Tag Archives: viability

General

A Strategic Approach for OSPOs 

I think we’ve all been on teams where everyone is working, but no one is thinking about whether it’s the “right” work. It can be too easy to go on autopilot and keep doing the same things without thinking about whether / how those activities fit within the goals of the overall organization. I’ve built my career around taking a strategic approach to the work that my team is doing by making sure that our efforts support the overall strategies of the organization. Most recently, I did this as Director of Open Source Community Strategy at VMware and before that as Pivotal’s Open Source Strategy Lead. I’ve given loads of conference talks and written many blog posts with this strategic approach as the underlying theme. Last week, I read a LinkedIn post and blog post from David Hirsch that got me thinking more about this, and those ideas just kept rolling around in my head until I decided that I should blog about how OSPOs (Open Source Program Offices) can take a more strategic approach. 

One piece of David’s post talked about how OSPOs can play a critical role in digital sovereignty for European companies by helping them make better technology choices at a strategic level. I believe that this is absolutely critical for European companies, but thinking strategically is also important for all OSPOs, which is the focus of this post.

Being proactive and thinking strategically about how you are helping your organization meet their goals and objectives is something that can help your OSPO stand out as an important part of the business. This is especially true for new OSPOs, since it can help you justify continuing and growing your open source efforts, but it’s also something that established OSPOs should revisit regularly to make sure that you are still doing work that is valued within your organization. OSPOs often struggle to demonstrate the value of their work in a way that resonates with the people in leadership positions within their organization. Creating and regularly updating an open source strategy can help OSPOs frame their discussions with leadership to demonstrate the value of their open source efforts in ways that resonate with leadership and show how the open source works fits into the strategy of the organization as a whole. Once you have an OSPO strategy that aligns with the strategy of your organization, then you can figure out what you need to measure to show whether you are achieving your goals.

Another area that can benefit from an OSPO’s more strategic approach is in assessing risks and viability of the open source projects that your organization is consuming. Many organizations don’t have a rigorous or strategic process for selecting the most viable dependencies. Often product teams, or even individual software developers, select open source projects because they fill a particular technical need without any assessment of the viability of the project or the risks they might be taking by using it. Is the project controlled by a single company or a foundation? Who contributes to the project? Is the project at the risk of a rug pull or similar disruptions? Assessing the viability of open source projects, especially ones that have the potential to impact your business, is a good first step toward managing risk and reducing the chances of potential business disruptions. But it’s also important to look beyond just assessing the viability of individual projects and to look at viability and risk with a more holistic approach that includes assessing the risks associated with cloud infrastructure, data storage and access, use of AI models, vendor lock-in, and more.

Another critical piece of an OSPO’s strategy is around contribution to open source projects. By having employees actively participating and contributing to the projects that are most strategic for your organization, they can influence project direction, fix bugs, add features, otherwise improve the health and sustainability of the critical projects for your organization. I also like to think of contribution as a way to anticipate and mitigate risks as part of thinking about viability. When assessing viability, you can include whether contributing to a project might help improve viability. Organizations have the power and resources to make real improvements within open source projects, and corporate involvement and contribution can positively impact the sustainability of our projects.

I only scratched the surface of a few topics here. It isn’t possible to cover every part of an OSPO’s strategy in one blog post, so there are certainly other areas, like business impacts, licensing and compliance, governance, policies, and more. What’s important is to think about what your organization is trying to achieve and how your OSPO can play a strategic role in helping your organization be successful. If you want feedback or help with your open source strategy, I’m available for consulting engagements.

Additional Resources:

Photo by Karolina Kołodziejczak on Unsplash

General

Assessing the Viability of Open Source Projects

I’m thrilled to announce that we just launched the Practitioner Guide: Assessing Viability, which is the latest in the CHAOSS Practitioner Guide series! A huge thank you to Gary White Jr. who wrote quite a bit of this guide along with the viability metrics models that it’s based on.

The topic of viability and risk is one that’s near and dear to my heart, and is something that I’ve been talking and speaking about for the past 5 years going back to when I was at VMware where it was an important consideration for our Open Source Program Office.

Open source software is found in almost every codebase, but some open source projects are more viable than others over the long term. Many companies don’t have a rigorous process for selecting the most viable dependencies. Often product teams, or even individual software developers, select open source projects because they fill a particular technical need without any assessment of the viability of the project or the risks they might be taking by using it. Assessing the viability of open source projects, especially ones that have the potential to impact your business, is a good first step toward managing risk and reducing the chances of potential business disruptions.

Here’s a short quote from the guide:

“Most business decisions boil down to an assessment of risk and making tradeoffs. Organizations should be thinking strategically about project risks in light of how they are using the projects. If it’s a critical part of a technology stack, it should be as low of a risk as possible. On the other hand, if an open source project is used as a small part of some non-critical infrastructure, an organization can accept more risk. Assessing viability and thinking about it from the perspective of risk and which risks to accept is an important first step, but it’s also important to think about which risks can be mitigated to improve viability. The best way to mitigate many of these risks is by paying employees to contribute to the projects that are most important to your organization. This provides an opportunity to improve viability and sustainability, but it also provides insight into where the project is heading and how things are going, so that if something changes in the project to further increase risk, it might be easier to anticipate those changes.”

– The CHAOSS Practitioner Guide: Assessing Viability

This guide provides advice for assessing viability across four categories: compliance and security, governance, community, and strategy. Depending on your use case, you may find different opportunities to use this viability assessment framework and how you use it will vary based on your organization’s assumption of risk. I hope you enjoy this guide and the others in the CHAOSS Practitioner Guide series! If you want feedback or help with your open source strategy, I’m available for consulting engagements.

Additional Reading:

Photo by Ian Gonzalez on Unsplash