Open source software is everywhere, in every sector, with 99% of software projects containing an open source component. In fact, more than 95% of companies in India have adopted open source in at least one business function. The reason for this proliferation is simple: open source is an enabler of innovation, it increases collaboration, enhances security, optimizes software reliability, and improves the overall quality of digital services. Yet all too often there is a misconception that open source should be confined to personal projects, not the development of secure enterprise-grade software. Open source is critical to Indian businesses and our community; it continues to power successful enterprises and startups and is positively impacting the future of technology and our society as a whole.
However, we have seen organizations struggle with a real open source strategy.
- Many enterprises want to consume/contribute to open source but they are not sure where to start or how to create processes/guidelines around this.
- Developers within organizations do not have clarity about where/how they can contribute.
- As open source consumption increases, the need to collect data around usage increases. There is a need to consolidate this data so that an organization can have a holistic view of its open source strategy.
I believe now is the time for enterprises (and scaled startups) to consider the benefits of an Open Source Program Office (OSPO) that oversees open source work across the organization.
An OSPO is designed to be the center of competency for an organization’s open source operations and structure. This can include setting code use, distribution, selection, auditing and other policies, as well as training developers, ensuring legal compliance and promoting and building community engagement that benefits the organization strategically.
There is no broad template for building an open source program that applies across all industries, or even across all companies in a single industry. However, we can categorize the functions of a typical OSPO into three categories: Legal Risk Mitigation, Improving Engineers’ Practices and Enabling Financial Benefits.
Legal Risk Mitigation: Often, the first concern companies have is related to legal compliance. OSPOs often oversee aspects of a company’s open source license compliance process. Companies that distribute software are typically most concerned with this and initiate their OSPO around the abatement of legal risk. The responsibilities of a program office in this area include:
- Maintaining open source license compliance reviews and oversight
- Running a review process for inbound code use
- Ensuring that the company contributes back to open source projects effectively
Improving Engineers’ Practices: OSPOs also improve engineering capabilities by providing guidance and policies about code management in an open source (and blended source) environment. Companies with many software engineers focus their OSPO on engineering policies and practices. The responsibilities of a program office in this area include:
- Clearly communicating the open source strategy within and outside the company
- Fostering an open source culture within an organization
- Ensuring high-quality and frequent releases of code to open source communities
Enabling Financial Benefits: Some companies focus on the financial implications of open source and leverage their OSPO to help drive a strategy around the use of commercial vs. open source vendors. Whereas some tech companies use their OSPO (and open source projects) to drive customers to commercial products. The responsibilities of a program office in this area include:
- Owning and overseeing the execution of the strategy
- Facilitating the effective use of open source in commercial products and services
- Engaging with developer communities to encourage adoption of strategic open source projects
Each open source program office is custom-configured based on its particular business, products, and goals.
With the exponential growth of the Indian tech industry and enterprises’ adoption of software, now is the time to consider setting up an OSPO, so open source can be leveraged more strategically. This would also help developers contribute back to the burgeoning open source ecosystem in India. With 8M developers from India on GitHub and many of them active in OSS contributions, OSPO becomes a critical need of the hour.
Do remember – you don’t need huge investments to get started. Just having an empowered person in your organization to kick things off is as good a start as any. You’ll be amazed with what your organization will be able to achieve.
I’ve shared resources below to help organizations get started with an OSPO model that suits their needs – especially what could be an appropriate organization structure for the OSPO team.
Resources
- The Evolution of the Open Source Program Office (OSPO): This report describes the evolution of OSPO and talks about the 5-stage maturity model. It also includes multiple case studies and an OSPO checklist
- OSPO 101 training modules – Complete training course material on open source program office management. A link to a full fledged training course from Linux Foundation is available here
- OSPO Guides – Open Source Guides are developed by the TODO Group in collaboration with The Linux Foundation and the larger open source community
- Building an Open Source Program office by Dr. Ibrahim Haddad of the Linux Foundation
- How an OSPO Can Help Your Engineers Give Back to Open Source
Maneesh Sharma 
Leave a Reply