In the FINOS members only meeting’s OSR roundtable, key stakeholders from various roles within the organization came together to address the growing significance of open source software (OSS).
The attendees included Open Source Program Office (OSPO) representatives, Solution Architects, Consultants, Product Owners and more. The CIO, CTO, Learning/HR, and Internal Audit departments each shared their perspectives and concerns, providing valuable insights into the challenges and opportunities associated with OSS adoption.
Here are the key takeaways from the roundtable:
CIO’S PERSPECTIVE: RECOGNIZING THE IMPORTANCE AND RISKS OF OSS
The CIO role’s focus point is the need for recognizing OSS as a reality within the organization. It is crucial to understand the extent of OSS usage and raise awareness of its profile. Additionally, the CIO can emphasize the importance of understanding the legal implications, risks, and growth in reliance on OSS. Recognizing that OSS is not a last resort approach, but rather often the best approach, is essential.
CTO’S ROLE: LEVERAGING RISKS AND ESTABLISHING AN OSPO
The CTO role can emphasize leveraging risks associated with OSS to drive action. The OSPO, an essential component, should be established to facilitate OSS adoption. The CTO role encourages attendees to learn from peer organizations, attend Special Interest Group (SIG) meetings, and pursue OSR Certification. Furthermore, short educational videos, LF Catalog’s “Developing Secure Software” course, and the identification of OSS champions within the organization were proposed as calls to action. Creating an Open Source Council was also recommended to provide guidance and support.
ENABLING LINE OF BUSINESS: SUPPORTING OSS USAGE
Enabling the Line of Business (LoB) in utilizing OSS effectively was a key focus area. Automation of compliance processes, learning/training programs, and impact assessments of OSS were suggested to streamline and encourage adoption. Establishing clear policies for personal contributions, minimizing frustrations associated with firm contributions, and ensuring contributors feel safe were also highlighted. Scare tactics regarding the risks of not contributing, case studies, metrics showcasing OSS success stories, and the identification of internal champions were proposed strategies.
LEARNING AND HR: EDUCATION AND COLLABORATION
The Learning and HR department’s focus is the importance of education and collaboration in OSS adoption. Mandatory courses for developers, newsletters, broad communications, success stories, published processes, hackathons, workshops, and ethics/codes of conduct were recommended approaches to engage employees and foster a culture of OSS contribution.
INTERNAL AUDIT: ENSURING SAFETY AND COMPLIANCE
Internal Audit focuses on the need for increased awareness of OSS contributions and its impact on safety within the organization. The security of various types of software, including internal, OSS, and third-party applications, was highlighted. Mergers and acquisitions often prompt audits, and policy sustainability, regulatory oversight, software lineage education, understanding licenses, and lifecycle concerns were identified as important areas. Effective auditing was deemed a sign of maturity, necessitating the ability to differentiate between perceived and real threats, such as SaaS risks and vulnerabilities like SolarWinds and zero-day exploits.
CONCLUSION: BUILDING A THRIVING OPEN SOURCE ECOSYSTEM
The roundtable discussion shed light on the challenges and opportunities surrounding OSS adoption within the organizations. By recognizing the reality and extent of OSS usage, mitigating risks, establishing an OSPO, supporting LoB, fostering education and collaboration, and ensuring safety and compliance through effective auditing, organizations can build a thriving open source ecosystem. Through collective efforts, leveraging best practices, and encouraging contributions, all expressed through FINOS’s OSR efforts, the benefits of OSS can be harnessed while safeguarding against potential risks, resulting in innovation, security, and long-term success.