Aeva Black

they/them
Candidacy Period: August 23, 2021 – March 31, 2025 Type of Seat:

I am the current Secretary of the Board for the OSI, and the Vice Chair for the Technical Advisory Committee over at the OpenSSF. By day, I work in the Azure Office of the CTO’s “OSS Ecosystems” team, and do my best to support the success of all contributors to, and users of, open source software. On weekends, I like to ride motorcycles and play video games with friends.

I’m a frequent speaker at conferences in both the open source and cybersecurity communities. In the past year, I’ve delivered keynotes at SCaLE, SeaGL, and the LF’s Open Source Summit, as well as talks and panels at DEFCON, ShmooCon, HushCon, and more.

I previously served on the Kubernetes Code of Conduct Committee and the OpenStack Technical Committee, led OpenStack’s Ironic project team, and contributed to many other projects including MySQL, Drizzle, Ansible, Matrix, Mixxx, and OpenVZ. I also served as a board member for the Consent Academy, a Seattle-based 501(c)(3) non-profit, from 2015-2020, from which I learned a tremendous amount about the practical application of Codes of Conduct within nonprofits.

How will you contribute to the board

If re-elected, I will continue to use my skills, experience, and network to advocate for the open source development model, work to improve its security, and defend it against over-regulation.

Why? Because open source software has indisputably permeated the fabric of modern life – it is in physical goods all around us, used by nearly every company, and it empowers hobbyists and startups around the world. However, the line between software and hardware has become as blurry as the line between commercial and open source. Malicious actors have taken note and increasingly use open source as a vector to compromise critical systems.

Two years ago (*), I did not know precisely how US or EU governments would begin to regulate software supply chain security – but I knew it was coming. We can now see (**) how some of those proposals would stymie all open source development and collaboration under the weight of strict product liability. This is an existential threat to all open source communities, and one that I am, at the moment, well-positioned to address from within the Azure Office of the CTO and within the OpenSSF.

Why you should be elected

In my previous candidacy, I identified three areas that the OSI should focus on, given sufficient funding for staff (rather than volunteers) to do so:
– educating business leaders about open source
– developing a deeper understanding at the intersection of data privacy, technology (ab)use, and international copyright
– the security of the “open source supply chain”

I’m proud to say that the OSI has made significant progress on all three.
– Deep Dive AI began an exploration of the risks which ML/AI poses to privacy, the potential for abuse of this technology, and the intersection of copyright, data, and code.
– By bringing a Director of US Policy on staff, the OSI is now positioned to express its opinion on policy matters in both the US and Europe, where national policy – due to the urgency of cybersecurity regulations – is likely to impact open source software.
– We continue to expand engagement opportunities for both the Affiliate Network and the Membership.

If you re-elect me, I will continue to support these efforts within the OSI, with a particular focus on the issues of (1) cybersecurity policy’s impacts on OSS, and (2) the impact of using open source licenses for ML/AI.

Notes

(*) previous candidacy statement:
https://wiki.opensource.org/bin/Main/OSIBoardofDirectors/BoardMemberElections/2021IndividualandAffiliateElections/Black2021/

(**) OSI’s summary of responses to the CRA:
https://blog.opensource.org/the-ultimate-list-of-reactions-to-the-cyber-resilience-act/