Skip to content

Latest commit

 

History

History
133 lines (88 loc) · 11.8 KB

README.md

File metadata and controls

133 lines (88 loc) · 11.8 KB

Static Badge License: CC BY SA 4.0 GH Discussions

Open Source Program Office (OSPO) Definition and Guide

Open source is intertwined in the development of modern technologies and serves as the foundation of the vast majority of codebases across all industry sectors and technology areas, such as Artificial Inteligence and Machine Learning or Cybersecurity.

Nearly all organizations depend on technology created by the open source community

OSPO Definition

The pronunciation of OSPO would typically be said together as [ah -spoh]

[WHAT] An open source program office (OSPO) serves as the center of competency for an organization's open source operations and structure. It is responsible for defining and implementing strategies and policies to guide these efforts. This can include setting policies around code use, distribution, selection, auditing, contributing, and other key areas; providing education and training to people (inside and outside the organization) involved in open source activities; supporting an organization's efficiency in developing software through encouraging sustainable usage of existing open source components and, where appropriate, contributing enhancements back to these project; when needed, guiding teams with open sourcing their software; ensuring engineering effectiveness; ensuring legal compliance; and promoting and building community engagement. InnerSource is a close sibling of open source and often collaborates with or is part of the OSPO.

[WHY] To the outside, an OSPO serves as a vital bridge between an organization and the open source community, helping to ensure that the organization is a good steward of open source software and can reap the benefits of open source adoption while minimizing risks. To the inside, an OSPO serves as a central interface for open source related activities across the organization and to bring together the required expertise from different perspectives, such as a legal, economical, technical, or community perspective.

[WHO] OSPOs are composed of people (open source specialists) wearing different hats:

  • Open Source Enabler: OSPOs can help organizations navigate the cultural, process, and tool changes required to engage with the open source community effectively. This can involve educating teams/units, establishing new processes and workflows, and adopting new tools and technologies.

  • Open Source Counselor: OSPOs can provide guidance and advice on the latest open source trends, licensing trends, and how to engage with open source projects, foundations, and communities. This can help organizations stay up-to-date with the rapidly changing open source landscape and ensure they are making informed decisions.

  • Open Source Advocate: OSPOs can promote the use and/or contribution of open source and best practices across different organizational units. This can help organizations realize the benefits of open source as well as engaging people to contribute to open source projects or start new ones.

  • Open Source Environmentalist: OSPOs can help organizations support and sustain open source projects in the long term by addressing issues such as security, maintenance, and project health. This can involve establishing policies and procedures for code review, security vulnerability management, and ongoing maintenance and support through funding and/or contributions. By doing so, OSPOs can help ensure that open source projects remain healthy and continue to benefit the wider community.

[HOW] The way the people behind an OSPO achieve this is by creating and maintaining a framework covering the following aspects: strategy, governance, compliance, and community engagement. The OSPO's strategy focuses on aligning the organization's open source goals with its overall organization objectives and works with all lines of organization units/groups

OSPOs can be formed in various sectors, regions, and organizational sizes including private and public organizations such as academics, NGOs, foundations, governments, and public administrations, as well as small, medium, and large companies. It's also important that there are many different names for an OSPO-like structure within an organization. The naming and concrete organizational form will strongly depend on the the practices of each organization. Organizing it as a "Program" or an "Office" is only one way to implement a structure which serves the purpose of an OSPO.

Basic Segmentation (Beta Version)

There is no broad template for building an open source program that applies across all industries, or even across all companies in a single industry. However we can categorize the functions of an OSPO into different categories, depending on the nature of the organization and its motivators.

Please note that these categories do not necessarily need to be seen as silos. For instance, Gov- and NonGov-Oriented categories listed below could also be mixed with educational-oriented or have certain business-oriented motivations. The same happens with business-orientedcategory, that can provide training including educational-oriented goals.

  • 📈 Business-Oriented: OSPOs established within for-profit organizations, such as enterprises, that are primarily focused on creating business value through the use of open source software.

    • Drivers of Motivation: Innovation / Efficiency / Risk Management / Legal Compliance / Talent Retention
  • 🎓 Educational-Oriented: OSPOs established by educational institutions, such as universities or schools, that are focused on using open source software to support teaching, research and learning activities.

    • Drivers of Motivation: Curriculum development / Student Engagement / Knowledge Sharing
  • 👩‍🏫 Business-Educational: OSPOs established within for-profit organizations that provide training and certification and are likely to collaborate with educational-oriented types.

    • Drivers of Motivation: hybrid between 📈 Business-Orientedand 🎓 Educational-Oriented
  • 🏛 Social-Gov-Oriented: OSPOs established within a government or public administrators that are focused on using open source software to achieve social or public policy objectives (e.g serving citizens).

    • Drivers of Motivation: Interoperability / Open Data / Accessibility / Inclusion / Privacy / Security / Transparency
  • 🌳 Social-NonGov-Oriented: OSPOs established within non-governmental organizations (NGOs) or foundations that are dedicated to using open source software to create positive social change.

    • Drivers of Motivation: Innovation / Interoperability / Social Justice / Disaster Relief / Humanitarian Aid / Environmental Protection / Sustainable Development

Drivers of motivation

In this context, motivation is the driving force that fuels the entity to achieve its goals and reach its full potential. Based on the categories defined above, we can list some of the functions of an OSPO based on these motivators.

Business-Oriented Segment

Risk Mitigation, Improving Engineers’ Practices and Enabling Financial Benefits. (A mnemonic: Fear, Love and Money)

Legal Risk Mitigation: Often, the first concern companies have is related to legal compliance. OSPOs often oversee aspects of a company’s open source license compliance process. Companies that distribute software are typically most concerned with this and initiate their OSPO around the abatement of legal risk. The responsibilities of a program office in this area includes:

  • Maintaining open source license compliance reviews and oversight
  • Running a review process for inbound code use
  • Ensuring that the company contributes back to open source projects effectively

Improving Engineers’ Practices: OSPOs also improve engineering capabilities by providing guidance and policies about code management in an open source (and blended source) environment. Companies with many software engineers focus their OSPO on engineering policies and practices. The responsibilities of a program office in this area includes:

  • Clearly communicating the open source strategy within and outside the company
  • Fostering an open source culture within an organization
  • Ensuring high-quality and frequent releases of code to open source communities

Enabling Financial Benefits: Some companies focus on the financial implications of open source and leverage their OSPO to help drive a strategy around the use of commercial vs. open source vendors. Whereas some tech companies use their OSPO (and open source projects) to drive customers to commercial products. The responsibilities of a program office in this area includes:

  • Owning and overseeing the execution of the strategy
  • Facilitating the effective use of open source in commercial products and services
  • Engaging with developer communities to encourage adoption of strategic open source projects.

Each open source program office is custom-configured based on its particular business, products, and goals.


OSPO Landscape

Organizations that have an OSPO or hires open source specialists to manage open source operations and structure: https://landscape.todogroup.org/

OSPO Guides

OSPO 101

OSPO 101 is a modular course on everything you need to know about open source program office management: https://github.com/todogroup/ospo101

OSPO Examples

Explore other OSPOs via the OSPO Landscape: https://landscape.todogroup.org/