Open source software exists today as the dominant force in the technology industry. Every company relies on open source software. Nearly 100% of VMware products touch open source in some way – as components, as core functions or features, as part of the build or the software development process. The free-flowing exchange of ideas and collaboration that the open source community promotes is at the heart of our company’s engineering and innovation spirit.
The Open Source Program Office (OSPO) of VMware provides processes, best practices, and mentorship for individuals who want to participate in and contribute to open source communities. The Open Source Technology Center is the engineering arm of OSPO with open source engineers globally contributing to various projects and many who work in the Sofia office. Meet them, learn about the projects they work on, what open source means to them and it is open source that brought them to VMware.
Tell us more about the open source projects you contribute to?
Ivana Atanasova: I work on SPDX and SBoM tooling, including Tern, sbom-composer and K8s BOM. SPDX is a Software Bill of Materials specification that is evolving to bring better transparency of what goes into a software build, preventing legal and security issues. SBoM generation tools are being developed for binary analysis of artifacts, source code analysis and SBom quality improvement.
Tzvetomir Stoyanov: I am contributing to a variety of open source projects in various areas – Linux kernel, Edge and IoT, and Machine Learning. I started my contributions to the kernel with documentation updates – introduced man pages describing libtraceevent, a tracing library part of the kernel’s ftrace framework. My recent kernel patch is an implementation of a new ftrace event type – eprobe, used to extract information from existing kernel trace points. I have a lot of contributions to trace-cmd, a user space framework for the Linux kernel tracer. Designed and implemented the next version of the trace-cmd file format, with many optimizations and improvements. Another interesting trace-cmd feature that I have significantly improved is host-guest tracing, allowing debugging low-level interactions between the hypervisor and VMs.
Diana Atanasova: I am part of the OSPO sub-team – focused on Machine Learning (ML). Numerous problem domains were brought up by the growing use of AI/ML. Some are tightly related to defining processes/best practices in ML development and deployment. This gave rise to a new discipline called ML Operations (MLOps). I am contributing to Kubeflow – an open source Kubernetes-native MLOps platform that enables building, scaling, and managing machine learning workflows at scale. The project is becoming the platform of choice for many users and continues to grow by taking the next big step towards joining CNCF landscape as an incubating project. Kubeflow encompasses numerous open source projects, each solving a concrete ML workflow problem. My work is focused on one of the core Kubeflow components – the Pipelines. I am currently working on the design and development of Pipeline’s API v2, which includes numerous enhancements and aims to increase usability. AI/ML also brought up questions on security, ethics, trust, responsibility, etc. Our team joined efforts with Linux Foundation AI MLSecOps Working Group, which aims to define ML security standards and best practices as part of a broader initiative – Trusted AI.
Radoslav Dimitrov: I work on a few projects in the supply chain domain, more specifically on go-tuf and RSTUF. The first one is the Go implementation of The Update Framework, a framework designed to offer protection for software update systems and provide tools to recover in case of a compromise. And the second one is a VMware-originated open source project which wraps up TUF and offers it as a service, tremendously simplifying the adoption of The Update Framework.
Martin Vrachev: I’m contributing to Python-tuf, the reference python implementation of the Update Framework (TUF). Like Radoslav mentioned, TUF is a framework for secure content delivery and updates. It protects against various types of supply chain attacks and provides resilience to compromise. I help by reviewing others’ contributions and participating in discussions.
I’m also actively participating in the development of Repository Service for TUF (RSTUF). RSTUF is a system for securing content downloads from tampering between the repository and the client by utilizing TUF as a service. It can be deployed through the usage of docker containers on Kubernetes clusters.
How does open source fit into the VMware product strategy? Why is it part of it?
Radoslav Dimitrov: Open source software is practically everywhere. No matter its size, every software vendor is most probably using it or distributing it. Open source offers a space where individuals and companies collaborate on shaping the next-generation standards for software tools and platforms, i.e., projects like Kubernetes. This is especially valuable for major software vendors such as VMware and that’s why it’s becoming more and more important to be present and active in the open source community in order to have a successful software business model.
Martin Vrachev: Open Source is a vital part of all commercial and experimental VMware products. Developers, on a daily basis, rely on open source libraries, frameworks and projects to solve complex development challenges and achieve high-security standards. As open source is a vital part of our products it’s important for us to understand what’s happening in this space, invest in it and help the open source projects grow, stabilize and innovate for everyone’s benefit.
Did you choose to join the open source team at VMware specifically? Do you prefer working on an open source project specifically vs. a commercial one?
Lubomir Ivanov: I joined the open source team at VMware after many years of contributing to various open source projects in my spare time. In the previous company I worked for, it was not permitted to contribute to OSS during work hours, while VMware offered me this opportunity. I prefer working on OSS because it gives me more freedom in terms of time management and the possibility to meet new people from different companies.
Ivana Atanasova: Yes, I heard about the team and this was the team I wanted to join. I value the principles open source is based on, the visibility it brings to one’s efforts, and the work quality required. I wanted to be part of a Research and Innovation team as well because this is a great opportunity to help new solutions evolve long before they become adopted and widely known.
Tzvetomir Stoyanov: I have been using Linux and a lot of open source tools for more than 20 years, but before joining VMware, I had no contribution to a specific open source project. I love the idea of combining my open source passion with my professional career, and that’s why I decided to join the VMware OSPO.
Diana Atanasova: I was using open source projects but was not contributing to them before I joined VMware. My work in the previous company was heavily dependent on an open source project in active development at that time, however, I was not allowed to contribute to it, meaning that any small fix I made and pushed only against our local branch would create a big technical debt in the near future.
At first, I was influenced by this policy but quickly realized that contributing to open source projects is not about giving away your knowledge and time for free. Instead, it offers an opportunity to strengthen the software you are heavily dependent on. And yes, other companies will benefit from my work. But so will I and the rest of VMware, too. My experience in VMware proved that participating in open and highly collaborative open source communities helps all players innovate faster, with higher quality, while still allowing them to keep their competitive advantages.
Radoslav Dimitrov: I’ve been working with different open source tools from the start of my career. One of the cloud-native projects I was already contributing to, OpenFaaS, was founded by a VMware employee. I was excited when I found out that his team had open positions for engineers. I applied for the team developing the open source project I was contributing to in my spare time. It’s been 4 years since then.
Martin Vrachev: I applied to the open source team at VMware specifically. I was inspired by the opportunity to work on real-world innovation with experts from around the world and create something that anyone could use. At this stage in my career, I prefer working on open source projects as I see the great benefit of working on new technologies and changing the projects, even the domain, once in a while. As a result, working on open source it’s exciting most of the time.
What is open source to you? Why is it important?
Lubomir Ivanov: OSS is collaborative innovation that can be better crafted than closed source.
Ivana Atanasova: Open source is a guide toward the future of technology.
Tzvetomir Stoyanov: It is a way of thinking. The same philosophy can apply to virtually every aspect of our life.
Diana Atanasova: Sharing knowledge – the best way for innovation in any field and the best present you could give to someone else.
Radoslav Dimitrov: The open canvas where the future of software is being shaped.
Martin Vrachev: Open source for me, is the illustration of the idea that none of us is smarter than all of us.
Open source software is important for technological advancements and cultural phenomena. Open source is where standards are created and where giant corporations can work with independent engineers and as such, create something that could be approved by a large group of people.
Tell us about an interesting problem you’re trying to solve right now.
Lubomir Ivanov: Migrating thousands of users from one container registry to another in a seamless way during the Kubernetes version upgrade.
Ivana Atanasova: With the current state of SBoM tooling and production, the desired transparency is not achieved yet, build time changes are not applied in the data, and package identity is not guaranteed in all cases. I’m working towards addressing that in several directions: spec and tool improvements, as well as around the ecosystem.
Tzvetomir Stoyanov: I am working on a new project that brings the Linux kernel tracing to Kubernetes. There are many interesting challenges and problems to resolve because these two areas are very different. A combination of both could be a very powerful approach to solving complex problems related to workloads running on a Kubernetes cluster.
Martin Vrachev: I am currently working on a new project in the experimental phase (RSTUF), so the problems I work on are mostly infrastructure and testing related. But as a whole, the infesting part is making sure that this project could scale.
How is your team organized? Do you get together often?
Lubomir Ivanov: Currently only I work on Kubernetes as part of the OSTC.
Tzvetomir Stoyanov: Our local VMware OSPO team is small and we often meet at the office. But working on an open source project means that you are part of a larger community, and collaboration with that community is essential to your work. That’s why attending open source conferences is very important, where you can meet, discuss and share new ideas with people that share the same passion and interests as you.
Ivana Atanasova: We’re several people in Bulgaria. With some colleagues, we frequently meet in the office, with others, we meet in zoom or for lunch. We have sub-teams focused on Supply chain, Observability, Machine learning and others, but we collaborate with all of them.
Diana Atanasova: Our team is currently divided into Supply Chain, Observability and ML sub-teams. Even though we do not work on the same projects, there are interconnections between our domains. So, we exchange knowledge, expertise and ideas. For example, Kubeflow is an ML toolkit based on Kubernetes. Lubomir is one of the main contributors to Kubernetes. On the other hand, Observability team is working on extracting trace data between containers and the kernet that can later be used to build ML model that detects abnormalities and can take immediate actions on our behalf. And of course, every software project is benefiting from SBOM. We try to get together from time to time, working from the office, having lunch or meeting in zoom or during a conference.
Radoslav Dimitrov: We are a remote team, but we like to get together with colleagues from the Bulgaria office a couple of times every month. It’s a nice balance between working at the office and working remotely.
Martin Vrachev: The Open Source Technology Center (OSTC) is the larger team I am a part of. There is one manager for the whole OSTC team. We gather together in the office once or twice a week.
I am also part of a smaller team called “Supply Chain,” and in this smaller team, we gather once per week. The colleagues and I working on RSTUF have an additional weekly meeting.
Who do you admire in the open source world and why?
Lubomir Ivanov: How people can communicate and collaborate around solving problems.
Tzvetomir Stoyanov: The creator of the Linux kernel. More than 30 years later, Linus still has been taking an active role in kernel development.
Ivana Atanasova: The open source hype is not a single-person-achievement or glory. It’s based on collective efforts and I admire everyone active in making key strategic projects stronger and better.
Radoslav Dimitrov: Everyone who is contributing in one way or another to an open source project.
To learn more about VMware and Open Source, visit our Open Source blog and follow us on Twitter (@VMWopensource).