. It’s people helping you to figure out how to really, like kind of, act it out a little bit. So that, that was one of the wonderful things. Like I had like a speech coach to help me to make sure that I’m bringing my best self out there. And that’s the great thing, because it’s like, of course, being a professor, I was on plenty of stages, but TED stage is a completely different place than a classroom. So it, there’s a different way to impart information. And it’s still also about kind of like, how you find your writer’s voice. Like you find your, it’s your voice on the stage as well. So that’s totally fun.

12:58 Yesenia Yser:
It’s, it’s a big journey. I can’t wait for mine. I’m so excited, but I’m so glad yours was one of the first, would you like to share with the audience for those that haven’t seen it yet a little bit about what your TED, your TED talk idea was?

13:12 Dr. Eden-Reneé Hayes:
Sure. Of course. So if you haven’t placed two and two together, I talked about Star Wars and DEI at the same time. So what I did was, I specifically focused on quotes from Yoda, because there’s a lot of things you can draw from, but TED, technically you’re allowed to go 18 minutes, but we all know what attention spans look like. So the best case scenario, yeah, best case scenario is your TED talk is in the neighborhood of 10 minutes. So I organized it using Yoda’s quotes, but basically I highlighted, this is what DEI really is, dispel all those myths. I didn’t spend time on like, this is how you define each letter of DEI. Instead, I just, I decided to be a little bit more like fun and animated and like make it not like, no, it’s, it’s TED. It’s, it’s not my class. I’m not going to give you a, like a paper that I’m grading or quiz afterwards. I’m trying to give you all the information that is really applicable in a way that’s also entertaining so that you can see it all there. And, and know that, no, this is really about respect and fairness and being the human being that I know that you want to be too.

14:31 Yesenia Yser:
That’s great. I love your TED talk. And with our last question, what’s your favorite Yoda quote and why did it resonate with you?

14:38 Dr. Eden-Reneé Hayes:
Oh my gosh. There are so many great ones to choose from. I feel like I should refuse to answer. Um, but basically, um, no, my favorite one is, uh, Yoda is training Luke. And and Yoda says to Luke, he’s like, Luke kind of gets really frustrated. And Yoda says like, no, like “only different in your mind, you must unlearn what you have learned.” And that’s one of the most fundamental things that we all really need to be doing a better job of is in an unlearning and trying to figure out, okay, what are these messages that I keep receiving that are not satisfying? And I think that’s one of the most fundamental things that I keep receiving. And are not helping me to be the human being that I want to be. And instead are moving us into a place where we have greater division.

15:31 Yesenia Yser:
Nice. I’m going to butcher this one, but you can, you can fix it. You can fix it. “Luminous, luminous beings, are we” that one is one of my favorites, especially the way you delivered it. Um, and then I forgot what the ending of that was. 

15:47 Dr. Eden-Reneé Hayes:
Not this crude matter. 

15:48 Yesenia Yser:
Not this crude matter. That was one of my favorites.

15:50 Dr. Eden-Reneé Hayes:
Yes. “Luminous beings are we. Not this crude matter.” And yeah, that’s, I use that one to help us to think about how we are, we’re focused on, on ourselves and we’re focused on someone else fitting into a box unless we already know that person and not focused even on ourselves being luminous. And that’s part of DEI too, is stopping and thinking like, no, you are amazing. You are worthy. You are valuable. And you bring value to this space. And so does everybody else that you are encountering. So luminous beings, are we not this crude matter.

16:34 Yesenia Yser:
Love it. I got goosebumps all over again. And with that, we’re going to move over to our rapid fire interview part. So hold your breaks. Don’t get off on your millennium Falcon just yet. All right. First question. This one, this one might be an easy one. Marvel. Marvel or DC?

16:53 Dr. Eden-Reneé Hayes:
Marvel, but no, no, I’m just going to double down on Marvel, but I, but I do love them both. We go to all, all the movies, except for Venom.

17:05 Yesenia Yser:
All right. For you Venom fans. I’m sorry. Sorry. Next question. Coke or Pepsi? 

17:13 Dr. Eden-Reneé Hayes:
Pepsi. 

17:15 Yesenia Yser:
Okay. 

17: 16 Dr. Eden-Reneé Hayes:
More delicious. 

17:18 Yesenia Yser:
Okay. We’re a little different there. 

17:22 Dr. Eden-Reneé Hayes:
Specifically cherry. 

17:23 Yesenia Yser:
I do love the cherry. I’ll give you that one. Books or podcasts?

17:30 Dr. Eden-Reneé Hayes:
Books. I’m an audio book lover.

17:32 Yesenia Yser:
Yeah. I like the physical. I’ll have to listen to like audio books, like self-development audio books, but I just, there’s something about physically holding it and the smell. I don’t know.

17:42 Dr. Eden-Reneé Hayes:
No, I’ll never get through a book if it’s physically there, unless. No, I need audio because I need to read it while I’m like driving and I’m totally destroying the rapid fire-ness of this. You know, while I’m like cutting vegetables or anything, oh, that’s, that’s mindless. So I need the audio books.

18:02 Yesenia Yser:
That’s fine. We’re making this rapid the way we are. Spicy or mild food? 

18:06 Dr. Eden-Reneé Hayes:
Oh my gosh. Spicy. Who would go with mild? I mean, like. 

18:11 Yesenia Yser:
<Laughs> You didn’t listen to mine then. I said neither, just seasoned. 

18:17 Dr. Eden-Reneé Hayes:
No, it needs to be spicy. Yes. No.

18:21 Yesenia Yser:
Must be spicy. Well, thank you for giving us a lovely rapid conversational fire interview. This is, you know, towards the end. Do you want to leave the audience with any last minute words before we close out?

18:37 Dr. Eden-Reneé Hayes:
Oh, just that we really do all need to foster that wonder and curiosity. Instead of believing the things that we already believe, we need to do a better job of venturing outside of our comfort zone and venturing into that learning zone instead.

18:58 Yesenia Yser:
Beautifully said. Well, thank you, Eden-Reneé, for joining us. Thank you for those listening. We’ll catch you on the next episode.

19:10
Like what you’re hearing? Be sure to subscribe to What’s in the SOSS on Spotify, Apple Podcasts, AntennaPod, Pocket Cast, or wherever you get your podcasts. There’s a lot going on with the OpenSSF and many ways to stay on top of it. Check out the newsletter for open source news, upcoming events, and other happenings. Go to openssf.org/newsletter to subscribe. Connect with us on LinkedIn for the most up-to-date OpenSSF news and insight, and be a part of the OpenSSF community at openssf.org/getinvolved. Thanks for listening, and we’ll talk to you next time on What’s in the SOSS.