Open Source Program Office
Open source is intertwined in the development of modern technologies and serves as the foundation of the vast majority of codebases across all industry sectors and technology areas, such as Artificial Inteligence and Machine Learning or Cybersecurity.
What is an OSPO?
An open source program office (OSPO) serves as the center of competency for an organization’s open source operations and structure. It is responsible for defining and implementing strategies and policies to guide these efforts. This can include setting policies around code use, distribution, selection, auditing, contributing, and other key areas; providing education and training to people (inside and outside the organization) involved in open source activities; supporting an organization’s efficiency in developing software through encouraging sustainable usage of existing open source components and, where appropriate, contributing enhancements back to these project; when needed, guiding teams with open sourcing their software; ensuring engineering effectiveness; ensuring legal compliance; and promoting and building community engagement. InnerSource is a close sibling of open source and often collaborates with or is part of the OSPO.
Why is an OSPO needed?
To the outside, an OSPO serves as a vital bridge between an organization and the open source community, helping to ensure that the organization is a good steward of open source software and can reap the benefits of open source adoption while minimizing risks. To the inside, an OSPO serves as a central interface for open source related activities across the organization and to bring together the required expertise from different perspectives, such as a legal, economical, technical, or community perspective.
Who is behind an OSPO
OSPOs are composed of people (open source specialists) wearing different hats:
Open Source Enabler: OSPOs can help organizations navigate the cultural, process, and tool changes required to engage with the open source community effectively. This can involve educating teams/units, establishing new processes and workflows, and adopting new tools and technologies.
Open Source Counselor: OSPOs can provide guidance and advice on the latest open source trends, licensing trends, and how to engage with open source projects, foundations, and communities. This can help organizations stay up-to-date with the rapidly changing open source landscape and ensure they are making informed decisions.
Open Source Advocate: OSPOs can promote the use and/or contribution of open source and best practices across different organizational units. This can help organizations realize the benefits of open source as well as engaging people to contribute to open source projects or start new ones.
Open Source Environmentalist: OSPOs can help organizations support and sustain open source projects in the long term by addressing issues such as security, maintenance, and project health. This can involve establishing policies and procedures for code review, security vulnerability management, and ongoing maintenance and support through funding and/or contributions. By doing so, OSPOs can help ensure that open source projects remain healthy and continue to benefit the wider community.
Open Source Gatekeeper: OSPOs can help to enforce open source policies and strengthen open source governance. This can help organizations to ensure compliance and mitigate open source security risks.
How does an OSPO usually operate?
The way the people behind an OSPO achieve this is by creating and maintaining a framework covering the following aspects: strategy, governance, compliance, and community engagement. The OSPO’s strategy focuses on aligning the organization’s open source goals with its overall organization objectives and works with all lines of organization units/groups
Disclaimer: OSPOs can be formed in various sectors, regions, and organizational sizes including private and public organizations such as academics, NGOs, foundations, governments, and public administrations, as well as small, medium, and large companies. It’s also important that there are many different names for an OSPO-like structure within an organization. The naming and concrete organizational form will strongly depend on the the practices of each organization. Organizing it as a “Program” or an “Office” is only one way to implement a structure which serves the purpose of an OSPO.