Skip to main content

Ad-Hoc Open Source Usage

A quick reference guide for organisations at Level 1 maturity—where open source is being used, but without formal governance.

At Level 1, open source is already in your organisation. Developers are using it, whether or not there's official policy. The question isn't whether to use open source, but how to do so effectively and safely.

1. Common Barriers

Getting started with open source in a regulated firm often means overcoming practical obstacles:

  • Firewall restrictions blocking download sites and package repositories
  • GitHub/GitLab access blocked as "social media"
  • Preference for proprietary tools from existing vendor relationships
  • No clear process for evaluating or approving open source

See: Using Open Source Software for approaches to opening the firewall and accessing source repositories.

2. Building Momentum

To move beyond ad-hoc usage, you need to build a coalition:

  • Find like-minded colleagues who also need open source
  • Document compelling use cases (Python, R, modern frameworks)
  • Present open source as reducing cost and risk, not creating it
  • Build an internal community to share knowledge and advocate for change

See: Managing Open Source Based Projects for guidance on skills inventory and building support structures.