Brittany Istenes: Open Source Readiness, OSPOs, and Why Contribution Is Risk Management

In this episode of Risk-First: Stars of Software, Rob Moffat talks with Brittany Istenes, open source strategist, InnerSource advocate, and contributor to FINOS’ Open Source Readiness work.

Brittany has spent years helping large organisations—especially in regulated industries—figure out how to actually work with open source, not just consume it. Which makes her the perfect person to explore one of the biggest blind spots in enterprise technology today: the gap between relying on open source and understanding how to manage the risks that come with it.

The conversation explores why so many firms depend on open source but struggle to engage with it properly, what OSPOs are really for (beyond compliance), and how organisations can move from passive consumption to active participation without losing control.

Along the way, Rob and Brittany dive into:

• Why open source is effectively critical infrastructure—but isn’t treated or funded like it
• The reality of “OSPOs of one” and why most firms underestimate their importance
• How dependency risk, licensing, and supply chain issues create hidden exposure in large organisations
• Why contributing upstream isn’t altruism—it’s a way to reduce risk and gain influence
• How InnerSource helps organisations learn open collaboration safely before engaging externally
• The role of foundations like FINOS in creating trusted environments for collaboration between competitors
• Why the cost of internal forks is often invisible—but significant
• How AI and “vibe coding” could massively increase the volume of open source (and the associated risks)

FINOS Open Source Readiness (OSR)
https://osr.finos.org

InnerSource Commons
https://innersourcecommons.org

FINOS (Fintech Open Source Foundation)
https://www.finos.org

Music Mentioned Includes:

• Oranssi Pazuzu (Finnish black metal)
• Nine Inch Nails – With Teeth
• MF DOOM – Doomsday
• Tom Waits
• The Bobby Lees
• Blackwater Holylight
• Wu-Tang Clan
• Puscifer
• Tool
• Tron: Legacy (Daft Punk soundtrack)
• The Crow (1994 soundtrack)

Colin Eberhardt: AI Governance, Agentic Coding, and the Future of Open Source

In this episode of Risk-First: Stars of Software, Rob Moffat talks with Colin Eberhardt, CTO of Scott Logic, long-time FINOS contributor, and one of the principal authors of the AI Governance Framework.

Colin has spent years helping financial institutions adopt new technologies safely—without slowing innovation to a crawl. Which makes him exactly the right person to talk to about the biggest technological shift the software industry has seen in decades: AI.

The conversation explores what AI governance actually looks like in practice, why banks struggled to work out whose problem AI even was, and how large organisations can adopt powerful new tools without accidentally causing chaos.

Along the way, Rob and Colin dive into:

• Why AI governance isn’t about bureaucracy, but about helping organisations understand risks they didn’t even know they had
• How non-deterministic systems break many traditional software engineering techniques
• Why testing and feedback loops may become the most important tools in AI-driven development
• The rise of agentic coding loops that can autonomously iterate until tests pass
• How AI could radically change legacy system migration, software delivery, and developer productivity
• Whether AI will flood the world with open-source projects… or quietly make open source less necessary

• Scott Logic
  https://www.scottlogic.com
  UK-based software consultancy focused on complex platforms, trading systems, and large-scale engineering challenges.
• FINOS AI Governance Framework
  https://github.com/finos/ai-governance-framework
  Open-source framework describing risks and mitigations when adopting generative AI in financial services.

• AI Augmented Coding Weekly — Colin’s newsletter
  https://newsletter.scottlogic.com
  Commentary and analysis on how AI is changing software engineering practices.
• The AI Daily Brief podcast
  https://podcasts.apple.com/us/podcast/the-ai-daily-brief/id1669813433
  Regular updates on AI developments, industry trends, and major model releases.

• Claude Code / Anthropic tools
  https://www.anthropic.com
  AI coding agents and autonomous development workflows.
• Next.js
  https://nextjs.org
  Popular React framework used as an example of modern web infrastructure and AI-assisted cloning.
• Ladybird browser project
  https://ladybird.dev
  Experimental open-source browser engine referenced during discussion of AI-assisted codebase recreation.

In this episode of Risk-First: Stars of Software, Rob Moffat speaks with Kunal Kushwaha—Senior Developer Advocate at CAST AI, founder of the global WeMakeDevs community, CNCF Ambassador, and one of the most recognisable voices in today’s cloud-native ecosystem.

Kunal’s work sits at the intersection of cloud infrastructure, developer education, and community-driven learning, focused on helping organisations reduce cloud waste, improve reliability and performance, and navigate the growing complexity of Kubernetes and AI-driven platforms. At its core, his perspective highlights that risk in modern technology is not just technical—it’s human, organisational, and economic.

Together, Rob and Kunal explore:

• Why cloud complexity and over-provisioning create hidden financial and reliability risks
• How developer relations connects human relationships to business outcomes
• Lessons from building data-centre infrastructure and global developer communities early in a career
• Real-world failures—from data-centre fires to open-source contribution overload—and what they teach about resilience
• How open source, AI agents, and autonomous cloud platforms are reshaping the future of software
• Why success in technology still depends on focus, learning-by-doing, and strong human networks

• CAST AI
  https://cast.ai
  Autonomous cloud optimisation platform focused on performance, reliability, and cost efficiency.
• WeMakeDevs community
  https://wemakedevs.org
  Global developer community running hackathons, events, and learning programmes across 20+ countries.

• Tech With Nana (YouTube)
  https://www.youtube.com/c/TechWorldwithNana
  Clear, practical explanations of cloud-native and DevOps concepts.
• TLDR Newsletter
  https://tldr.tech
  Daily curated updates across software engineering, AI, and startups.
• Hacker News
  https://news.ycombinator.com
  Community-driven discussion of technical trends and projects.
• Product Hunt
  https://www.producthunt.com
  Discovery platform for new developer tools and technology products.
• Kubernetes Blog
  https://kubernetes.io/blog
  Official updates and deep dives from the Kubernetes ecosystem.

• Stuff You Should Know
  https://www.iheart.com/podcast/105-stuff-you-should-know-26940277/
  Broad, curiosity-driven explorations of everyday topics.
• Science Vs
  https://gimletmedia.com/shows/science-vs
  Evidence-based deep dives into popular claims, including AI and technology.