The 7 Dimensions of Good Open Source Management
The Linux Foundation | 09 September 2016
Organizations use open source software to gain competitive advantage in many ways: to speed up software delivery, save money on development, to stay flexible, and to stay on the leading edge of technology.
But using open source software, and especially integrating and redistributing it in products and services, carries with it added complexity and risk. Code coming in from multiple sources, under different licenses and with varied quality and maturity levels, can expose organizations to issues with security, integration, support and management — not to mention legal action — if the code is not properly managed.
That’s why companies that successfully leverage open source for business advantage, have established programs to manage their open source development processes.
“When open source is business critical, it predicates the use of professional open source management,” said Bill Weinberg, senior director and analyst of open source strategy at The Linux Foundation. “You need a clear management strategy that aligns with your business goals. And you need efficient processes to ensure that compliance does not discourage participation.”
Professional open source management requires a clear strategy, driven by your organization’s business objectives. It includes well-defined policies and a set of efficient processes that help an organization deliver consistent results with open source software. Below are the seven dimensions of a good corporate open source policy and processes, provided by Weinberg and Greg Olson, senior director of open source consulting services at The Linux Foundation.
Want to learn more about professional open source management? Watch a free replay of Bill Weinberg and Greg Olson’s recent webinar, “Open Source Professional Management – When Open Source becomes Mission-Critical.” Watch Now.
7 dimensions of open source management
1. Discovery – Provide guidance for developers on how to find and evaluate open source software for use in their work.
2. Review and Approval – A checkpoint to review architectural compatibility, code quality and maturity, known bugs and security vulnerabilities, availability of required support, and license compatibility.
3. Procurement practices – Review and approval for code that enters through commercial procurement, rather than downloading from the Internet.
4. Code management and maintenance – ensures that open source is reliably tracked and archived and that it is supported and maintained at a level appropriate for each application.
5. Community interaction – clear guidelines for developers who interact with outside community members and an approval process for contributions to open source communities.
6. Compliance program – ensures that OSS elements subject to license requirements are identified and implemented.
7. Executive oversight – important for long-term success. Executives should review OSS management operations, participate in and approve open source management policy and approve policy exceptions and significant contributions to community projects. Legal executives should review all new OSS licenses and any licensing policy exceptions.
Similar Articles
Browse Categories
Cloud Computing Compliance and Security Open Source Projects 2024 Linux How-To LF Research Open Source Ecosystem and Governance Blog Diversity & Inclusion Newsletter Data, AI, and Analytics linux blog Research Training and Certification Linux Cross Technology Cloud Native Computing Foundation cybersecurity software development Announcements Decentralized Technology Legal OpenSearch Sustainability and Green Initiatives cloud native generative AI lf events Finance and Business Technology Networking and Edge cncf industries Emerging Technology Health and Public Sector Interoperability Kubernetes Topic: Security Web Application & Development amazon web services aws community tools confidential computing challenges decentralized AI decentralized computing eBPF funding japan spotlight kernel license compliance openssf ospo research survey skills development state of open source tech talent