Level 4: Engagement & Hosting
At this level, an organization has a well-managed process for open source software. Open source is culturally embedded in the organisation and its value is understood. At this level the organisation itself is hosting and maintaining software projects that they have open-sourced.
Hosting Open Source Projects
While at other levels an organisation may have had individuals contributing to open source, at this stage the organisation might be the primary sponsor of one or more OSS projects. According to the TODO Group:
... organizational leaders support incubating and launching open source projects into the public sphere because they understand how these projects benefit their organization. Such projects tend to offer better performance and economics on crucial capabilities that may be noncore to the organization’s value proposition but critical to its technology infrastructure.
Security
At this maturity level, organisations must understand open source security from the perspective of providing open source software: the reputation of the organisation may be affected if the software it provides is found to cause a security vulnerability.
Foundations
At this level, an organisation might work closely with an open source foundation such as Apache or FINOS. As The TODO Group points out:
Some OSPOs prefer to launch projects with the assistance of the major open source foundations or collabora- tives, such as the TODO Group, to enhance capabilities or provide infrastructure, tactical assistance, and other resources. This pref- erence is less resource intensive but cedes control of a project to a broader community.
Further Reading
The OW2 Open Source Good Governance Initiative refers to this level as the "Engagement Goal":
This Goal develops the corporate perspective. Contributing back to open source projects and supporting open source communities. Developing project visibility: communicating and participating in open source industry and community events. At this level, the enterprise engages with the OSS ecosystem and contributes to its sustainability.
The TODO Group refers to this level as "Hosting OSS Projects and Growing Communities", and makes it clear that this is a step-up from the level before where it was individuals contributing:
At Stage 3, organizations initiate and then host or act as primary sponsors of OSS projects. They will dedicate one or more FTEs to a project, and they accept responsibility for nurturing a project community and ensuring its health. They don’t confuse this level of organizational commitment with individual employees who decide to open-source their projects