Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[OSPO Book] Update 02-chapter.md #398

Closed
wants to merge 1 commit into from
Closed

[OSPO Book] Update 02-chapter.md #398

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 25 additions & 26 deletions ospo-book/content/en/02-chapter.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ weight: 40

## Introduction

Organizations of various types, including end-user companies, software companies, universities, and public administrations, all have a relationship with open source. To handle software responsibly, organizations need to engage with open source. Establishing an organizational structure is an initial step to consolidate commitment, which is where an OSPO comes into play, as it acts as a means for organizations to support their objectives and address challenges when it comes to open source. For instance:
Organizations of various types, including end-user companies, software companies, universities, and public administrations, all have a relationship with open source. To handle software responsibly, organizations need to engage with open source. Establishing an organizational structure is an initial step to consolidate commitment, which is where an OSPO comes into play, as it acts as a means for organizations to support their objectives and address challenges regarding open source. For instance:

- **The tension between the need to ship product features and the need to contribute back to open source:** Open source contributions may take a back seat when dealing with multiple day-to-day tasks.
- **The tension between the need to ship product features and to contribute back to open source:** Open source contributions may take a back seat when dealing with multiple day-to-day tasks.

- **Procurement processes with never-ending steps:** Open source is a dynamic ecosystem whose contributions should occur as smoothly and naturally as possible. The long procurement processes faced in highly regulated environments, such as finance companies and governments, create a barrier to open source contribution and engagement.

Expand All @@ -25,7 +25,7 @@ Organizations of various types, including end-user companies, software companies

To understand the value of an [OSPO](https://ospoglossary.todogroup.org/ospo-definition/), it is important for the reader to understand the reasons for (1) Establishing an OSPO and (2) Sustaining it over the long term.

In this book, the section on _Starting an OSPO_ is aimed at organizations that are taking their first steps toward creating a centralized space. This means that even if they already have personnel dedicated to open source initiatives, lack a centralized structure. On the other hand, the section on _Sustaining an OSPO_ is more relevant to individuals within organizations that already have a similar entity in place, encompassing aspects such as strategy, compliance, community, and governance.
In this book, the section on _Starting an OSPO_ is aimed at organizations taking their first steps toward creating a centralized space. This means they need a centralized structure, even if they already have personnel dedicated to open source initiatives. On the other hand, the section on _Sustaining an OSPO_ is more relevant to individuals within organizations that already have a similar entity in place, encompassing aspects such as strategy, compliance, community, and governance.

> In both sections, the emphasis is on the different responsibilities of an OSPO to help manage open source as an ongoing activity and be well integrated into all organization's units. This responsibility may evolve and become more complex over time, but it is definitely not a temporary task with a predetermined completion point.

Expand All @@ -35,34 +35,33 @@ _[Source:OSPOs, key lever for open source sustainability](https://speakerdeck.co

### The reasons behind Starting an OSPO

The [business value of the OSPO report](https://www.linuxfoundation.org/research/business-value-of-ospo) explains some of the reasons shared by Open Source leaders across different industries and organization sizes.
The [business value of the OSPO report](https://www.linuxfoundation.org/research/business-value-of-ospo) explains some of the reasons shared by open source leaders across different industries and organization sizes.

- Building standardized processes around open source
- Learn how to approach the open source community
- Embracing the Sustainability of Open Source Projects
- Managing Compliance
- Embracing the sustainability of open source projects
- Managing compliance
- Expanding access to open knowledge
- Improving development velocity
- Mitigating Security Risks
- Mitigating security risks

### The reasons behind Sustaining an OSPO

Stopping the work of an OSPO could have significant negative impacts on those organizations that use open source at any level, including loss of open source expertise, increased security and legal risks, reduced community engagement, and damage to reputation.

An OSPO needs to be an ongoing initiative within an organization in order to evolve its culture and open source knowledge, helping the organization to contribute to and build more secure open-source software, as well as improving the sustainability of open-source projects.
An OSPO needs to be an ongoing initiative within an organization to evolve its culture and open source knowledge, helping the organization contribute and build more secure open source software, as well as improving the sustainability of open source projects.

The different roles and pillars of support of an OSPO shared below can help readers understand why it should be viewed as a critical area to maintain and nurture within an organization, rather than just a pet project with an expiration date.
The different roles and pillars of support of an OSPO shared below can help readers understand why it should be viewed as a critical area to maintain and nurture within an organization rather than just a pet project with an expiration date.

- **Acts as a Counselor:** Sometimes a strategic approach just means stepping back and taking the time to think through some of the hard questions about what type of engagement model is right for any particular project or how involved the organization should be in each project. There is also the question of when it makes sense to contribute to an existing project versus creating a new project. An OSPO that is having these strategy-level conversations will be able to provide guidelines to workers at the different teams so that workers do not have to consider the business implications of different open source engagement models every time they try to solve a problem
- **Acts as a Counselor:** Sometimes, a strategic approach just means stepping back and thinking through some of the hard questions about what type of engagement model is suitable for any particular project or how involved the organization should be in each project. There is also the question of when it makes sense to contribute to an existing project versus creating a new project. An OSPO that has these strategy-level conversations will be able to provide guidelines to workers across different teams so that workers do not have to consider the business implications of other open source engagement models every time they try to solve a problem.

- **Acts as a Facilitator:** The OSPO also plays a sort of translation role between
Organization’s teams and decision makers' interests regarding open source and the needs from the open source community. They also help organizations navigate the cultural, process, and tool changes required to engage with the open source community effectively and in a healthy way.
- **Acts as a Facilitator:** The OSPO also plays a sort of translation role between the organization’s teams and decision makers' interests regarding open source and the needs of the open source community. They also help organizations navigate the cultural, process, and tool changes required to engage with the open source community effectively and healthily.

- **Acts as an Advocate:** OSPOs can promote the use and/or contribution of open source and best practices across different organizational units. This can help organizations realize the benefits of open source as well as engaging people to contribute to open source projects or start new ones

- **Acts as an Environmentalist:** OSPOs can help organizations support and sustain open source projects in the long term by addressing issues such as security, maintenance, and project health. This can help ensure that open source projects remain healthy in the long term and continue to benefit the wider community.
- **Acts as an Environmentalist:** OSPOs can help organizations support and sustain open source projects in the long term by addressing issues such as security, maintenance, and project health. This can help ensure that open source projects remain healthy in the long-term and continue to benefit the wider community.

- **Acts as a Gatekeeper:** OSPOs can help to enforce OS policies and strengthen OS governance. This can help organizations to ensure compliance and mitigate OS security risks.
- **Acts as a Gatekeeper:** OSPOs can help enforce OS policies and strengthen OS governance. This can help organizations ensure compliance and mitigate OS security risks.

![ospo-support](https://github.com/todogroup/ospology/assets/43671777/f96cd4a1-0315-4a0e-8de3-2da59378a57b)

Expand All @@ -71,32 +70,32 @@ The different roles and pillars of support of an OSPO shared below can help read
We can see that [more public sector organizations are realising the value of an Open Source Programme Office](https://joinup.ec.europa.eu/collection/open-source-observatory-osor/news/growing-case-ospos-government) to not only achieve their digital policy goals to better serve their citizens but also to transform their organizations toward achieving these goals.
Public sector organizations face unique challenges when it comes to managing their open source operations, including the need to comply with strict laws and regulations, and the requirement to provide transparent and accountable operations. An OSPO can help governments and public sector organizations to overcome these challenges.

- Improved Compliance: An OSPO helps to ensure that their open source operations are compliant with relevant laws and regulations, including data privacy laws, procurement regulations, and transparency requirements. This helps organizations to avoid costly legal and regulatory challenges, and to maintain their reputation as responsible public sector organizations.
- Improved Compliance: An OSPO helps ensure their open source operations complay with relevant laws and regulations, including data privacy laws, procurement regulations, and transparency requirements. This allows organizations to avoid costly legal and regulatory challenges and to maintain their reputation as responsible public sector organizations.

- Increased Collaboration: An OSPO helps to foster collaboration between different departments and with external stakeholders, including other public sector organizations, open source communities, and civil society organizations. This increased collaboration helps organizations to access a wider pool of talent and resources, and to develop better open source solutions.
- Increased Collaboration: An OSPO helps foster collaboration between different departments and external stakeholders, including other public sector organizations, open source communities, and civil society organizations. This increased collaboration allows organizations to access a wider pool of talent and resources and to develop better open source solutions.

- Better Resource Allocation: An OSPO helps to allocate resources more effectively, ensuring that open source operations are well-supported and that key initiatives are given the resources they need to succeed. This helps organizations to maximize the benefits of open source technology, and to drive innovation and growth.
- Better Resource Allocation: An OSPO helps allocate resources more effectively, ensuring that open source operations are well-supported and that key initiatives are given the necessary resources to succeed. This allows organizations to maximize the benefits of open source technology and drive innovation and growth.

- Improved Service Delivery: An OSPO helps to improve the delivery of public services, by enabling them to adopt innovative and cost-effective technologies, and to collaborate with external stakeholders to develop better solutions. This helps organizations to provide better services to citizens, and to meet the changing needs of their communities.
- Improved Service Delivery: An OSPO helps to improve the delivery of public services by enabling them to adopt innovative and cost-effective technologies and collaborate with external stakeholders to develop better solutions. This allows organizations to provide better services to citizens and meet their communities' changing needs.

The European Commission's Open Source Program Office (OSPO) has launched a new portal that serves as a wiki or knowledge archive, providing up-to-date information on advancements in OSPO-related topics for public administrators. This portal offers a variety of resources, including useful studies, presentations, use cases, guides, and more, to readers interested in learning more about OSPO-related topics. Check `📚 Continue Here` at the end of this chapter.

### [Appendix B] A broader view of open source in Universities and public admins: Open Work

In Chapter 1 we already introduced how open source has become increasingly significant for modern organizations. By extending the concept of "open" to encompass open research, design, and access, we can identify additional benefits that these practices bring to organizations. This broader view of openness is gaining traction in academic and public sectors, where the _open work_ term is starting to be used among participants that engage in OSPO practitioner communities.
In Chapter 1, we already introduced how open source has become increasingly significant for modern organizations. By extending the " open " concept to encompass open research, design, and access, we can identify additional benefits these practices bring to organizations. This broader view of openness is gaining traction in academic and public sectors, where the _open work_ term is starting to be used among participants that engage in OSPO practitioner communities.

## Assessing Value of Open Source Consumption

`✅ Assessment`

Open source software is everywhere. Organizations typically underestimate how much they already depend on the consumption (also called usage) of open source. It might be a deliberate choice to make use of specific open source projects, but it also might come in unnoticed as part of commercial software or in an organic way through individuals or teams taking engineering decisions. This can pose risks but it also provides chances. Open source represents a significant part of the value of IT solutions. It is an important step to recognize and assess this value and how an OSPO can serve in sustaining and increasing this value.
Open source software is everywhere. Organizations typically underestimate how much they already depend on the consumption (also called usage) of open source. It might be a deliberate choice to use specific open source projects. Still, it might come unnoticed as part of commercial software or in an organic way through individuals or teams making engineering decisions. This can pose risks, but it also provides chances. Open source represents a significant part of the value of IT solutions. It is an important step to recognize and assess this value and how an OSPO can sustain and increase it.

There are some studies which analyze usage of open source software in the industry. The [Synopsys Open Source Security and Risk Analysis Report 2022](https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html) for example finds that the average software project consists to 78% of open source software.
Some studies analyze the use of open source software in the industry. The [Synopsys Open Source Security and Risk Analysis Report 2022](https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html) for example, finds that the average software project consists of 78% of open source software.

Assess this value for your own organization by taking steps such as:
Assess this value for your organization by taking steps such as:

- Collect information about open source software used by your development and operations teams
- Get clarity about composition of commercial software you buy or services you use, ask vendors for what open source software they use, e.g. by requesting Software Bill of Materials (SBOMs)
- Get clarity about the composition of commercial software you buy or services you use, ask vendors what open source software they use, e.g. by requesting Software Bill of Materials (SBOMs)
- Assess value by evaluating what costs would occur by using alternative proprietary solutions and components
- Take factors such as speed of innovation or engineering agility into account

Expand All @@ -114,11 +113,11 @@ Despite an organization might be aware of the general problems, responsibility a

![opensourceinvolvementmodel](https://user-images.githubusercontent.com/43671777/232468143-cde69525-7adb-4399-96d3-fa63f056b942.png)

- Step two: Have 1:1 conversation with managers, high-level executives, and workers/contractors from different teams that uses open source in their day-to-day operations
- Step two: Have 1:1 conversations with managers, high-level executives, and workers/contractors from different teams that use open source in their day-to-day operations
- Step three: With the output from these 1:1 conversations, define concrete motivators and map them into areas within the organization where open source brings value
- Step four: make a second division that categorizes each of these motivators on the different stages within the open source involvement model
- Step four: Make a second division that categorizes each of these motivators on the different stages within the open source involvement model

This is an example of the value of activity from participation to leadership stage that an OSPO from a corporation can elaborate on by following these steps:
This is an example of the value of activity from participation to the leadership stage that an OSPO from a corporation can elaborate on by following these steps:

<img width="942" alt="activityparticipationcategorization" src="https://user-images.githubusercontent.com/43671777/232468402-bb4a4d49-a6d6-4c74-8d21-88c6be3c2c13.png">

Expand Down
Loading