Open Source Software Policy Design
Having a clearly defined Open Source Software Policy is fundamental to the success of a professionally managed open source software program. The policies defined will guide organisations on decision making process in managing risk in open source software and will enable the implementation of a Continuous Compliance Program
The Open Source Software Policy will be unique to every organisations but will typically cover:
-
- What is the strategy?Why do we need OSS, and why do we need a policy?
- Licensing policy
- Acceptable licences
- License compliance
- Security vulnerability management
- Service Level Agreements
- Contribution
- How can developers contribute to external projects
- How can external developers contribute to the organisations projects
- What is the Scope?Who is covered?
- What is covered?
- Different rules for different groups or business units sometimes
- necessary
- How to apply
- Guidelines, whitelists & blacklists, tools, checklists, etc.
- How to communicate
- Obligations, contributions, public forums
Source Code Control Limited work in partnership with clients to define and maintain Open Source Software Policies.
The steps we go through are:
- Workshops to define the needs of an organisation
- What policies are in place?
- Are they working?
- Discovery
- Identify all third party software in use or planned to be used
- Review and approval
- Review of open source software in products
- Are they mandated by a company policy?
- Obligation Satisfaction
- Compliance practices to needed to satisfy open source software obligations
- Community contributions
- Review and approval of employee contributions to community projects
- Are there any?
- Policy
- Corporate policy for the use of open source software
- Protecting company interests
- Training & Education
- Communication needed to ensure compliance
- Educate employees why there is a policy
- Educate employees what is the policy and their responsibilities
- Communication needed to ensure compliance
- Policy maintenance
- Regular reviews of policy effectiveness
- Modify to align with changing business needs
Open Source Software Policy in Practice
The policy provides guidance across all areas of the business impacted by risk in open source software. An organisation can transparently demonstrate to external customers and partners the policy in order to drive customer and partner satisfaction, enable confidence in prospective clients and enable developers to focus on what they are best at, creating great software that delivers.
The end goal of Continuous Compliance can then be be realises