Friday, March 31, 2017

OSS Governance Policy

Open Source Software governance in the corporate context is the first step to both realizing the many benefits of OSS as well as mitigating any potential risks.  Any good governance process should begin with a corporate policy spelling out the parameters of its applicability and purpose.

  • Policy Applicability:  The policy should explicitly indicate who is covered.  For OSS purposes, the most common actors are employees, vendors, outside agents or contractors who use open source software in the performance of their responsibilities on the company's behalf.

  • Policy Statement:  The policy should include an affirmative statement of what is permitted subject to any review and approval processes.  At the policy level it is best to avoid laying out specific operational processes as these are often subject to change.  But it is helpful if the policy delineates the parameters and purpose of what expected governance processes will cover.  Examples might include:
    • ensuring license compliance
    • understanding provenance
    • evaluation and mitigation of risk to company intellectual property
    • indication of the various stakeholders to participate in review; legal, architecture, security, quality etc.
    • establishing an executive owner and providing for waiver discretion

  • Business Purpose: Since all corporate policies should exist for the purpose of achieving organizational goals, a good open source policy will describe the nature of the OSS ecosystem and why it is desirable to participate.  This background information will be useful as the policy is interpreted over time as necessary to evolve specific governance processes to meet new challenges and opportunities.

Finally, as a practical matter, I have found it better to address open source consumption policy separately from active participation and contribution to OSS community projects.  Many times an organization will find it beneficial to acclimate itself to the consumption side of the equation first while building confidence through experience.  Active community participation and contribution are a natural progression and often best served by separate policy considerations once the consumption processes are mature and functioning smoothly.

Next up, I will begin addressing ideas for specific OSS governance processes.

No comments:

Post a Comment