Episode 143

Amanda Brock of OpenUK on Open Source Law, Policy and Practice


October 21st, 2022

42 mins 18 secs

Your Hosts
Special Guest

About this Episode


Amanda Brock


Richard Littauer | Justin Dorfman | Ben Nickolls

Show Notes

Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. Today, we have an amazing guest and she’s been on this podcast before. Joining us is Amanda Brock, who’s the CEO of OpenUK, which is an industry organization about the business of open technology. She’s also a Board Member, keynote speaker, and author, with a new book coming out soon called, Open Source Law, Policy and Practice, that we’ll hear all about today. We’ll also be learning more about OpenUK and the policy work they do, Amanda tells us about the All Things Open (ATO) tech conference where she’ll be launching her book with some incredible panelists, and we hear some goals from Amanda for an event she’ll be attending to create a broader engagement across UK government, where they’ll focus on security, technical issues, and security policy issues. Go ahead and download this episode now!

[00:01:27] Amanda tells us about OpenUK, the difference between OpenUK and the Software Sustainability Institute (SSI), and the policy work OpenUK does.

[00:04:37] We learn if OpenUk’s mission has changed since Brexit, now that the UK is more of an independent body as a national group and how that’s influenced how we think about tech in Britain.

[00:07:13] Amanda tells us all about her book coming out called, Open Source Law, Policy and Practice, that includes several authors, and the launch of her book at ATO.

[00:12:06] One of the chapters in Amanda’s book is on sustainability and open source and since it’s relevant to this podcast Amanda explains more about this chapter.

[00:13:52] Amanda explains some goals they have for the meeting that’s happening on the17th of October called, “Open Source Software: Infrastructure Curation and Security, Thought Leadership Event.”

[00:18:28] Ben asks Amanda if she thinks anything is going to happen within the government from now until February and what she thinks of the government’s response in the US with the executive order around expenditure on open source in government departments and guidance around a software bill of materials and better understanding of what components are in software that’s using governments.

[00:22:00] Richard wonders if there’s been a conversation about what happens if one part of the dependency stack doesn’t want to be included or bother with having a SBOM, dealing with the government, and refuses to do any work.

[00:35:10] We hear a mad insurance scheme Amanda had a long time ago that’s she’s going to get some people to revisit.

[00:37:02] Find out where to follow Amanda and OpenUK online.


[00:17:13] “I think it’s really important that governments also see the level of engagement across our communities as strong, and that we are largely united at least body, that wants to see them understand how they do a much better job of curating open source software and ensuring that when they’re using it, they’re giving back both in terms of contribution and economic contribution.”

[00:20:41] “In the US, the survey showed over 70% of organizations that are using SBOMs now.”

[00:21:45] “You should not be taking on liability for the open source code. You should be taking on liability for the work you’re paid to do.”

[00:24:02] “Coding to me is a freedom of speech.”

[00:24:27] “My personal view is they’ll be public private enterprises or initiatives, and they will hold code that is sanitized or curated for usage in the public sector.”

[00:24:38] “I think we’ll see governments wanting that and it’s not an OSPO, it’s a hybrid. It’s somewhere between a foundation and an OSPO.”

[00:27:40] “Chainguard started creating their own Docker images with their own version of Nginx and Linux, and I think we’re going to see that trend continue.”

[00:28:29] “What we don’t want is for governments to get everything from companies, because if they do, they’re going to end up back in a situation of vendor lock-in.”

[00:35:58] “In the US at one time, you couldn’t buy insurance around open source because it was too unknown. I think there’s going to be a big space there where we can also manage some of this risk and some of the government money can go into that too and help protect the bigger picture.”


  • [00:37:58] Justin’s spotlight is opensauced.pizza founded by Brian Douglas.
  • [00:38:30] Ben’s spotlight is Stellarium 1.0.
  • [00:39:25] Richard’s spotlight is Collins Bird Guide and the app.
  • [00:40:39] Amanda’s spotlight is Eddie Jaoude, a GitHub All-Star.



Support Sustain