Posts

Open Source Compliance

This fully updated ebook provides detailed information on issues related to the licensing, development, and reuse of open source software.The Linux Foundation has released the second edition of Open Source Compliance in the Enterprise by Ibrahim Haddad, which offers organizations a practical guide to using open source code and participating in open source communities while complying with both the spirit and the letter of open source licensing.

This fully updated ebook — with new contributions from Shane Coughlan and Kate Stewart — provides detailed information on issues related to the licensing, development, and reuse of open source software. The new edition also includes all new chapters on OpenChain, which focuses on increasing open source compliance in the supply chain, and SPDX, which is a set of standard formats for communicating the components, licenses, and copyrights of software packages.

“Open source compliance is the process by which users, integrators, and developers of open source observe copyright notices and satisfy license obligations for their open source software components,” Haddad states in the book.

This 200+ page book encompasses the entire process of open source compliance, including an introduction on how to establish an open source management program, a description of relevant roles and responsibilities, an overview of common compliance tools and processes, and all new material to help navigate mergers and acquisitions. It offers proven best practices as well as practical checklists to help those responsible for compliance activities create their own processes and policies.

Essential topics covered in this updated ebook include:

  • An introduction to open source compliance
  • Compliance roles and responsibilities
  • Building a compliance program
  • Best practices in compliance management
  • Source code scanning tools

To learn more about the benefits of open source compliance and how to achieve it, download the free ebook today!

Enterprise open source adoption has its own set of challenges, but it becomes easier if you have a clear plan to follow. At Open FinTech Forum, Ibrahim Haddad provides guidelines based on proven practices.

2018 marks the year that open source disrupts yet another industry, and this time it’s financial services. The first-ever Open FinTech Forum, happening October 10-11 in New York City, focuses on the intersection of financial services and open source. It promises to provide attendees with guidance on building internal open source programs along with an in-depth look at cutting-edge technologies being deployed in the financial sector, such as AI, blockchain/distributed ledger, and Kubernetes.

Several factors make Open FinTech Forum special, but the in-depth sessions on day 1 especially stand out. The first day offers five technical tutorials, as well as four working discussions covering open source in an enterprise environment, setting up an open source program office, ensuring license compliance, and best practices for contributing to open source projects.

Enterprise open source adoption has its own set of challenges, but it becomes easier if you have a clear plan to follow. At Open FinTech, I’ll present a tutorial session called “Using Open Source: An Enterprise Guide,” which provides a detailed discussion on how to use open source. We’ll start by answering the question, “Why Open Source,” then discuss how to build an internal supporting infrastructure and look at some lessons learned from over two decades of enterprise open source experience. This session — run under the Chatham House Rule — offers a workshop-style environment that is a mix of presentation and discussion triggered by audience questions. The workshop is divided into five sections, explored below.

Why Open Source?

This question may seem trivial but it’s a very important consideration that even the most open source mature companies revisit regularly. In this part of the workshop, we’ll examine seven key reasons why enterprises should engage with open source software, regardless of industry and focus, and how they can gain incredible value from such engagements.

The Importance of Open Source Strategy

Going through the exercise of establishing an open source strategy is a great way to figure out your company’s current position and its future goals with respect to open source. These strategy discussions will usually evolve around goals you’d like to achieve, along with why and how you’d like to achieve them. In this part of the tutorial, we discuss the many questions to consider when determining your open source strategy and tie that to your product and services strategy for a path to a better ROI.

Implementing an Open Source infrastructure

Once you have identified your company’s open source strategy, you need to build infrastructure to support your open source efforts and investments. That infrastructure should act as a enabler for your efforts in using open source, complying with license, contributing to projects, and leading initiatives. In the workshop, I’ll present these various elements that together form an incredible enabling environment for your open source efforts.

Recommended Practices (17 of them)

When IBM pledged to spend $1 billion on Linux R&D back in 2000, it was a major milestone. IBM was a pioneer in the enterprise open source world, and the company had to learn a lot about working with open source software and the various communities. Other companies have since followed suit, and many more are now entering open source as it becomes the new normal of software development.  The question is: How can you minimize the enterprise learning curve on your own open source journey? We’ve got you covered. In this talk, we’ll explore 17 lessons learned from nearly two decades of enterprise experience with open source software.

Challenges

Beyond implementing these best practices, open source adoption requires a cultural shift from traditional software development practices to a more open and collaborative mindset. Internal company dynamics need to be favorable to open source efforts. As an open source leader inside your organization, you will face several challenges in terms of funding resources, justifying ROI, getting upstream focus, etc. These challenges often require a major shift in mindset and a lot of education up the chain. We will explore various considerations relating to culture, processes, tools, continuity, and education to ensure you are on track to open source success in your organization.

We hope to see you at Open FinTech Forum for an informative and high-value event.

Sign up to receive updates on Open FinTech Forum:

This new ebook from The Linux Foundation provides a practical approach to establishing an open source strategy based on more than two decades of experience.

When it comes to running and managing open source in the enterprise, experience-driven advice counts for a lot. It is very likely that your organization already runs open source, but many organizations make the mistake of reacting to the open source ecosystem instead of adopting a proactive strategy that is optimized for success. That’s where the free Enterprise Open Source ebook comes in.

This new 45-page ebook from The Linux Foundation provides a practical approach to establishing an open source strategy by outlining the actions your enterprise can take to accelerate its open source efforts. The information is based on more than two decades of professional, enterprise open source usage and development and will be most beneficial to software engineering executives, development managers, compliance experts, and senior engineers involved in enterprise open source activities.

“The availability of enterprise grade open source software is changing the way organizations develop and deliver products,” the book notes. “The combination of a transparent development community and access to public source code enables organizations to think differently about how they procure, implement, test, deploy, and maintain software. This has the potential to offer a wealth of benefits, including reduced development costs, faster product development, higher code quality standards, and more.”

Proven Practices

The book outlines concrete steps that an organization can take to run an effective open source program and foster success with open source. These include the following recommendations:

  • Join The Linux Foundation compliance Initiatives
  • Establish relationships with open source communities
  • Create or outsource open source training
  • Collaborate with universities on open source R&D projects
  • Join the TODO Group (Talk Openly, Develop Openly)
  • Encourage internal collaboration

The ebook also makes specific recommendations for important open source workflow practices in enterprises. You’ll find discussions on:

  • Visibility
  • Forking
  • Pull/Merge Requests
  • Peer Review
  • Release Early, Release Often
  • Testing
  • Continuous Integration
  • Documentation
  • Issue Tracking

This book states that strategizing and communicating are important steps in managing enterprise open source effectively: “To establish open source software as a major driving force for software development, your company needs to develop business-level objectives and fully identify any constraints faced for the use of open source software. The goal is to establish consensus and communicate business rationale behind new policies. This book will help you develop a strategy that transforms your efforts from a defensive approach that reacts to open source software to offensive market leadership that is fueled by strong open source engineering.”

Lessons Learned

The “Lessons Learned from Two Decades of Enterprise Open Source Experience” section notes that one of the most important steps an enterprise can take is to encourage a cultural shift surrounding open source.

“You’ll need to lead a cultural shift from traditional software development practices to a more open and collaborative mindset. Internal company dynamics need to be favorable to open source efforts. As an open source leader inside your organization, you will face challenges in terms of funding resources, justifying ROI, getting upstream focus, and so forth. These challenges often require a major shift in mindset and a lot of education up the chain.”

Download your free copy of Enterprise Open Source: A Practical Introduction now.

Measure success

Measuring Your Open Source Program’s Success is a free guide to help any organization learn exactly how their open source program is driving business value.

Open source programs are proliferating within organizations of all types, and if yours is up and running, you may have arrived at the point where you want to measure the program’s success. Many open source program managers are required to demonstrate the ROI of their programs, but even if there is no such requirement, understanding the metrics that apply to your program can help optimize it. That is where the free Measuring Your Open Source Program’s Success guide comes in. It can help any organization measure program success and can help program managers articulate exactly how their programs are driving business value.

Once you know how to measure your program’s success, publicizing the results — including the good, the bad, and the ugly — increases your program’s transparency, accountability, and credibility in open source communities. To see this in action, check out example open source report cards from Facebook and Google.

Facebook’s open source program office periodically posts the month-over-month results from its open source projects internally and sends an executive report to management. “Reports are just a good way to raise awareness,” said Christine Abernathy, Open Source Developer Advocate at Facebook. “Even though Facebook places a high value on open source (as an organization), it’s still always a good thing to market yourself internally all the time and show your value.”

Existing tools can help you measure program success. You can begin by setting up the right tools for collecting data and make sure the data sources are clean and in a format that everyone can understand. Many organizations create a dashboard of metrics for their open source programs, to track all of the data in one place and provide project snapshots that can help assess progress at a glance. (See our guide on Tools for Managing Open Source Programs.)

Key metrics for measuring open source program success

There are countless ways to measure success and track progress for open source programs. Project health isn’t the only thing to track, but is important. “How do you actually get the smartest people in the world working at your company?” asks Chris Aniszczyk, Executive Director of the Open Container Initiative and COO of the Cloud Native Computing Foundation (and former head of open source programs at Twitter). “Well, you open source stuff and then you convince them to contribute to your projects.”

It helps to be able to quantify project health. GitHub’s guide on open source metrics gives a great overview of what project maintainers should pay attention to.  Some key project metrics to track are:

  • Number of contributors (and ratio of internal to external contributors)
  • Number of pull requests submitted, opened and accepted (and time remaining open)
  • Number of issues submitted (and length of time remaining open)
  • Number of commits per contributor (internal and external)
  • Number of external adopters
  • Number of projects created or contributed to (program wide)

Other metrics include popularity and awareness, influence, and program costs. As you delve into these metrics, you can concretely report everything from diversity of contributors to your projects to the number of followers you have across channels.

The Measuring Your Open Source Program’s Success guide can help you with all these initiatives and more, and it explores how to set program goals and measure whether or not they are being met. It is one of a new collection of free guides from The Linux Foundation and The TODO Group that are all extremely valuable for any organization running an open source program. The guides are available now to help you run an open source program office where open source is supported, shared, and leveraged. With such an office, organizations can establish and execute on their open source strategies efficiently, with clear terms.

You can read more in previous articles, on How to Create an Open Source Program and Tools for Managing Open Source Programs. We encourage you to check out all the guides and stay tuned for more coverage of them.