Explore the approaches taken by the Python Foundation and Rust Foundation in developing security initiatives and engaging their communities in this 23-minute conference talk. Learn about the challenges faced when integrating a top-down security approach with the bottom-up open source development model. Discover the three key actions crucial to their strategies: building consensus, maintaining transparent communications, and responding to pushback. Gain insights into the future of security work in Secure Open Source Software (SOSS), including the importance of sustained investment, community buy-in, and cross-ecosystem collaboration.