Aeva Black

they/them Secretary
Candidacy Period: August 23, 2021 – March 31, 2025 Type of Seat:

I am the current Secretary of the Board for the OSI, and the Vice Chair for the Technical Advisory Committee over at the OpenSSF. By day, I work in the Azure Office of the CTO’s “OSS Ecosystems” team, and do my best to support the success of all contributors to, and users of, open source software. On weekends, I like to ride motorcycles and play video games with friends.

I’m a frequent speaker at conferences in both the open source and cybersecurity communities. In the past year, I’ve delivered keynotes at SCaLE, SeaGL, and the LF’s Open Source Summit, as well as talks and panels at DEFCON, ShmooCon, HushCon, and more.

I previously served on the Kubernetes Code of Conduct Committee and the OpenStack Technical Committee, led OpenStack’s Ironic project team, and contributed to many other projects including MySQL, Drizzle, Ansible, Matrix, Mixxx, and OpenVZ. I also served as a board member for the Consent Academy, a Seattle-based 501(c)(3) non-profit, from 2015-2020, from which I learned a tremendous amount about the practical application of Codes of Conduct within nonprofits.

How will you contribute to the board

If re-elected, I will continue to use my skills, experience, and network to advocate for the open source development model, work to improve its security, and defend it against over-regulation.

Why? Because open source software has indisputably permeated the fabric of modern life – it is in physical goods all around us, used by nearly every company, and it empowers hobbyists and startups around the world. However, the line between software and hardware has become as blurry as the line between commercial and open source. Malicious actors have taken note and increasingly use open source as a vector to compromise critical systems.

Two years ago (*), I did not know precisely how US or EU governments would begin to regulate software supply chain security – but I knew it was coming. We can now see (**) how some of those proposals would stymie all open source development and collaboration under the weight of strict product liability. This is an existential threat to all open source communities, and one that I am, at the moment, well-positioned to address from within the Azure Office of the CTO and within the OpenSSF.

Why you should be elected

In my previous candidacy, I identified three areas that the OSI should focus on, given sufficient funding for staff (rather than volunteers) to do so:
– educating business leaders about open source
– developing a deeper understanding at the intersection of data privacy, technology (ab)use, and international copyright
– the security of the “open source supply chain”

I’m proud to say that the OSI has made significant progress on all three.
– Deep Dive AI began an exploration of the risks which ML/AI poses to privacy, the potential for abuse of this technology, and the intersection of copyright, data, and code.
– By bringing a Director of US Policy on staff, the OSI is now positioned to express its opinion on policy matters in both the US and Europe, where national policy – due to the urgency of cybersecurity regulations – is likely to impact open source software.
– We continue to expand engagement opportunities for both the Affiliate Network and the Membership.

If you re-elect me, I will continue to support these efforts within the OSI, with a particular focus on the issues of (1) cybersecurity policy’s impacts on OSS, and (2) the impact of using open source licenses for ML/AI.


(*) previous candidacy statement:

(**) OSI’s summary of responses to the CRA:

1 thought on “Aeva Black

  1. Questions for the candidates received from Luis Villa:

    Your time: You have 24 hours in the day and could do many different things. Why do you want to give some of those hours to OSI? What do you expect your focus to be during those hours?

    Licensing process: The organization has proposed improvements to the license-review process. What do you think of them?

    Broader knowledge: What should OSI do about the tens of millions of people who regularly collaborate to build software online (often calling that activity, colloquially, open source) but don’t know what OSI is or what it does?

    Regulation: New industry regulation in both the EU and US suggests government will be more involved in open source in the future. What role do you think OSI should play in these discussions? How would you, as a board member, impact that?

    Solo maintainers: The median number of developers on open source projects is one, and regulation and industry standards are increasing their burden. How (if at all) should OSI address that? Is there tension between that and industry needs?

    OSI initiative on AI: What did you think of the recent OSI initiative on AI? If you liked it, what topics would you suggest for similar treatment in the future? If you didn’t like it, what would you improve, or do instead?

    Responsible licensing: There are now multiple initiatives around “responsible” or “ethical” licensing, particularly (but not limited to) around machine learning. What should OSI’s relationship to these movements and organizations be?

Leave a Reply