Open Source Activities
This section of the OSBOK describes common activities performed by staff involved in the consumption or contribution of open source software. Where possible, the OSBOK identifies the role performing this activity.
The Activities
For easy navigation, the activities are broken down by the 5 levels of the Maturity Model.
Level 1: Ad-Hoc Usage
Level 2: Compliance
Compliant Open Source Consumption
Using open source within regulated organisations must be done in accordance with the policies and procedures in place to control risks and adhere to regulation. In this article we will look at:
Software Inventory
Software inventory is a precondition to most of the activities involved in OSMM level 2. The first step to licence compliance or supply chain security is to understand what software is in your estate.
License Compliance Management
There are several key points that a large enterprise should consider to ensure compliance with open-source license obligations:
Open Source Supply Chain Security
In this article we are going to look at the growing issue of software supply chain attacks via some examples and then look at the emerging field of open source supply chain security: what it is, current best practices, the institutional landscape and emerging legislation.
Creating an Open Source Policy
THIS IS A PLACEHOLDER
Creating an Open Source Program Office (OSPO)
An Open Source Program Office (OSPO) is designed to be the center of competency for an organization's open source operations and structure as defined by the TODO group.
Open Source Consumption Training
This guide is intended to help OSPOs of all maturity levels build an open source training course that is created with purpose to deliver impact. Whether your OSPO recently launched or is looking into re-doing the firms open source training, this guide will provide ideas and content that can be implemented to a comprehensive open source training course.
Level 3: Contribution
Open Source Development In A Public Repository
THIS IS A PLACEHOLDER
Making The Case For Contribution
Organisational change can be very hard to achieve since organisations are naturally protective of themselves and the status quo. Setting up an OSPO and beginning an open source journey will seem like a risky and dangerous proposition for many parts of an organisation.
Ensuring Open Source Compliance For Contribution
Contributing to an open source project from within a regulated firm is likely to contravene one or more policies. Staff who contribute to open source as part of their jobs are likely to be in breach of their terms of employment or likely to get disciplined. For this reason, in order to enable open source contribution, new policy needs to be written which creates space within the compliance landscape.
Open Source Contribution Training
It is generally preferable if an Open Source Contribution Policy can be enforced via tooling (so called policy as code). However, often policy will refer to behaviours and expectations of staff which cannot be controlled through systems. In these cases, training courses will be needed to help promote desired behaviours.
Surveillance Processes
This article looks at the best practices around surveillance (of communications) to enable open source contribution.
Publication Processes
This article looks at the best practices around publication (of code) to enable open source contribution.
Fostering Community Engagement
Within the Open Source Ecosystem, millions of projects exist and some of the projects are duplicate efforts. The open source community is vast and sometimes very hard to reach.
Building an Open Source Culture
When people think about open source, most often they think about the engineering aspects: contributing or consuming code. But community and culture are a central part of the open source world and should not be overlooked.
Managing Open Source Talent
Managing talent in financial institutions is crucial because the quality, motivation, and expertise of their workforce directly influence the institutions' ability to innovate, maintain a competitive edge, comply with regulatory requirements, and ultimately drive financial performance and growth.
Level 4: Hosting
Why Open-Source a Firm Project?
Just as there are many reasons to contribute to open source projects, it is the same when it comes to a financial institution deciding to open-source. However, the reasoning behind might be different.
Contributing Your Own Open Source Project
THIS IS A PLACEHOLDER
Maintaining An Open Source Project
We currently live in a world where OSS is everywhere, consumable, helpful and can make a positive or negative outcome on the programs we rely on. Strong open source projects can lessen technical debt, increase reusability and discoverability. For the purpose of this guide, we will cover some key principles and practices for managing your open source project effectively.
Interacting with Foundations
THIS IS A PLACEHOLDER
Incubating With An Open Source Foundation
Incubating an open source project within a foundation offers numerous benefits which includes increased visibility, community support, and access to resources that can propel your project to new heights.
Level 5: Leadership
Leveraging Open Source as a Strategy
OSMM Level 5 is about Strategy. At this level, you seek to make decisions that shape the technology landscape in your favor to create new opportunities.