OSPOlogyLive Event in Frankfurt: „local, affordable, and in-depth”
OSPOlogyLive, hosted at the SAP office in Frankfurt (Eschborn), marked the third edition of an event series where companies and foundations, committed to fostering open source, met in a very “open” manner (in the sense of talking openly). It brought Open Source Program Offices (OSPOs) and similar entities together to share and learn about the challenges and advantages of managing open source in both corporate and organizational settings, shedding light on the pivotal role that an Open Source Program Office can play. OSPOlogyLive was organized jointly by the Linux Foundation, InnerSource Commons, and other organizations under the lead of Ana Jimenez Santamaria from the TODO Group and co-sponsored by the Linux Foundation. It was free of charge for the participants and limited to 50 seats.
Over two days, we immersed ourselves in discussions, valuable content, and personal connections. The presentations were a catalyst for the moderated discussions in the afternoon’s roundtable break-out sessions. Topics included security, outbound open source, InnerSource, and emerging trends and challenges for OSPOs. The personal insights into other companies best-practice, challenges and how other OSPO organizations work, showed that there is a lot of common ground.
These conversations and presentations also demonstrated that OSPOs have much more responsibilities than just managing compliance. They also define open source strategies, and policies, provide trainings and certifications, manage contributions and the publication of open source projects, support community building, and development teams, and often even develop and maintain their own open source management and analytics tools. This might help companies to innovate by contributing to existing open source projects or guiding teams to take the right decisions in tooling or strategy. The event series’ motto, “local, affordable, and in-depth,” has undeniably lived up to its promise.
Find below a short summary of the presentations:
- Mastering your Organization’s Open Source Journey: SAP opened the event with a keynote by Peter Giese, leader of the SAP Open Source Program Office (OSPO). According to the ‘Industrial open source maturity model’ from Carl-Eric Mols, et al., all companies are moving up the open source maturity ladder through a ‘journey in steps’. Providing details about SAP’s past, present and future open source steps, Peter shared best-practices and learnings from their own open source journey. He put special focus on the setup and working mode of their OSPO, as well as on how they simplified SAP’s open source contributions guidelines, processes and tooling. These improvements helped to place SAP as the 9th largest commercial contributor on Github.com, as per the Open Source Contributor Index of August 2023. link to slides
- SBOMs – A short introduction: Max Mehl, working in the Chief Technology Office at DB Systel (Deutsche Bahn), introduced an important topic in software development and supply chain management: Software Bill of Materials (SBOMs) and their relevance to Open Source. SBOMs essentially represent a comprehensive list of all ‘ingredients’ that make up a software component. It’s worth noting that the level of detail in SBOMs can vary, and that there are many different types and variants. The demand for SBOMs is on the rise, driven by various factors, including more professional supply chain management in industries and the forthcoming Cyber Resilience Act (CRA), which was also a topic for the panel discussion at this event. link to slides
- Communicating the Value of OSS Communities through OSPOs: Ana Jimenez Santamaria from the TODO Group Europe focused her talk on the question of how OSPOs are a vehicle to position open source projects and their community as a critical part of an organization’s strategy. Her insights were drawn from a recent study on the current landscape of OSPOs (source: State of OSPOs in 2023 and the recent work from the OSPO Book Working Group. Comparing the data to that of 2022, the statistics reveal a remarkable 32% surge in the adoption of OSPOs, which serve as the central hubs for efficiently managing open source initiatives within companies and organizations. This surge underscores the growing recognition of OSPOs’ pivotal role in the contemporary business landscape. slides will be on GitHub soon
- The Cyber Resilience Act (CRA) affecting OSPOs: The panel discussion on the Cyber Resilience Act (CRA) underscored that this impending European law will have global implications, impacting companies and organizations worldwide. While it was not questioned by the panelists, that regulating security standards of digital components in products is important, the effects on software providers especially with respect to open source management is still unclear. This is also due to the fact that the final form of the law, including which amendments will be considered, has not yet been determined. The lively discourse within the forum also shows the apprehensions and uncertainties felt by many open source stakeholders regarding this legislation. At this juncture, there is no clear understanding of how it will translate into specific requirements for commercial software.
- InnerSource Program Offices – an outlook: InnerSource is increasingly becoming a prevalent practice within numerous companies. The presentation delivered by Georg Grütter from Bosch, featuring best-practice examples, and highlighting the pivotal role of a central organization for InnerSource, also known as an ISPO (InnerSource Program Office), was very inspiring. Bosch’s status as an early adopter of InnerSource made Georg’s insights particularly insightful. He also addressed challenges, including issues like export control and siloed thinking, which could potentially impede the adoption of InnerSource. Georg’s enthusiasm for the advantages of InnerSource was a catalyst for the discussions in the afternoon roundtable discussions. slides will be on GitHub soon
- Getting More Value from your OSPO: The central theme of the talk by Dawn Foster, a CHAOSS project maintainer and a seasoned professional with diverse roles within OSPO organizations, was how to extract maximum value from an OSPO or a centralized open-source team. Dawn underscored the significance of fostering close collaboration with strategic projects, enabling development teams to expand and flourish. She emphasized that an OSPO’s focus on educating employees yields better results than imposing complex contribution processes. Furthermore, Dawn provided illustrative examples of how OSPOs can effectively steer toward strategic objectives by harnessing metrics and data. Link to slides
- A Vision of FOSS at Mercedes-Benz: On the second day, Wolfgang Gehring, a pioneering figure in the Open Source and InnerSource movements at Mercedes-Benz, set the stage with great personal insights into the FOSS journey within the company. With his expertise, Wolfgang offered valuable guidance on the rationale and methodologies behind establishing OSPOs for the maximum benefit of all stakeholders. I really enjoyed his short video (if it were on YouTube, it would be viral, I assume), where Wolfgang shared his insights on the advantages of embracing Open Source practices for organizations and businesses. As the author of the first FOSS Manifesto, it was interesting to learn more about this manifesto and to see, how even a document can be a great example of openness and knowledge sharing. Link to slides
- Selecting the Right Collections of Sustainability Metrics: Sean Goggins, Co-Founder and Maintainer of the CHAOSS project and professor of Computer Science shared his expertise about metrics and data that help analyzing the value of open source, meta data of open source software or the sustainability of projects. Sean also shed light on the inherent challenges tied to working with data, including the hurdles of acquiring the right data. Examples of metric models gave food for thought and further discussions. slides will be on GitHub soon
About the author: Ulrike Fempel works in the SAP Open Source Program Office since 2019.