SAP has established an open source program office to further its open source activities and expand its engagement with the open source communities.

SAP has been working with open source for decades and has now established an open source program office (OSPO) to further formalize the coordination of its open source activities and expand its engagement with the open source communities. “SAP was one of the first industry players to formally define processes for open source consumption and contribution,” says Peter Giese, director of the Open Source Program Office.

Even so, many people do not yet consider SAP to be a company that embraces open source engagement and contributions.

“In the past, we may not have been active enough in sharing our open source activities,” says Giese.

Now, SAP is shining a spotlight on its work in open source. Transparency is an essential part of the new open source mandate, beginning with an explanation of what the company has been up to and where it is headed with open source.

How SAP came to adopt open source

“In 1998, SAP started to port the R/3 system, our market-leading ERP system, to Linux,” says Giese. “That was an important milestone for establishing Linux in the enterprise software market.”

Porting a system to Linux was just a first step, and a successful one. The action spurred an internal discussion and exploration of how and where to adopt Linux going forward.

“We came to the conclusion that Linux would become a major force,” Giese says. “Today that’s obvious, but at the time it was not as obvious to everybody. That’s when we started our endeavors into open source.”

In 2001, SAP formally defined and internally documented its process for open source consumption, and the company committed to using inbound open source projects to build SAP products. There were lots of details to attend to, such as open source licensing, security, and export control restrictions.

By 2004, SAP already had information on the specifications exchange with other companies and was one of the founding members of the Eclipse Foundation. From then onwards, SAP developers actively contributed to several Eclipse projects, including JGit, EGit, Mat, Tycho and Che.

However, it wasn’t until 2008 that SAP started to actively promote open source contributions from SAP employees on a company-wide basis. That was also the year when the company rolled out its outbound open source process. “We had a set of guidelines and rules for what SAP teams had to do in order to share their work with the open source community,” explains Giese.

In 2010, SAP integrated open source tools further into its development processes. “We moved to a higher level of compliance by introducing systematic open source code scanning as part of our standard development processes,” says Giese. “That means we started to systematically scan open source code for license compliance and security issues.”

In 2014, SAP shared with the open source community a tool called CLA assistant which was developed for managing open source contributor license agreements.

Even though these activities and projects were very successful, there was a growing need for more central coordination of SAP’s open source activities.

“We had several teams that took care of specific aspects of open source, such as security scanning, license scanning, and building our own open source tooling. But there was no dedicated function or role with the overall responsibility for everything open source at SAP,” says Giese. “That has changed now, and SAP’s chief technology officer is responsible for open source at SAP.”

SAP and open source today

The new central Open Source Program Office was established in early 2018.

“We wanted to be more active and visible in our interactions with our outside customers and partners, and with open source foundations and other open source communities,” says Giese. “That’s why we also joined the TODO Group last year to share experiences, jointly develop best practices, and work on common tooling.”

Giese points out that the company’s investments and contributions to open source are substantial, yet they still come as a surprise to many people.

“For example, in February 2018, Fil Maj from Adobe published a worldwide ranking of companies, with their total number of their employees actively contributing to open source projects on GitHub, and SAP ranked at number seven”, says Giese. “There are, of course, different ways to create such statistics, but it gives you an idea of SAP’s role as a contributor. Maybe we’re one of open source’s best kept secrets.”

SAP prefers not to be a secret any longer and is stepping up its open source game in more visible ways. “We’re going to participate in more of the open source community conferences, such as Open Source Summit, OSCON, FOSDEM, EclipseCon, KubeCon, and so on” says Giese. SAP’s climb to higher visibility is a sign of its continued commitment to excellence in open source, and the company aims to form more partnerships and spur accelerated innovations.

One recent example of SAP’s innovative open source projects is Gardener, a solution for Kubernetes clusters as a service, as listed in the CNCF Cloud Native Landscape. It enables the management of a large number of Kubernetes clusters and the reuse of Kubernetes primitives in its core architecture.

Another newly open-sourced SAP project is Kyma, a flexible and easy way to connect and extend enterprise applications in a cloud native world.

SAP is actively encouraging companies and other developers to codevelop and cooperate on projects such as Gardener and Kyma.

“This type of co-innovation, for me, is the most compelling aspect about the whole open source movement,” says Giese.

Learn more about prominent SAP projects on their open source page.

How SAP’s open source office works

SAP formed its Open Source Program Office as a virtual team consisting of several teams from different board areas.

“We are working in scrum mode, which is a software development methodology. It has advantages in driving an open source program office,” says Michael Picht, chief development architect in OSPO. “You work in sprints in scrum, and this means you’re forced to break down your tasks into smaller pieces.”

“The scrum methodology propagates cross-functional teams, and that’s what our OSPO is. We have colleagues from across the company in there. Scrum facilitates the work in such a setup. It sounds strange to some people when they hear we work in scrum mode, but in our case, it is working quite well.”

Picht says that “breaking large jobs down into smaller chunks and working in four-week sprints makes challenging and long-running tasks easier to master. It does require some training, however, to make sure all team members are comfortable with the method.”

The office’s mission is to nurture and support the open source approach to software development – inside and outside SAP. Consequently, for employees who want to contribute to open source projects in their spare time outside of the company context, SAP has simplified the clearance process dramatically. “We have provided a few simple rules and as long as you adhere to these you can directly start to work on open source projects in your spare time,” says Giese.

The company is also redesigning its corporate open source contribution process to make it even more efficient. The goal is to shift from policing developers to enabling them through simpler forms, automation of process steps, and support team services.

For the open source community, to advance open source best practices and tooling, SAP recently contributed it’s open source vulnerability assessment tool, which supports any software development organization in assessing security vulnerabilities of open-source components in their application development.

SAP’s open source program office will continue to look for ways to speed up and improve processes, and to support developers, partners, and open source communities.

“This will never end, this will always go on, so we always want to find new ways to improve open source processes and tools further,” says Picht.


We would like to thank Peter Giese, director of SAP’s Open Source Program Office and Michael Picht, chief development architect, for their time in contributions to this case study. We would also like to thank Pam Baker for taking the time to conduct interviews at the Open Source Program Office.

SAP is an active member of the Linux Foundation and LF projects including Cloud Foundry Foundation, Cloud Native Computing Foundation (CNCF), Hyperledger, ODPi, OpenAPI Initiative, and TODO Group.

The Linux Foundation offers an abundance of resources to help you achieve success with open source.

At organizations everywhere, managing the use of open source software well requires the participation of business executives, the legal team, software architecture, software development and maintenance staff and product managers. One of the most significant challenges is integrating all of these functions with their very different points of view into a coherent and efficient set of practices.

More than ever, it makes sense to investigate the many free and inexpensive resources for open source management that are available, and observe the practices of professional open source offices that have been launched within companies ranging from Microsoft to Oath to Red Hat.


The Linux Foundation’s Fundamentals of Professional Open Source Management (LFC210) course is a good place to start. The course is explicitly designed to help individuals in disparate organizational roles understand the best practices for success.

The course is organized around the key phases of developing a professional open source management program:

  • Open Source Software and Open Source Management Basics
  • Open Source Management Strategy
  • Open Source Policy
  • Open Source Processes
  • Open Source Management Program Implementation

Best Practices

The Linux Foundation also offers a free ebook on open source management: Enterprise Open Source: A Practical Introduction. The 45-page ebook can teach you how to accelerate your company’s open source efforts, based on the experience of hundreds of companies spanning more than two decades of professional enterprise open source management. The ebook covers:

  • Why use open source
  • Various open source business models
  • How to develop your own open source strategy
  • Important open source workflow practices
  • Tools and integration

Official open source programs play an increasingly significant role in how DevOps and open source best practices are adopted by organizations, according to a survey conducted by The New Stack and The Linux Foundation (via the TODO Group). More than half of respondents to the survey (53 percent) across many industries said their organization has an open source software program or has plans to establish one.

More than anything, open source programs are responsible for fostering open source culture,” the survey’s authors have reported. “By creating an open source culture, companies with open source programs see the benefits we’ve previously reported, including increased speed and agility in the development cycle, better license compliance and more awareness of which open source projects a company’s products depend on.”

Free Guides

How can your organization professionally create and manage a successful open source program, with proper policies and a strong organizational structure? The Linux Foundation offers a complete guide to the process, available here for free. The guide covers an array of topics for open source offices including: roles and responsibilities, corporate structures, elements of an open source management program, how to choose and hire an open source program manager, and more.

The free guide also features contributions from open source leaders. “The open source program office is an essential part of any modern company with a reasonably ambitious plan to influence various sectors of software ecosystems,” notes John Mark Walker, Founder of the Open Source Entrepreneur Network (OSEN) in the guide. “If a company wants to increase its influence, clarify its open source messaging, maximize the clout of its projects, or increase the efficiency of its product development, a multifaceted approach to open source programs is essential.”  

Interested in even more on professional open source management? Don’t miss The Linux Foundation’s other free guides, which delve into tools for open source management, how to measure the success of an open source program, and much more.

Cloud Foundry

Multi-platform means enterprises would want a variety of platforms for a variety of application workloads, says Cloud Foundry’s Abby Kearns.

2018 has been an amazing year for Cloud Foundry, with Alibaba joining as a Gold member, and Pivotal going public with its IPO, among some of the highlights. I recently talked with Abby Kearns, Executive Director of Cloud Foundry Foundation, to reflect on these milestones and more.

Kearns has been part of the Cloud Foundry ecosystem for the past five years and, under her leadership, Cloud Foundry has grown and evolved and found its way into half of the Fortune 500 companies, with those numbers increasing daily.

All of the major public cloud vendors want to be part of the ecosystem. “This year, we saw Alibaba join as a Gold member, and Cloud Foundry is now natively available on Alibaba Cloud,” said Kearns.

In 2017, Cloud Foundry embraced Kubernetes, the hottest open source project, and created CFCR (Cloud Foundry Container Runtime). “Kubernetes is a great technology that brings tons of capabilities to containers, which are the fundamental building blocks for a lot of portability for cloud native apps,” Kearns said.

“CFCR, which is Kubernetes on BOSH, allows enterprises to start running containerized workloads alongside Cloud Foundry deployments. … They now have a single plane of operations, which allows them to have a variety of applications,” she explained.

However, Kearns sees that the market is evolving beyond just multi-cloud. “We are entering into a multi-platform world where enterprises are going to be running a variety of technologies and solutions to address the variety of workload needs with their applications,” said Kearns.

When asked what she meant by multi-platform in the context of cloud, Kearns explained, “Multi-platform means that enterprises would want a variety of platforms for a variety of application workloads. There’s never going to be one technology that solves everything. It’s not going to be Cloud Foundry or Kubernetes; it’s going to be a mix. At the end of the day, enterprises are broad and complex. They have evolving needs. They want a mix of technologies that complement each other.”

However, multi-platform brings its own set of challenges. “Technology is the easy part, my big worry is people getting caught up in the hype of something new and then they want to have it. Then they want to have the next shiny thing,” she said.

When you get caught up in that hype cycle, you lose focus on what you need to do. Enterprises need to be aware of this and must ask themselves what do their business need to do? What are the outcomes they expect? How do they leverage technology to achieve that?

“I think taking a step back and asking ourselves what are we really trying to solve,” she said. “I think just for me, sometimes it is — take a breath, pause and think, okay, where, where are we going and why?”

Hear more from Abby Kearns in the video below:

Learn how to align your goals for managing and creating open source software with your organization’s business objectives using the tips and proven practices from the TODO Group.

The majority of companies using open source understand its business value, but they may lack the tools to strategically implement an open source program and reap the full rewards. According to a recent survey from The New Stack, “the top three benefits of open source programs are 1) increased awareness of open source, 2) more speed and agility in the development cycle, and 3) better license compliance.”

Running an open source program office involves creating a strategy to help you define and implement your approach as well as measure your progress. The Open Source Guides to the Enterprise, developed by The Linux Foundation in partnership with the TODO Group, offer open source expertise based on years of experience and practice.

The most recent guide, Setting an Open Source Strategy, details the essential steps in creating a strategy and setting you on the path to success. According to the guide, “your open source strategy connects the plans for managing, participating in, and creating open source software with the business objectives that the plans serve. This can open up many opportunities and catalyze innovation.” The guide covers the following topics:

  1. Why create a strategy?
  2. Your strategy document
  3. Approaches to strategy
  4. Key considerations
  5. Other components
  6. Determine ROI
  7. Where to invest

The critical first step here is creating and documenting your open source strategy, which will “help you maximize the benefits your organization gets from open source.” At the same time, your detailed strategy can help you avoid difficulties that may arise from mistakes such as choosing the wrong license or improperly maintaining code. According to the guide, this document can also:

  • Get leaders excited and involved
  • Help obtain buy-in within the company
  • Facilitate decision-making in diffuse, multi-departmental organizations
  • Help build a healthy community
  • Explain your company’s approach to open source and support of its use
  • Clarify where your company invests in community-driven, external R&D and where your company will focus on its value added differentiation

“At Salesforce, we have internal documents that we circulate to our engineering team, providing strategic guidance and encouragement around open source. These encourage the creation and use of open source, letting them know in no uncertain terms that the strategic leaders at the company are fully behind it. Additionally, if there are certain kinds of licenses we don’t want engineers using, or other open source guidelines for them, our internal documents need to be explicit,” said Ian Varley, Software Architect at Salesforce and contributor to the guide.

Open source programs help promote an enterprise culture that can make companies more productive, and, according to the guide, a strong strategy document can “help your team understand the business objectives behind your open source program, ensure better decision-making, and minimize risks.”  

Learn how to align your goals for managing and creating open source software with your organization’s business objectives using the tips and proven practices in the new guide to Setting an Open Source Strategy. And, check out all 12 Open Source Guides for the Enterprise for more information on achieving success with open source.

Watch the keynotes LIVE next week at Open Source Summit & ELC + OpenIoT Summit Europe.

Open Source Summit & ELC + OpenIoT Summit Europe is taking place in Edinburgh, UK next week, October 22-24, 2018. Can’t make it? You’ll be missed, but you don’t have to miss out on the action. Tune into the free livestream to catch all of the keynotes live from your desktop, tablet or phone! Sign up now >>

Hear from the leading technologists in open source! Get an inside scoop on:

  • An update on the Linux Kernel
  • Diversity & inclusion to fuel open source growth
  • How open source is changing banking
  • How to build an open source culture within organizations
  • Human rights & scientific collaboration
  • The future of AI and Deep Learning
  • The future of energy with open source
  • The parallels between open source & video games

Live video streaming of the keynote sessions from Open Source Summit & ELC + OpenIoT Summit Europe will take place during the following times:

Monday, October 22

9:00 – 10:20 (BST)

Watch keynotes from Open Invention Network, LF Energy, Intel,, and The Linux Foundation.

Tuesday, October 23

9:00 – 10:20 (BST)

Watch keynotes from Vibrant Data, Microsoft, IBM, and Human Rights Data Analysis Group.

Wednesday, October 24

9:00 – 10:00 (BST)

Watch keynotes from Max Planck Institute for Gravitational Physics, IBM, and Mifos Initiative.

View the full keynote schedule >>

Sign up for free live stream now >>

Register now to save $150 for Open Source Summit EU in Edinburgh.

You have TWO days left to save $150 on your ticket to Open Source Summit Europe & ELC + OpenIoT Summit Europe.

Grab your ticket and build your schedule today! Choose from 300+ sessions, deep-dive labs, and tutorials; discover new projects & technologies in the Technical Showcase, and make new connections at the Attendee Reception, and in the Speed Networking & Mentoring Event, Developer Lounges, and Hallway Tracks.

Register now, and join 2,000+ open source professionals to collaborate, share information, and learn about cutting-edge open source technologies.

The discount ends Saturday, September 22.

Sign up to receive updates on Open Source Summit Europe: 


Registration includes access to Open Source Summit Europe and ELC + OpenIoT Summit Europe!

The Linux Foundation’s Jim Zemlin welcomes attendees to Open Source Summit in Vancouver.

The Linux Foundation’s job is to create engines of innovation and enable the gears of those engines to spin faster, said Executive Director Jim Zemlin, in opening remarks at Open Source Summit in Vancouver.

Examples of how the organization is driving innovation across industries can be seen in projects such as Let’s Encrypt, a free, automated certificate authority working to encrypt the entire web, Automotive Grade Linux, Hyperledger, and the new Academy Software Foundation, which is focused on open collaboration within the motion picture industry.

This is open source beyond Linux and, according to Zemlin, is indicative of one of the best years and most robust periods at The Linux Foundation itself. So far in 2018, the organization has added a new member every single day, with Cloud Native Computing Foundation (CNCF), one of The Linux Foundation’s fastest growing projects, announcing 38 new members this week.

Successful projects depend on members, developers, standards, and infrastructure to develop products that the market will adopt, said Zemlin, and The Linux Foundation facilitates this success in many ways. It works downstream helping industry, government, and academia understand how to consume and contribute to open source. At the same time, it works upstream to foster development and adoption of open source solutions, showing industries how to create value and generate reinvestment.

During his keynote, Zemlin spoke with Sarah Novotny, Open Source Strategy Lead at Google Cloud, about Google’s support of open source development. In the talk, Novotny announced that Google Cloud is transferring ownership and management of the Kubernetes project’s cloud resources to CNCF community contributors and is additionally granting $9 million over three years to CNCF to cover infrastructure costs associated with Kubernetes development and distribution. Novotny, who noted that the project is actively seeking new contributors, said this commitment will provide the opportunity for more people to get involved.

In the words of Zemlin, let’s go solve big problems, one person, one project, one industry at a time.

Transparency, openness and collaboration will never go out of fashion, says HackerOne’s Mårten Mickos.

Mårten Mickos has been around the open source world for a long time. He has seen the early days when open source was not taken very seriously, but now he is heading HackerOne, a company that’s building a massive community of white hat hackers to help companies create secure systems. Security and open source might seem like different worlds, but Mickos sees strong influences from one to the other.

Mårten Mickos, CEO of HackerOne

Today, open source has become the de facto software development model, but it has not always been that way.  “In 2001, when I joined my MySQL as its CEO, people didn’t believe in open source. It looked cute, like a toy. We looked like a small startup. They didn’t have the courage to follow us, but slowly and surely it started growing,” said Mickos.

Now the question is not who is using open source but who is not using it. 

Open source impact

Many people may see the benefits of open source from a technological perspective, but open source has had a deeper impact on people, culture, and our society.

“One of the greatest benefits of open source is that it has created a model where smart people who disagree with each other can collaborate with each other. It’s easy to collaborate if we agree, but open source enables collaboration even when people disagree,” Mickos said. “That is the true beauty of this model.”

A common myth about open source is that it survives out of altruism and selfless work by some community members. It might have been true in the beginning, but it’s not true anymore. “It’s not dependent on any charity. It’s not dependent on altruism. It’s not dependent on friendship. It’s not dependent on being kind. I mean, hopefully we are kind and friends, but it’s not dependent on it,” said Mickos, “It’s so smartly built that even as we are yelling and screaming at each other, we can still get work done.”

Open source is powerful but that doesn’t mean it will survive without effort. Like any other component of our civilization, it takes work. “We have to educate everybody, like any civilization needs to keep educating the population on what’s important. You educate them about history, language, mathematics, and other things. We have to do that and the new generation will completely get it,” he said.

Open source and security

Open source is known for being more secure than proprietary technology, but there is no magic there either. Just openness and hard work. “It’s more secure than closed source because you are developing it in the open. Your code is subject to the scrutiny of everybody, and I think it has been scientifically shown to be correct,” he said.

Another factor that contributes to the security of open source is the fact that the community is not afraid of talking about its problems. “It also means we know about all the problems in open source. You might think there are a lot of problems, a lot of serious problems, but as a percentage of the total number of lines of code, I would argue that open source is much more secure than closed source because when there is a vulnerability or a weakness in open source software, everybody will know about it. On the contrary, if there is something like that in closed source, it is kept secret and not fixed,” he said.

Mickos thinks the security industry can learn something from open source. “It can learn how to better collaborate on vital initiatives,” he said.


Today, our world is powered by open source. New technologies are arriving and new business models are evolving, yet, proprietary software will persist.

When asked if our future will be powered by open source, Mickos replied, “Transparency, openness and collaboration will never go out of fashion. It’s also true that every now and then, evolution will go backwards; it will be less open, less collaborative. But open source is an unstoppable force. It will come back and break those models and bring back collaboration, openness and sharing.”

Mickos concluded with these words, “I don’t think we can change it because we are humans and our evolution has made us such. Every now and then, there will be self-centered people driven by their own desire, driving us in a different direction so they can be in power, but then we come back. We are bigger in numbers, we never give up and it is the most productive way to build and sustain a society. That’s what we’re here on this planet to do.”

Last chance to attend Open Source Summit in Vancouver. Register now!

See who’s attending Open Source Summit in Vancouver and choose your OSS conference experience.

Open Source Summit is right around the corner! Don’t miss the opportunity to learn from industry experts on the latest in open source. From keynotes by Van Jones (CNN Contributor & Best Selling Author) and Window Snyder (Security Expert) to 250+ sessions featuring groundbreaking technologies and project updates, led by speakers from companies such as Google, Uber, Facebook, and Red Hat — Open Source Summit is the opportunity for you to learn how open source is shaping innovation, and how to best navigate the open source landscape.

Join 2,000 of your open source peers to make new connections, collaborate and share ideas, grow your technical skills, and much more!

See Who’s Attending:

Choose the Open Source Summit experience package that fits your needs — Hall Pass or Full Attendee Pass.

Choose the Open Source Summit experience package that fits your needs — Hall Pass or Full Attendee Pass.

Sign up to receive updates on Open Source Summit:

 Register now to secure your spot.


allies for inclusion

Diversity Empowerment Summit provides insights, ideas, and examples to help open source projects and professionals adopt inclusive practices.

Diversity and inclusion are hot topics as projects compete to attract more talent to power development efforts now as well as build their ranks to carry the projects into the future. The Diversity Empowerment Summit co-located with Open Source Summit coming up in Vancouver August 29-31, will offer key insights to help your project succeed in these endeavors.

Although adoption of diversity and inclusion policies is generally seen as simply the right thing to do, finding good paths to building and implementing such policies within existing community cultures continues to be challenging. The Diversity Empowerment Summit, however, provides hard insights, new ideas, and proven examples to help open source professionals navigate this journey.

Nithya Ruff, Senior Director, Open Source Practice at Comcast

Nithya Ruff,  Senior Director, Open Source Practice at Comcast, and member of the Board of Directors for The Linux Foundation, says “the mission of open source communities to attract and retain diverse contributors with unique talent and perspectives has gathered momentum, but we cannot tackle these issues without the support of allies and advocates.” Ruff will be moderating a panel discussion at the conference examining the role of allies in diversity and inclusion and exploring solid strategies for success.

Along with Erik Riedel of Dell EMC, Ruff will also present “Everyday Opportunities for Inclusion & Collaboration.” In this talk, the speakers will share specific examples and stories illustrating some less obvious opportunities for communication, networking, mentoring, and collaboration encountered in  on-the-job activities as well as at events and forums.

We talked with Ruff about the importance of the Diversity Empowerment Summit as well as some of the upcoming  highlights.

The Linux Foundation: Why is the Diversity Empowerment Summit important?

Nithya Ruff: A big part of open source is the developers who feel included and valued as human beings. And the Diversity Empowerment Summit helps us celebrate and discuss how we can continue to create inviting, inclusive and healthy communities. This conference welcomes talks on growing our community to practices for inclusion to being allies to people who are under-represented in our communities.  It is great to see The Linux Foundation make valuable space and time for this track every year.

The Linux Foundation: Who should attend?

Ruff: Everyone who cares about the health of the community should attend.  Projects are successful because of the people behind it and if you are interested in creating a sustainable project, you should attend these sessions.

The Linux Foundation: What are you looking forward to at the Summit?

Ruff: This year, I am excited about the panel on building allies as it brings some great speakers in one session to the audience. I’m looking forward to truly great speakers like our keynote speaker, Jennifer Cloer, and others like Tameika Reed, Deb Nicholson, Chloe Condon, Lucy Wyman, and Guy Martin.

There are also many terrific talks about welcoming and helping new contributors to open source, which is critical considering women comprise less than 10 percent of open source community members and many underrepresented communities account for less than 5 percent of open source community members.

Check out the complete schedule and register now to attend the Diversity Empowerment Summit at Open Source Summit in Vancouver.

Sign up to receive updates on Open Source Summit: