Invest in making open source compliance more predictable, understandable & efficient across supply chains

SAN FRANCISCO and YOKOHAMA, JAPAN – OPEN COMPLIANCE SUMMIT –  December 6, 2018 — The OpenChain Project, which builds trust in open source by making open source license compliance simpler and more consistent, announced today at Open Compliance Summit that Facebook, Google and Uber have joined as platinum members.  The only standard for open source compliance in the supply chain, OpenChain provides a specification as well as overarching processes, policies and training that companies need to be successful.

Every day companies consume billions of lines of open source software through their supply chains as they build exciting new products and services. One key challenge as  code flows between companies is ensuring the relevant license requirements are met in a timely and effective manner. Many organizations seek to address similar compliance issues in a similar manner, providing an excellent opportunity for consolidation and harmonization.

The OpenChain Project provides companies with a consistent way to address these challenges. At the heart of the project is a specification, an overarching standard for how companies of all sizes, whether in physical products, in the cloud or internally, can deal with open source compliance.

Running some of the largest data centers, platforms and cloud infrastructure in the world, Facebook, Google and Uber use a considerable amount of open source software in their businesses and are joining the OpenChain project to proactively manage open source across their supply chains.

“At Facebook, we believe open source software accelerates the pace of innovation in the world. We are proud to support the OpenChain project, and, by doing so hope to make the open source supply chain more predictable and efficient so the community can focus on solving challenges of speed, complexity, and deploying open source software at scale,” said Michael Cheng, Facebook Open Source.

“Google is a strong believer that working together and being engaged with open source communities creates a ripple effect for the broader industry,” said Chris DiBona, Director, Open Source, Google. “We’re excited to join the OpenChain project and expect it will encourage greater compliance, and foster discussion on how the industry and open source projects can continue to work to improve software throughout the supply chain.”

“In the tech industry, it’s easy to take for granted how critical open source is for innovation and community collaboration,” said Matt Kuipers, IP senior counsel at Uber. “However, the lack of consistent open source policies remains an obstacle for adoption throughout the supply chain and across industries. We’re excited to join the OpenChain Project to support the adoption of consistent policies, reduce barriers to adopting open source, and increase the value of open source for more industries beyond tech.”

“We are very excited to see three innovative tech leaders join the project and welcome their experience to our Governing Board,” said Shane Coughlan, OpenChain General Manager. “We believe that their support will be a vital component as we continue to build upon a successful, meaningful industry standard for open source compliance in the supply chain.”

OpenChain also provides companies with overarching processes, policies and training to be successful in open source compliance. OpenChain Conformance with the OpenChain Specification confirms that an organization follows the key requirements of a quality open source compliance program, and builds trust between organizations in the supply chain. It makes procurement easier for purchasers and preferred status easier for suppliers.

As platinum members, one representative from each company will join the OpenChain Governing Board. Other platinum members of the OpenChain project include Adobe, ARM Holdings, Cisco, Comcast, GitHub, Harman International, Hitachi, Qualcomm, Siemens, Sony, Toshiba, Toyota and Western Digital.

Additional Resources

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

 

 

Nithya Ruff talks with Swapnil Bhartiya about Comcast’s contributions to open source and more.

Sometimes when we think about open source, we focus on the code and forget that there are other equally important ways to contribute. Nithya Ruff, Senior Director, Open Source Practice at Comcast, knows that contributions can come in many forms. “Contribution can come in the form of code or in the form of a financial support for projects. It also comes in the form of evangelizing open source; It comes in form of sharing good practices with others,” she said.

Comcast, however, does contribute code. When I sat down with Ruff at Open Source Summit to learn more, she made it clear that Comcast isn’t just a consumer; it contributes a great deal to open source. “One way we contribute is that when we consume a project and a fix or enhancement is needed, we fix it and contribute back.” The company has made roughly 150 such contributions this year alone.

Comcast also releases its own software as open source. “We have created things internally to solve our own problems, but we realized they could solve someone else’s problem, too. So, we released such internal projects as open source,” said Ruff.

Two notable projects that Comcast recently open sourced are Trickster and VinylDNS. At the moment, Comcast is maintaining these projects, but the company is also open to nurturing such projects to a stage where they can become part of bigger open source bodies like The Linux Foundation or Apache Software Foundation.

“These are the two projects that we’re actually maintaining. We are inviting contributors from all parts of the world to contribute to it and there is a great deal of diversity around these projects,” said Ruff. “At the same time, we also have Traffic Control, our CDN project, which is hosted at the Apache Foundation.”

Traffic Control is a good example of a Comcast project that became mature enough to graduate as a top tier project at the Apache Foundation. Comcast is also the force behind the RDK Management, an open source consortium to manage the Reference Design Kit (RDK). It’s an open source software platform for the connected home that standardizes core functions used in broadband devices, set-top boxes, and IoT.

Beyond Code

Ruff also serves on The Linux Foundation Board of Directors, where she represents the larger open source community. “As part of the board, one of the big lenses that I like to bring to the board is diversity and inclusion,” she said. She works closely with The Linux Foundation teams to make their projects and events more diverse and inclusive.

“We have a great opportunity as a foundation to set some guidelines for the 150-plus projects that are at the Foundation itself, but also to create best practices for the community to follow,” Ruff said.

“The whole world is getting digitized. As we are recreating this world, we need to create it with people of all types,” she continued. “Otherwise, we will have a very monotonous world. We will have a black-and-white world created by a few people with their biases that are embedded in that world. And we cannot afford to do that.”

Watch the video below to hear more:

Learn how to align your goals for managing and creating open source software with your organization’s business objectives using the tips and proven practices from the TODO Group.

The majority of companies using open source understand its business value, but they may lack the tools to strategically implement an open source program and reap the full rewards. According to a recent survey from The New Stack, “the top three benefits of open source programs are 1) increased awareness of open source, 2) more speed and agility in the development cycle, and 3) better license compliance.”

Running an open source program office involves creating a strategy to help you define and implement your approach as well as measure your progress. The Open Source Guides to the Enterprise, developed by The Linux Foundation in partnership with the TODO Group, offer open source expertise based on years of experience and practice.

The most recent guide, Setting an Open Source Strategy, details the essential steps in creating a strategy and setting you on the path to success. According to the guide, “your open source strategy connects the plans for managing, participating in, and creating open source software with the business objectives that the plans serve. This can open up many opportunities and catalyze innovation.” The guide covers the following topics:

  1. Why create a strategy?
  2. Your strategy document
  3. Approaches to strategy
  4. Key considerations
  5. Other components
  6. Determine ROI
  7. Where to invest

The critical first step here is creating and documenting your open source strategy, which will “help you maximize the benefits your organization gets from open source.” At the same time, your detailed strategy can help you avoid difficulties that may arise from mistakes such as choosing the wrong license or improperly maintaining code. According to the guide, this document can also:

  • Get leaders excited and involved
  • Help obtain buy-in within the company
  • Facilitate decision-making in diffuse, multi-departmental organizations
  • Help build a healthy community
  • Explain your company’s approach to open source and support of its use
  • Clarify where your company invests in community-driven, external R&D and where your company will focus on its value added differentiation

“At Salesforce, we have internal documents that we circulate to our engineering team, providing strategic guidance and encouragement around open source. These encourage the creation and use of open source, letting them know in no uncertain terms that the strategic leaders at the company are fully behind it. Additionally, if there are certain kinds of licenses we don’t want engineers using, or other open source guidelines for them, our internal documents need to be explicit,” said Ian Varley, Software Architect at Salesforce and contributor to the guide.

Open source programs help promote an enterprise culture that can make companies more productive, and, according to the guide, a strong strategy document can “help your team understand the business objectives behind your open source program, ensure better decision-making, and minimize risks.”  

Learn how to align your goals for managing and creating open source software with your organization’s business objectives using the tips and proven practices in the new guide to Setting an Open Source Strategy. And, check out all 12 Open Source Guides for the Enterprise for more information on achieving success with open source.

SAN FRANCISCO and EDINBURGH (OPEN SOURCE SUMMIT EUROPE) – October 23, 2018 –The OpenChain Project, which builds trust in open source by making open source license compliance simpler and more consistent, announces Toshiba has become a Platinum Member. Toshiba has long been a driving force in the OpenChain Japan Work Group, and their new Platinum membership will enable the company to contribute even more to the global adoption of the OpenChain standard. OpenChain member organizations provide resources and support to enable the community to be effective in recommending key processes for effective open source management.

“The OpenChain Project has seen exceptional engagement by the Japanese community,” says Shane Coughlan, OpenChain General Manager. “Toshiba has been at the forefront of this, actively contributing to our meetings and our strategic planning. Their Platinum Membership is a natural evolution of their roles as thought leaders in open source and we are looking forward to accomplishing great things together.”

“OpenChain is not just a project for OSS license compliance, it also helps to improve mutual trust and effective communication between open source developers and users,” says Tetsuji Fukaya, Director of the Corporate Software Engineering and Technology Center of Toshiba Corporation. “Open source is publicly recognized as an essential part of digital transformation and widely used in numerous products. In order to use open source appropriately, we think that license compliance alone is not enough. Mutual trust between developers and users is also essential. OpenChain will be key to achieve both. For that reason, we feel proud of being part of the OpenChain Project.”

Every organization of every size in every market is invited to conform to the OpenChain Specification free of charge. This builds trust in open source by making open source license compliance simpler and more consistent.

Start today by visiting:

https://www.openchainproject.org

Go directly to online self-certification here:

https://www.openchainproject.org/conformance

Platinum Members of the OpenChain Project include Adobe, ARM Holdings, Cisco, Comcast, GitHub, Harman International, Hitachi, Qualcomm, Siemens, Sony, Toshiba, Toyota and Western Digital.

About Toshiba

In over 140 years, Tokyo-based Toshiba Corporation has built a global network of almost 400 companies that channels reliable technologies into “Social Infrastructure”, “Energy”, “Electronic Devices” and “Digital Solutions”—the basic infrastructure that sustains modern life and society. Guided by The Basic Commitment of the Toshiba Group, “Committed to People, Committed to the Future”, Toshiba promotes value creation that helps to realize a world where generations to come can live better lives. In fiscal year 2017, the Group and its 141,000 employees worldwide secured annual sales surpassing 3.9 trillion yen (US$ 37.2 billion).

Find out more about Toshiba at www.toshiba.co.jp/worldwide/about/index.html

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux® is a registered trademark of Linus Torvalds.

SAN FRANCISCO and EDINBURGH – OPEN SOURCE SUMMIT EUROPE – October 23, 2018 – The OpenChain Project, which builds trust in open source by making open source license compliance simpler and more consistent, announces it has welcomed SUSE to its community of conformance. Conformance with the OpenChain Specification confirms that an organization follows the key requirements of a quality open source compliance program, and builds trust between organizations in the supply chain. It makes procurement easier for purchasers and preferred status easier for suppliers. Conformance is accomplished by answering a series of questions online.

SUSE is the first enterprise Linux distributor to earn conformance with the OpenChain Project Specification. In doing so, SUSE is helping free industry resources to focus on innovation by reducing complex processes. SUSE joins 17 other organizations with publicly announced conformant programs.

“The OpenChain Standard is suitable for every organization involved in the open source supply chain,” says Shane Coughlan, OpenChain General Manager. “Welcoming SUSE to our community is a landmark milestone that illustrates how we positively impact the beginning of the supply chain. It has been a pleasure to collaborate with a great team toward goals that will ultimately benefit thousands of companies across the globe.”

“For more than 25 years, SUSE has created and engaged with open source communities as a foundation for its enterprise solutions,” said Thomas Di Giacomo, SUSE CTO. “We always engage with the community to better meet customer needs, and our OpenChain certification is another indication to enterprises that we are committed to making their experience with open source software more reliable and cost effective.”

Every organization of every size in every market is invited to conform to the OpenChain Specification free of charge. This builds trust in open source by making open source license compliance simpler and more consistent.

Start today by visiting:

https://www.openchainproject.org

Go directly to the online self-certification here:

https://www.openchainproject.org/conformance

Platinum Members of the OpenChain Project include Adobe, ARM Holdings, Cisco, Comcast, GitHub, Harman International, Hitachi, Qualcomm, Siemens, Sony, Toshiba, Toyota and Western Digital.

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux®is a registered trademark of Linus Torvalds.

A new survey by The Linux Foundation and The New Stack reveals that open source programs are critical to the success of engineering and product teams

SAN FRANCISCO, August 30, 2018 – Formal open source programs are quickly becoming a best practice for companies in the technology, telecom/media and financial services industries according to the 2018 Open Source Program Management Survey released today by The Linux Foundation in collaboration with the TODO Group and The New Stack. More than half (53%) of the companies surveyed say their organization has an open source software program or has plans to establish one within the next year.

“Almost every organization today uses open source code and it has become table stakes for most businesses, even though it’s not always fully understood at the executive or strategic level,” said Chris Aniszczyk, CTO of the Cloud Native Computing Foundation and Co-Founder of the TODO Group at The Linux Foundation. “The results of the Open Source Program Management Survey point to a growing awareness by decision makers of the need for formal open source programs and policies to manage how open source code is used and produced, as well as an increasing understanding of how it can be strategically integrated into a company’s business plans.”

The 2018 Open Source Program Management Survey examines the prevalence and outcomes of open source programs among the Global Fortune 2000 including the key benefits and barriers to adoption.

Key findings include:

  • Open source use has become commonplace among tech and non-tech companies alike with 72% of companies frequently using open source for non-commercial or internal reasons and 55% using open source for commercial products.
  • Open source programs are very critical or extremely critical to the success of engineering and product teams according to 59% of respondents with an open source program.
  • The top three benefits of managing an open source program are awareness of open source usage/dependencies, increased developer agility/speed, and better license compliance.
  • Large companies are about twice as likely to run an open source program than smaller companies (63 percent vs. 37 percent).
  • Open source programs tend to start informally as a working group or a few key open source developers and then evolve into formal programs over time, typically within a company’s software engineering or development department (about 41 percent of programs).
  • The benefits of an open source program are widely known, with 70% of those without a program believing it would have a positive impact in their company, despite any barriers to creating it.

A successful open source program can greatly benefit corporate open source use by establishing processes that enable developers and their teams and encouraging standard coding and organizational practices, processes, and toolsets. The TODO Group, a group of companies within The Linux Foundation that collaborates on best practices for open source programs, has developed a set of open source best practices to help developers and decision makers become more productive and more structured in how they manage the open source software their businesses rely on.

More detailed findings and information about the methodology is available here.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

Media Contact:

Emily Olin

The Linux Foundation

281-380-9661

eolin@linuxfoundation.org

 

Transparency, openness and collaboration will never go out of fashion, says HackerOne’s Mårten Mickos.

Mårten Mickos has been around the open source world for a long time. He has seen the early days when open source was not taken very seriously, but now he is heading HackerOne, a company that’s building a massive community of white hat hackers to help companies create secure systems. Security and open source might seem like different worlds, but Mickos sees strong influences from one to the other.

Mårten Mickos, CEO of HackerOne

Today, open source has become the de facto software development model, but it has not always been that way.  “In 2001, when I joined my MySQL as its CEO, people didn’t believe in open source. It looked cute, like a toy. We looked like a small startup. They didn’t have the courage to follow us, but slowly and surely it started growing,” said Mickos.

Now the question is not who is using open source but who is not using it. 

Open source impact

Many people may see the benefits of open source from a technological perspective, but open source has had a deeper impact on people, culture, and our society.

“One of the greatest benefits of open source is that it has created a model where smart people who disagree with each other can collaborate with each other. It’s easy to collaborate if we agree, but open source enables collaboration even when people disagree,” Mickos said. “That is the true beauty of this model.”

A common myth about open source is that it survives out of altruism and selfless work by some community members. It might have been true in the beginning, but it’s not true anymore. “It’s not dependent on any charity. It’s not dependent on altruism. It’s not dependent on friendship. It’s not dependent on being kind. I mean, hopefully we are kind and friends, but it’s not dependent on it,” said Mickos, “It’s so smartly built that even as we are yelling and screaming at each other, we can still get work done.”

Open source is powerful but that doesn’t mean it will survive without effort. Like any other component of our civilization, it takes work. “We have to educate everybody, like any civilization needs to keep educating the population on what’s important. You educate them about history, language, mathematics, and other things. We have to do that and the new generation will completely get it,” he said.

Open source and security

Open source is known for being more secure than proprietary technology, but there is no magic there either. Just openness and hard work. “It’s more secure than closed source because you are developing it in the open. Your code is subject to the scrutiny of everybody, and I think it has been scientifically shown to be correct,” he said.

Another factor that contributes to the security of open source is the fact that the community is not afraid of talking about its problems. “It also means we know about all the problems in open source. You might think there are a lot of problems, a lot of serious problems, but as a percentage of the total number of lines of code, I would argue that open source is much more secure than closed source because when there is a vulnerability or a weakness in open source software, everybody will know about it. On the contrary, if there is something like that in closed source, it is kept secret and not fixed,” he said.

Mickos thinks the security industry can learn something from open source. “It can learn how to better collaborate on vital initiatives,” he said.

Conclusion

Today, our world is powered by open source. New technologies are arriving and new business models are evolving, yet, proprietary software will persist.

When asked if our future will be powered by open source, Mickos replied, “Transparency, openness and collaboration will never go out of fashion. It’s also true that every now and then, evolution will go backwards; it will be less open, less collaborative. But open source is an unstoppable force. It will come back and break those models and bring back collaboration, openness and sharing.”

Mickos concluded with these words, “I don’t think we can change it because we are humans and our evolution has made us such. Every now and then, there will be self-centered people driven by their own desire, driving us in a different direction so they can be in power, but then we come back. We are bigger in numbers, we never give up and it is the most productive way to build and sustain a society. That’s what we’re here on this planet to do.”

45 page book is based on the experience of hundreds of companies spanning more than two decades of professional, enterprise open source

SAN FRANCISCO, August 9, 2018The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today released a free eBook entitled Enterprise Open Source: A Practical Introduction. The book is written for software engineering executives, development managers, compliance experts, senior engineers and others involved in enterprise open source activities.

The book outlines specific actions enterprises can take to accelerate open source efforts, based on the experience of hundreds of companies spanning more than two decades of professional, enterprise open source.

Topics covered include:

  • Why use open source?
  • Various open source business models
  • How to develop your own open source strategy
  • Important open source workflow practices
  • Tools and integration

This free resource is available for download now at https://www.linuxfoundation.org/publications/2018/08/enterprise-open-source-practical-introduction/.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

# # #

open source

Guy Martin, Director, Open@Autodesk, explains how Autodesk consumes and contributes to open source.

Companies today can’t get away with not using open source, says Guy Martin, Director, Open@Autodesk, who recently sat down with us for a deep dive into Autodesk’s engagement with and contributions to the open source community.

Guy Martin

Guy Martin, Director, Open@Autodesk

“Like any company… we consume a lot of open source,” said Martin, “I was brought in to help Autodesk’s open source strategy in terms of how we contribute back more effectively to open source, how we open source code within our environment, which we want to be a standard — code which is non-differentiating and not strategic IP.”

One of the things that Martin is most proud of is the work his company is doing in the film and media space.

“We have contributed to projects like Universal Scene Description (USD) and OpenColorIO to help our film and media customers utilize not only our products but also products from other companies through the combination of open source software,” said Martin. This leads to a typical open source ecosystem that allows film and media companies to mix and match solutions from different vendors.

In addition to contributing to various open source projects, the company has also open sourced some of its own projects. Autodesk’s GitHub repository currently has more than 51 projects.

Process and planning

But it’s not easy for a large company like Autodesk to engage with the open source community. Because they also have industry-leading proprietary solutions, they need to be extra careful with consuming and contributing to open source. They need to understand various licenses to avoid legal complexity, and they must be aware that releasing some code may also expose company IP.  These are areas where all companies must tread carefully, and developers need to be fully confident that they can use code efficiently without dealing with a heavyweight process to get permissions for using or contributing.

“There needs to be a process around what we are going to open source which involves legal at a very early stage,” Martin said.

When Martin started working at Autodesk, he sat down with the legal department and found that one of the challenges in open sourcing code was lack of any business strategy around the process. One team might decide to open source something, start discussing with legal, then after a few months or more of all this work someone from business unit might look at it and ask why are we open sourcing this? All the previous efforts would be wasted.

Strategic value

“Now the process starts with the business team. We engage the business leaders; we engage the engineering teams. When we decide to open source something, we ask what’s the strategic value for Autodesk in open sourcing. What do we gain and what do we lose regarding the ability to patent things. These are the genuine business concerns,” he said.

Beyond open sourcing their own code, legal also needs to get involved when it comes to using (or contributing to) external open source projects. Before Martin joined the company, Autodesk had many different ways and means for getting approval to contribute something to upstream open source or consume some open source project.

Martin worked with the open source legal counsel at the company to fix the process. “Now we have a single process for anyone who wants to consume some open source code or wants to contribute to some. We are still improving that process,” he said.

Another thing that Autodesk has done is create a whitelist of pre-approved open source licenses, so developers have more freedom and flexibility. There is still some oversight from legal in case there is something they are not comfortable with. “We still have to track that work from a compliance perspective, but it does lift the burden from developers,” said Martin.

Autodesk has also implemented more communication channels internally, which leads to more transparency across the company. This helps people understand the value of contributing to as well as consuming open source.

How important is leadership for evolving open source projects and communities? According to the most recent Open Source Guide for the Enterprise from The Linux Foundation and the TODO Group, building leadership in the community is key to establishing trust, enabling collaboration, and fostering the cultural understanding required to be effective in open source.

The new Building Leadership in an Open Source Community guide provides practical advice that can help organizations build leadership and influence within open source projects.

“Contributing code is just one aspect of creating a successful open source project,” says this Linux Foundation article introducing the latest guide. “The open source culture is fundamentally collaborative, and active involvement in shaping a project’s direction is equally important. The path toward leadership is not always straightforward, however, so the latest Open Source Guide for the Enterprise from The TODO Group provides practical advice for building leadership in open source projects and communities.” 

Indeed, the role of leadership in open source is often misunderstood, precisely because open source projects and communities are often structured to encourage highly distributed contribution models. Their distributed structure can obscure the need for central leaders who set goals and measure progress.

More Resources

In addition to the new guide, previous Open Source Guides for Enterprise explore related aspects of open source leadership. Here are some good ones to investigate:

  • Creating an Open Source Program. Open source program offices are emerging as critical to providing good leadership, and this free guide delves into how they can become designated places where open source is supported, nurtured, shared, explained, and grown inside a company.
  • Measuring Your Open Source Program’s Success. Good leaders of all types are skilled at measuring progress, and they stay on top of the right tools for working with metrics and project management. This free guide lays out a clear path for open source leaders to measure progress and set goals.
  • Recruiting Open Source Developers. Guy Martin, Director, Open at Autodesk, has noted that when interviewing developers, he is frequently asked how the company will help the developer build his or her own open source brand. Today, leadership calls for strategically appealing to developers and this free guide includes many best practices.
  • Improving Your Open Source Development Impact also delves into these topics. It examines various ways organizations can improve their internal development processes and prepare to contribute to open source projects.

Building Leadership in an Open Source Community, which features contributions from Gil Yehuda of Oath and Guy Martin of Autodesk, looks at how decisions are made, how to attract talent, when to join vs. when to create an open source project, and it offers specific approaches to becoming a good leader in open source communities.

“Companies often go through a phase of thinking ‘Oh, well, we’re huge. Why can’t we pound our fist on the table and just make the community do what we want?’ They soon come to realize that tactic won’t work,” writes Martin, in the guide. “They come to understand that the only way to gain leadership is to earn the role within the community. And the only way to do that is to gain credibility and make contributions.”

You’ll find the complete guide here, and you can browse an entire list of free Open Source Guides here.