- Assessing Readiness for Open Source and OSPO -
- Antipatterns -
🚫 OSPO Antipatterns
- Resources -
📚 Continue Here
Open source has become an integral part of modern organizations, offering a range of benefits, including lower costs, increased collaboration, and access to a vast pool of talent and resources. However, with the growing importance of open source, organizations need to be equipped to manage their open source operations effectively, in order to realize these benefits.
Creating an Open Source Program Office (OSPO) can accelerate a company’s or organization’s open source journey from mindset change to efficient policies and workflows. An OSPO is a dedicated team or department within an organization that is responsible for managing the organization’s open source operations, including the development, distribution, and use of open source software, and harmonizing and integrating these with product development. In this book, we will guide organizations through the process of creating and implementing an OSPO. The book provides:
- Practical advice and best practices on how to streamline open source operations
- Recommendations to ensure that organizations can maximize the benefits of open source while being good open source citizens.
The book is structured in a user-friendly and practical manner, with a focus on providing actionable advice and steps that organizations can take to create and implement an OSPO. The book will cover a range of topics, including:
- Understanding the value of OSPOs within organizations
- Learning how to be involved in open source program operations on a daily basis
- Gathering the ingredients for a minimum viable OSPO
- Best practices for creating and implementing an open source strategy
- A deep dive into OSPO responsibilities
- Measuring success and impact of your OSPO
Whether you’re just starting out on your open source journey, or are looking to streamline your existing operations, this book will provide you with the knowledge and tools you need to create and implement a successful Open Source Program Office.
In the following chapters, we will explore the key components of an OSPO, and provide practical guidance and best practices on how to create and implement an OSPO within your organization, regardless of your industry or sector. So let’s get started!
[WHAT] An Open Source Program Office (OSPO) is a center of expertise, either virtual or physical, whose people support, nurture, share, explain, and promote the growth of open source within an organization.
[WHO] OSPOs are composed of people (open source specialists) wearing different hats:
Open Source Enabler: OSPOs can help organizations navigate the cultural, process, and tool changes required to engage with the open source community effectively. This can involve educating teams/ units, establishing new processes and workflows, and adopting new tools and technologies.
Open Source Counselor: OSPOs can provide guidance and advice on the latest open source trends, licensing issues, and how to engage with open source projects, foundations, and communities. This can help organizations stay up-to-date with the rapidly changing open source landscape and ensure they are making informed decisions.
Open Source Advocate: OSPOs can promote the use and/or contribution of open source and best practices across different organizational units. This can help organizations realize the benefits of open source as well as engaging people to contribute to open source projects or start new ones.
Open Source Environmentalist: OSPOs can help organizations support and sustain open source projects in the long term by addressing issues such as security, maintenance, and project health. This can involve establishing policies and procedures for code review, security vulnerability management, and ongoing maintenance and support through funding and/or contributions. By doing so, OSPOs can help ensure that open source projects remain healthy and continue to benefit the wider community.
Open Source Gatekeeper: OSPOs can help to enforce OS policies and strengthen OS governance. This can help organizations to ensure compliance and mitigate OS security risks.
[HOW] The way the people behind an OSPO achieve this is by creating and maintaining a framework covering the following aspects: strategy, governance, compliance, and community engagement. The OSPO’s strategy focuses on aligning the organization’s open source goals with its overall organization objectives.
[WHY] An OSPO serves as a vital bridge between an organization and the open source community, helping to ensure that the organization is a good steward of open source software and can reap the benefits of open source adoption while minimizing risks.
The OSPO concept initially started within the corporate world about two decades ago, but adoption accelerated signficantly in the last decade. Most prominent technology infrastructure firms (e.g., Amazon, VMware, Cisco) and consumer technology companies (e.g., Apple, Google, Facebook) created OSPOs or formal open source programs. All are encouraging their employees to contribute to open source projects that are strategic to their business and security.
The term started becoming more mainstream and diverse in the last years, as more organizations from different sectors and regions included dedicated open source roles in their organization to manage open source operations and strategy. Nowadays, we can find OSPOs being formed in different regions (APAC, EMEA, AMER) and entities, such as Governments, Enterprises, NGOs, Universities and more.
Important Considerations in Defining an Open Source Program Office (OSPO): OSPOs vary in Sector, Region, and Organizational Size; May Exclude the Term ‘Program’ to become ‘Open Source Office’; and No Two OSPOs are Alike.
The purpose of this section is to first identify the strengths, weaknesses, and opportunities for improvement within the organization, and to help determine if an OSPO is the right solution for the organization’s needs based on their existing open source engagement level, culture and understanding.
Where do Open Source and OSPO converge?
In the past, collaborative open source software development was primarily adopted by small groups of developers and enthusiasts, and there was little need for dedicated organizational units to manage open source activities. However, as this method has become more prevalent and critical to the operation of many organizations, the need for dedicated OSPOs has become more apparent.
Understand existing and desired open source adoption
Once an organization has assessed the level of open source used, contributed, or produced in the organization and why establishing an OSPO can help an organization manage the risks and opportunities of what open source, open works and collaboration brings, and ensure that its open source activities are effectively managed and aligned with the organization’s strategic goals and objectives.
While this is a book about Open Source Programs Offices (OSPOs), it is important to note that establishing an OSPO might not the starting point for open source operations. Before establishing an OSPO (and keep reading the content of the book), companies and organizations need to assess their current goals and relationship with using and collaborating to open source software projects.
Below, people will find a checklist to assess and better understand their possible current stage and potential next steps.
Assessing open source adoption is critical because it sets the foundation for successful open source operations. Without proper understanding and adoption of open source, an OSPO may not be effective in achieving the desired outcomes.
☑️ Open Source Software (or open works) Usage: Evaluate the level of open source software usage within your organization. Are there any specific open source projects that are widely used? Are there any projects that are critical to the organization’s operations?
☑️ Knowledge and Understanding of Open Source: Evaluate the level of knowledge and understanding of open source within your organization. Are the different actors that will be or are currently involved in open source familiar with open source licensing models and requirements? Do they understand the benefits and risks of using open source software?
☑️ Culture: Evaluate the culture within your organization to determine if it is conducive to open source operations. Is there a culture of collaboration and sharing? Are the different actors that will be or are currently involved in open source willing to contribute to open source projects?
☑️ Tools and Processes: Evaluate the tools and processes in place to support open source operations. Are there any existing tools or processes that can be leveraged for open source operations? Are there any gaps in tools or processes that need to be addressed?
☑️ Addressing Gaps: Determine if there are any gaps in open source adoption or readiness and develop a plan to address them. This may include training those actors that will be or are currently involved in open source on open source software usage and licensing, developing new tools and processes to support open source operations, or establishing an OSPO to coordinate open source activities.
☑️ Overall, gather input from stakeholders on these areas by asking the following questions
- How would you define ‘open source’?
- What does ‘open source’ mean for you and your organization?
- How much open-source software is already being used in the organization?
- How would you define the ‘open source culture’ within your organization?
- What are the organization’s goals and objectives for using open source?
- How is open source software currently being used (usage) within the organization?
- How is open source software currently being created (contribution) within the organization?
- If any, what are the current policies and procedures for managing open source software within the organization?
- What are the key legal and compliance considerations for using open source software within the organization?
- What are the motivations for implementing an OSPO within the organization?
- What are the challenges of implementing an OSPO within the organization?
- What resources and support will be needed to successfully implement an OSPO within the organization?
Understand knowledge sharing through the eyes of an OSPO
RE ML discussion: https://lists.todogroup.org/g/ospo-book-project/message/5
If the organization decides to establish an OSPO (as an entity) or integrate OSPO roles, it is crucial to assess the transmission of knowledge to different internal and external open source players that have a direct or indirect impact on the OSPO. This section examines the OSPO from four different perspectives:
Looking downward: as the head of an OSPO, managing the team’s tasks is a fundamental responsibility. Depending on the OSPO’s objectives, the team’s responsibilities may vary, but effective management is essential.
Looking upward: if proposing the creation of an OSPO, managing expectations and aligning with executives' technology needs is necessary.
Looking sideways: collaboration with other teams is critical. For instance, in business-oriented OSPOs, collaborating with the dev tools and security teams is necessary.
Looking outside: representing the organization to external communities and foundations is crucial. The integration strategy must align with the organization’s objectives and vision.
As an example, the following diagram illustrates the various players in a business-oriented OSPO and the different methods of interaction, communication, and knowledge transmission.
In Chapters 3 and 6, we will delve deeper into how an OSPO can effectively address knowledge transmission across various open source players and highlight some best practices utilized by different organizations.
🚫 OSPO Antipatterns
While Open Source Program Offices (OSPOs) can provide significant benefits for organizations, there are also bad practices that organizations should avoid if they don’t want to lead to negative consequences for both the organization and the open source ecosystem. Here is a set of examples that illustrates what an OSPO is not about, and how to avoid common pitfalls:
Establishing an OSPO without proper alignment with organizational goals: An OSPO should not be established just because it is a trend or because other organizations have them. Without proper alignment, an OSPO can become a waste of time, resources, and money.
Viewing an OSPO as a separate silo within the organization: It should be integrated into the organization’s existing structure and collaborate with other teams to achieve common goals.
Viewing an OSPO as a legal or compliance function only: Instead, it should be recognized as a strategic entity within the organization that contributes to the organization’s overall goals and objectives while keeping in mind the value and rights of the open source community.
Viewing an OSPO as a one-size-fits-all solution: It’s important to evaluate the benefits and costs of establishing an OSPO and determine if it’s the right fit for your organization’s goals and objectives.
📚 Continue Here
Additional resources useful to continue evaluating open source usage, contribution, creation, and leadership: [provide a set of resources]