Open source software (OSS) governance in the organisation

Abstract

Going into the century's second decade, Open Source Software (OSS) is ubiquitous. But there remains a disconnect between OSS use and its effective management. In order to ensure that OSS is used in a way which complies with relevant licence requirements and reduces risk (for example, of adverse action from the OSS community and IP leakage through unintended application of the ‘copyleft’ terms of the GPL2); organisations should consider putting in place an effective OSS governance mechanism. OSS governance should take account of the people context, seeking to get buy-in from all stakeholder groups inside and outside the organisation. The high-level OSS strategy should then be agreed between the stakeholders, consistently with other statements of operational strategy. The next level down is the OSS policy statement, which should be clear, brief, event-driven, able to settle 80% of OSS decisions arising day to day and set out what information is to be collected and tracked. Finally, appropriate processes should be put in place to take the strain of OSS governance. Organisations should consider appointing an Open Source Compliance Officer and acquiring a software based indicator tool enabling a number of key governance processes (code review, setting agreed ‘do's and dont's’) to be automated.