Open Source Program Office (OSPO)
This article talks about the Open Source Program Office (OSPO) organisational structure and its value.
Definition
TODO group defines the OSPO thus:
An open source program office (OSPO) serves as the center of competency for an organization's open source operations and structure. It is responsible for defining and implementing strategies and policies to guide these efforts... (continues) - OSPO Definition, TODO Group
Creating The OSPO
See: Creating An OSPO
Staffing
Who do you need in the OSPO?
- Guild Model: ideally, you need representatives interacting with the OSPO from all the areas of business: finance, HR, Legal etc. Several firms operate their OSPO on a "Guild Model", with staff being present in the OSPO and their line function.
- IP Council: You may need someone who is expert on software licensing if this is part of the remit of your OSPO.
- IP Policy The organisation's IP Policy has a bearing on whether employees can contribute to open source.
Remit
What concerns are inside the OSPO? What should you not focus on?
A Software Catalogue: sometimes, an OSPO is about mandating certain types of technologies. Are you trying to establish standards for the estate?
Vulnerabilities: who is dealing with reported vulnerabilities on used projects? Is there reporting and a process around closing these? Should the OSPO be tracking that? In order to establish this, you will need to know what software is being consumed within the organisation.
Procurement: OSPOs might recommend open source software to invest in strategically, or try to help the procurement team break out of the vendor/proprietary software relationships and use more open source solutions.
Communicating and Executing on Open Source Strategy: See Strategy article.
See:
- TODO Group's OSPO Mind Map
- TODO Group's How to Create an Open Source Program Office
Tools
Some tools which help OSPOs do their work.
- Backstage: Builds a graph of the tech landscape by consuming other golden-sources of data, such as GitHub, Artifactory, Jenkins, JIRA, etc. This gives you a really good high-level view of the whole landscape. More and more sources are getting backstage plugins to allow them to connect their data.
- SBOMs: A way of describing the provenance and contents of a software library or package.
- LFX: tbd.
- cauldron.io: Open Source Analytics platform.