What is an Open Source Program Office and why you should have one

[This article is contributed by TODO Group, an OSI Affiliate organization]

The rise of the Open Source Program Office (OSPO) roughly mirrors the proliferation of Open Source software to build and run the most important technology applications within organizations in the world today. A well-designed OSPO is the center of competency for an organization’s Open Source operations and structure. Its role can include setting code use, distribution, selection, auditing, and other policies, as well as training developers, ensuring legal compliance, and promoting and building community engagement that benefits the organization strategically.

The Evolution of the OSPO: from tech giants’ resources to a worldwide adopted open source best practice

The OSPO concept is now about two decades old but really started to accelerate in the last decade or so, spreading beyond the boundaries of technology firms. Nowadays companies like Amazon, Google, VMware, Cisco, Goldman Sachs, Porsche, Aiven are encouraging their employees to contribute to Open Source projects that are strategic to their business and security. Initially focused on license compliance in the early days, the OSPO often plays a broader role inside organizations today.

OSPOs serve to educate developers and other employees about Open Source by fostering best practices and participation in communities to make developers more efficient. Over time, OSPOs have evolved from engaging in existing projects to generating and launching projects to the broader community. Upper-level management is more likely to acknowledge the crucial role that Open Source technologies play in accelerating innovation and sharing software development costs across multiple beneficiaries.

The formation of OSPOs can be analogous to when organizations first started to establish Chief Information Security Officer positions (CISO) as a reaction to security incidents. The organizations that established these centers of security competency protected and armed themselves for a better future. Those who did not, suffered the consequences of poor security practices with negative financial impact.

When you should start an OSPO

Chances are, your organization may already have an OSPO although under a different name. Depending on the organization’s industry, size, values, or even the region where it’s established at, it may be known as FOSS Center of Competence like at Mercedes-Benz or Open Source Programme Office at the World Health Organization.

Starting an Open Source Program office means moving from open source ad-hoc to adopting a strategic posture around open source. If your organization is not there yet, we recommend reading “How to convince your manager to start an OSPO” or taking a look at the different responsibilities to better explain to managers the mission of the OSPO.

Crucial characteristics and responsibilities of an OSPO

According to the Evolution of the OSPO study conducted by the Linux Foundation, any function calling itself an OSPO likely indicates that the organization has reached a maturity stage and critical mass where its OSPOs share key characteristics:

  • Employees or teams are tasked with fostering and nurturing OSS usage.
  • The organization has a formal policy around the use and production of OSS.
  • Decision-makers and recognize that OSS and open source more broadly are important strategic assets.
  • Significant numbers of employees or teams are contributing code to open source projects.
  • Processes, procedures, and tools are in place to streamline and facilitate open source consumption and participation.

OSPO responsibilities vary depending on many factors, such as the organization size, industry, or culture but overall, the OSPO mind map can help you identify all different topics an OSPO can potentially take care of within an organization.

As the world shifts from proprietary software to Open Source everywhere, the role of the OSPO will grow in importance. The expectation of a successful OSPO will transition from educating developers or marshaling code contributions to adding meaningful strategic value and driving higher level Open Source strategy, innovation, and developer efficiency.