Open Source in the Enterprise

•

0 likes•38 views

Nick Williams, Morgan Stanley: Open Source in the Enterprise. All enterprises consume open source in some fashion. Open Source takes its life from contributions and so by contributing code back to open source, it reduces risk to organizations by keeping that software alive and relevant. However the mechanics, the risks, the best practices for contribution are often unclear and that doubt and uncertainty can hold back organizations from contributing. The aim of this talk is to cover experiences, best practices that I have seen work well for contributing, advice on making open source that can be easily adapted to other enterprises, and some ideas on building a community. Each of these sections aim to provide specific actionable steps that be adopted or adapted by different organizations.

Technology

Open Source in the Enterprise
Nick Williams

[OPTIONAL DESCRIPTOR] [PRESENTATION NAME AND | OR DATE] 2
Background:Morgan Stanley

[OPTIONAL DESCRIPTOR] [PRESENTATION NAME AND | OR DATE] 3
Case Study in Contribution:TheAutomounter
• Integrating new versions took considerable time.
• More than 10 versions of the automounter released in the last 15 years, still going
strong.
• By contributing our patches and working with the community, we have:
– Saved effort on integrating new versions.
– More rapidly adopted new versions.
– Able to adopt new distributions with minimal risk.
– Collaborated over problems with the community.

[OPTIONAL DESCRIPTOR] [PRESENTATION NAME AND | OR DATE] 4
Benefits of Contribution
• Open source allows you to avoid private forks that cause a non-competitive
maintenance burden.
• Contributing demonstrates that your enterprise is an active participant in the
community.
• Open source mitigates risk from:
– Software obsolescence.
– Vulnerabilities or bugs through insufficient review.

[OPTIONAL DESCRIPTOR] [PRESENTATION NAME AND | OR DATE] 5
Contribution Process
Contrib
utor
Manage
ment
Legal
and
Compli
ance

[OPTIONAL DESCRIPTOR] [PRESENTATION NAME AND | OR DATE] 6
Contributor:Managing the Distribution
Software Contributions
• Data leakage protection:
– Code review.
– DLP tools.
• How do you get the software to the manager of the
software? Email, GIT pull request, etc?
• Need to bring in next version containing
contribution and validate successful integration.
Managed Projects
• Data leakage protection:
– Code review.
– DLP tools.
• How do you push software to the external
repository?
• How do you manage pull requests/patch
submissions?
• How do you manage bug reports?

[OPTIONAL DESCRIPTOR] [PRESENTATION NAME AND | OR DATE] 7
Legal & Compliance:Managing the Distribution
Software Contributions
• Reviewing target contribution agreement (if one
exists).
• Reviewing:
– Code review.
– DLP tools.
• How do you get the software to the manager of the
software? Email, GIT pull request, etc?
• Need to bring in next version containing
contribution and validate successful integration.
Managed Projects
• Data leakage protection:
– Code review.
– DLP tools.
• How do you push software to the external
repository?
• How do you manage pull requests/patch
submissions?
• How do you manage bug reports?

[OPTIONAL DESCRIPTOR] [PRESENTATION NAME AND | OR DATE] 8
Legal & Compliance:Questions for the Contributor
• What license do you want to use?
• Who wrote the code? Under what contracts?
• What artefacts with their own licenses are distributed with this software?
• What forums will the team use for discussion of this open source?
• How to manage a contribution agreement?

[OPTIONAL DESCRIPTOR] [PRESENTATION NAME AND | OR DATE] 9
Building a Community

[OPTIONAL DESCRIPTOR] [PRESENTATION NAME AND | OR DATE] 10
Community Challenges
Forums
• Who can communicate? Approvals? Review?
Documentation
• What is it?
• In open source, customers are disconnected from
providers. Documentation is all that they get…
• “Hello World” – show something fast!
• Documentation aimed at the audience.
• Label experimental code.
• Documentation is the priority.
Activity
• Where is the canonical source?

[OPTIONAL DESCRIPTOR] [PRESENTATION NAME AND | OR DATE] 11
Conclusions
• Open Source is never free
• Open Source is worth the effort

Similar to Open Source in the Enterprise

Microsoft Program Offering Webinar January 2022

TechSoup

Starting an Open Source Program Office (OSPO)

Chris Aniszczyk

.org to .com: Going from Project to Product

Joshua L. Davis

Whether starting from greenfield or modernizing existing infrastructure, how do you remove the guesswork in deploying and maintaining cloud-based, business-critical workloads? From architectural decisions to fine-tuning scale and performance, our open source architects explain how top enterprises build and maintain their open source stacks, focusing on operational agility and cost-effectiveness. You will walk away with real use case examples and five ways to better plan and deliver your next cloud strategy.

5 strategies for enterprise cloud infrastructure success

Rogue Wave Software

InnerSourcing - Worldwide enterprise development teams collaboration

Julian Werba

VOCI Final Presentation

Elisabeth Brooks

OpenChain @ OSPOlogy.live Sweden 2022

Shane Coughlan

Startup Engineering Cookbook

Manish Jain

DevOps in Cloud OSLC Integration

Steve Speicher

The value of software is only potential value until it is in users’ hands. There can be many roadblocks to software getting into those hands. These roadblocks tend to revolve around elaborate deployment pipelines stemming from Configuration Management Debt: * Over-burdened release engineering and operations teams * High coupling with centrally managed architecture element/component * Source control practices that impact delivery velocity * Too many variations/versions of the software supported in production * Poor integration processes across architecture components and scaled team delivery * Too many hand-offs between teams in order to release software to users * Code changes feel too risky and takes too long to validate before releasing into production * Poor documentation practices In organizations that have effective configuration management practices it is common to see deployment pipelines that have a smaller number of hand-offs between teams, architectures that tend to be more malleable, and efficient validation processes. By focusing on reducing Configuration Management Debt it is simpler to identify aspects of the integration and release management process that need to be tackled in order to get working software in the hands of users sooner while reducing the bottlenecks in the organizational processes and practices. In this session we will discuss specific approaches and examples on how reducing Configuration Management Debt leads to reducing other forms of software debt including: * Smaller number of hand-offs: Platform Experience Debt * Malleable architectures: Design Debt * Efficient validation processes: Quality Debt * More testable software: Technical Debt

Reduce Time to Value: Focus First on Configuration Management Debt

Chris Sterling

RTP Bluemix Meetup April 20th 2016

Tom Boucher

Cooperativ Pitch Deck (Blockchain)

Jacob Chase-Lubitz

Top Coder Platform Overview 92209

Brian

IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...

Niklas Heidloff

Selecting an Open Source License and Business Model for Your Project to Have ...

All Things Open

Open Source ETL

David Morris

IntelliDrive Mobility Workshop - TriMet

bibianamchugh

Near east university

DerrickDusabe

#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...

Paris Open Source Summit

SA Chapter 7

Nuth Otanasap

Similar to Open Source in the Enterprise (20)

Microsoft Program Offering Webinar January 2022

Starting an Open Source Program Office (OSPO)

.org to .com: Going from Project to Product

5 strategies for enterprise cloud infrastructure success

InnerSourcing - Worldwide enterprise development teams collaboration

VOCI Final Presentation

OpenChain @ OSPOlogy.live Sweden 2022

Startup Engineering Cookbook

DevOps in Cloud OSLC Integration

Reduce Time to Value: Focus First on Configuration Management Debt

RTP Bluemix Meetup April 20th 2016

Cooperativ Pitch Deck (Blockchain)

Top Coder Platform Overview 92209

IBM Connect 2013 - BP212: Apps, Apps and more Apps: Meet the Very Best Open S...

Selecting an Open Source License and Business Model for Your Project to Have ...

Open Source ETL

IntelliDrive Mobility Workshop - TriMet

Near east university

#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...

SA Chapter 7

More from FINOS

2019-03 - An introduction to FINOS

FINOS

Technology leaders (CTO, VP Infrastructure, etc.) at most organisations are always looking for better and more efficient ways to address business needs. Performance is one of the critical attributes leaders consider while making data center infrastructure decisions, but with limited budgets, cost efficiency becomes an important criteria as well. This talk will discuss both CapEx and OpEx advantages of open networking, combined with technical benefits that lead to easier automation, scaling and troubleshooting.

OSSF 2018 - Peter Crocker of Cumulus Networks - TCO and technical advantages ...

FINOS

This talk focuses on how Financial Services companies prepare for the next big technology step change while running a heterogeneous infrastructure environment (edge, fog, colo, primary data centre, etc). Financial Services companies are looking for best practices gleamed from hyper-scale companies like Facebook, Microsoft and Google who run highly efficient private and public clouds. The sharing of open hardware and data centre designs is a core strategy for these companies and the basis for the Open Compute Project (OCP). The Open Compute Project (OCP) was started by Facebook in 2011 with the idea of delivering the most efficient designs for scalable computing through an open source hardware community. We believe that openly sharing ideas, specifications, and other intellectual property is the key to maximizing innovation and reducing complexity in technology components. Goldman Sachs (a current board member of OCP) is one example of a company who is leveraging these designs. OCP designs are more efficient at the ingredient level (server, storage, networking) compared to traditional gear yielding energy savings of 15% + and reduced service costs of ≈ 50%. Also, OCP data centres achieve PUE's better than 1.1 (definition). In fact, IDC forecast that by 2020 OCP Servers are expected to represent 50% of the global market. In this session we would discuss the key strategies Financial Services companies need to consider now to simplify the migration and data centre transformation from conventional gear to OCP and open source. We would provide specific examples of how other Financial Services companies and large enterprises have made this transition. Additional goals would include: • Research findings – share results comparing OCP with legacy infrastructure from large enterprises who have tested OCP gear in their local facilities. • Facebook and Microsoft – help the audience understand which OCP designs from hyper-scale companies can be used for each environment (colo, edge, etc.)

OSSF 2018 - Steve Helvie of the Open Compute Network - Rethinking Infrastruct...

FINOS

The scale of modern software systems is growing beyond the capability of individuals and teams to keep track of them. This is caused by new software development and deployment technologies, DevOps automation, increasingly powerful hardware and massive use of open source. Traditional proprietary Software Composition Analysis (SCA) products, which were developed to help mitigate Open Source licensing and vulnerability risks, and ensure software is within company policy and industry compliant, have struggled to keep up with this new scale and its modern methods like continuous integration, continuous package updates and agile releases. Because proprietary solutions are unable to keep up, companies are working to build their own internal systems to plug the gaps, which takes away from their core business needs. The Eclipse Foundation recently announced a new project, OSCAR, to solve the problem of scaling SCA to modern needs with an Open Source approach. OSCAR, which stands for Open Software Composition Analysis Reinvented, aims to integrate the new building blocks into a complete installable SCA solution and act as an industry forum to coordinate coherent further development. Different from other “community driven” OSS projects, OSCAR is built around an industry consortium of supporters, which fund and contribute to the project, in an Eclipse Working Group (OpenSCA). Foundation of a Steering Committee, decision meetings on first milestone goals to build as well as first contributions are underway. The talk will explain why SCA is vital for any organization who works with Open Source, the OSCAR’s “hybrid” approach, and give an outlook on what to expect from OSCAR

OSSF 2018 - Stefan Just of Codescoop - OSCAR - a new approach to Software Com...

FINOS

OSSF 2018 - Nick Kolba of OpenFin - FDC3 and the Legacy of Web Intents

FINOS

Banks have been users of open source software for a long time, but now they are thinking seriously about giving back. A lot of internal resistance needs to be overcome, and lots of individuals within a large investment bank truly believe their piece of custom built software provides a competitive advantage. At Adaptive, we have seen a lot of very similar internal projects at various institutions, and have formed a view about what truly constitutes competitive advantage. What is good for the organisation may not be good for a given development manager. Further to the issues around over jealously guarding specific development efforts is the problem that what is open sourced is often far too coupled to a bank's non-open sourced tech stack. Causing more subtle difficulties in working with another bank's open sourced technology stack is that it is often implicitly coupled to their culture, processes or business model. Picking what to open source is a huge part of the challenge. In this talk, I will give Adaptive's view on what is competitive advantage, what to open source so that it is picked up by the wider community, and actual benefits are seen.

OSSF 2018 - Matt Barrett of Adaptive - Open sourcing a bank's software: exact...

FINOS

In this talk Jamie Jones, GitHub’s Principal Architect, Diane Mueller is Director, Community Development at Red Hat, and Maurizio Pillitu, FINOS DevOps Director, present what are the most common barriers and technical frictions that prevent financial institutions to fully embrace open source. The FinsServ Developer Experience is a new FINOS Program that aims to consolidate a safe, accessible and shared workflow for developers in the financial world, who are welcome to join the talk and share their experiences. The program leads will be on stage to present charters, updates and to call for the participation of developers and software vendors wanting to plug their build automation tools and data APIs inside the FINOS Developer Experience.

OSSF 2018 - Overcoming Compliance Barriers to Open Source Collaboration Infra...

FINOS

This training session will cover some of the topics from the OpenChain curriculum, including: introduction to intellectual property law as related to open source introduction to open source licenses overview of using open source software in products and open source license compliance considerations for open source contributions and projects The goal of this session is to provide basic foundation knowledge of open source software upon which to start building policy, process and practices within your organization.

OSSF 2018 - Jilayne Lovejoy - Training: Intro to Open Source

FINOS

The draw for financial services' use of open source in today's competitive environment is certainly built on the need to manage costs, but equally as important, to innovate and help solve business challenges. Implementing open source policies, processes and tools the right way could mean the difference between being a leader in the industry and costly mistakes that impact your reputation and bottom-line. In this session, Jeff Luszcz, Vice President of Product Management at Flexera, takes a deep dive into some of the common--and not so common--concerns and best practices surrounding using open source. Jeff will discuss the needs of the different open source culture types including compliance and security, how to manage commercial suppliers and compliance artifacts (third party notices, 'About' boxes, source bundles, etc.), and industry standards such as OpenChain and SPDX. Jeff will address lessons learned from deploying software composition analysis (SCA) scanning tools across the enterprise, the importance of developing processes that enhance the value of engineers and developers versus making their jobs harder, and how legal, engineering, and security work together to develop remediation policies that make sense. Jeff will also discuss how to work best with Open Source projects in order to give back to the community. Join Jeff for this talk if you are involved in open source use, compliance and security and want an in-depth look at both the expected and unexpected issues you could face in your open source efforts.

OSSF 2018 - Jeff Luszcz of Flexera - Day 2 - Open Source Culture, Standards, ...

FINOS

In this talk Jeff Luszcz, Vice President of Product Management at Flexera, explores the lessons learned over years of experience with Open Source consumption, the most common compliance and security issues, reasons for software component rejection, and tips and tricks for improving your compliance efforts. It is becoming common for open source compliance reviews to be performed both when a component is being first selected, or later on after the component has already been integrated into a system. This presentation will detail the most common reasons why an open source software component would be rejected for use or would be removed from an existing system due to compliance or security reasons. This talk will include a checklist of the most common compliance review failures as well as the differences in expectations between the creators of open source packages and their users. Common remediation tasks, go-no tests and documentation expectations will be discussed. The talk is for anyone involved with ensuring open source license compliance.

OSSF 2018 - Jeff Luszcz of Flexera - Common Open Source Intake Issues and How...

FINOS

Many firms first look to open source to lower the costs of their non-competitive technology, like back-office systems. This talk will show how open-sourcing software that is critical to an organization's competitive edge can create value by exploiting the network effects of collaborative development. Jared Broad, CEO of QuantConnect, will explore why his company open-sourced LEAN, its radically open source algorithmic trading platform, and how QuantConnect has attracted over 60,000 engineers with its professional-grade backtesting and live-trading system used by banks and funds globally.

OSSF 2018 - Jared Broad of QuantConnect - Motivations and Business Goals for ...

FINOS

Pull Requests? Upstream Remotes? Compact Discs? Understanding how to publish code developed inside your organization into the Open Source world can leave you with more questions than answers. In this talk, we will cover key strategies, as well as the workflows and tools that make it possible, for moving past merely consuming open source on GitHub to becoming contributors. Whether you are an IT Manager or Head of Open Source, you will walk away with tips to on how to contribute while staying compliant with legal, technical and security approvals within your organization.

OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...

FINOS

Today, open source dominates IT and communications infrastructure from the cloud to corporate data centers and the emerging edge. But open source with its rapid pace of development, frequent releases, and prolific patch set defies traditional practices and conditions for building mission- and business-critical software: stability, auditability and standards-compliance. This talk will examine how companies address this "impedance mismatch" in consuming, integrating and deploying open source in applications that demand predictability and sustainability. In particular, the presentation will cover (re)defining mission- and business-critical in the context of open source technology-centric and process-based approaches to OSS-derived product life-cycles forking and minimizing technical debt building community visibility to support derived product roadmaps

OSSF 2018 - Greg Olson of Open Source Sense - Building Mission- and Business-...

FINOS

Collaboration within open source projects is becoming increasingly important for most companies, but it can be difficult to strike the right balance between the needs of the company and the open source project. Dawn Foster works on open source software strategy at Pivotal and has 20+ years of experience leading open source software initiatives at companies like Puppet Labs, Intel, and Jive Software. Her talk will focus on how companies can develop a successful strategy for participation and collaboration in open source projects, including how to be a good corporate citizen.

OSSF 2018 - Dawn Foster of Pivotal - Open Source Collaboration: Finding the R...

FINOS

Innovation in the past decade has been been propelled by collaborative yet market-driven approaches to intellectual property rights. The standard setting process is a prime example of such a collaborative effort by incorporating the best intellectual property of a given field into a standard and insuring such standard essential patents (SEPs) are then licensed to adapters on fair, reasonable and non-discriminatory (FRAND) terms. This construct has resulted in groundbreaking technology in sectors ranging from telecommunications to autonomous vehicles. However, some have argued that SEPs are incompatible with open source licenses. Examining the historical record of open source development, the open source definition and relevant case law shows that open source and SEPs can and do work together to protect intellectual property rights and spur innovation.

OSSF 2018 - David Kappos of Cravath, Swaine & Moore - Accounting for Patents ...

FINOS

Open source components have become a key building block for application development in today’s market where companies are under constant pressure to deploy products as fast as possible. The recent increase in open source usage, however, has introduced many new security challenges. Over the past few years, we have seen a variety of open source vulnerabilities wreak havoc across the web (Heartbleed, Shellshock, and POODLE) which woke organizations up to the risks that come along with the convenience of using open source components. Join our session to: Learn how open source security vulnerabilities are found Learn how to address any open source security concerns within your organization Understand the difference between securing your open source components and your proprietary code Learn how to automatically detect vulnerable open source components and prioritize security alerts

OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101

FINOS

Inner source applies the lessons learned from open source way of developing software within organizations. This helps to scale organizations development strategy, break silos of developers, encourage internal collaboration, and be faster to market. If we think about why open source has been so successful, we have to consider attributes such as transparency, communication, collaboration, innovation or meritocracy. And this can be applied internally within the walls of each organization creating an 'internal open source' or the so called inner source. As more and more developers are becoming used to platforms such GitLab, GitHub, or Bitbucket, those are willing to use similar infrastructure and modern tools internally at their organizations. Thus, inner source is another way to modernize development teams, but at the same time, a way to be close to how open source is developed from a cultural point of view, process, and tooling. Inner source can be considered then as a pre-step to publicly release a project. Ideally, only a press-button-action is the difference between having that project as inner source within the organization, or as open source, available to everyone. Daniel will discuss best practices for innersourcing based on his participation in InnerSource Commons, a community of practitioners built for developing and sharing knowledge and patterns for successful innersourcing.

OSSF 2018 - Daniel Izquierdo of Bitergia / InnerSource Commons - Starting wit...

FINOS

Leading Fintech companies are bullish on Open Source, but most of them still don't know how to get involved in ways that harmonize with the Regulatory climate of the Financial Services industry. In this talk you'll learn how to maintain Security within transparently developed software assets and how to teach your internal developers to collaborate safely and sanely? You'll hear about the best pathways to building an Open Source program at your Fintech company without costly mistakes that can reflect badly on your brand. Lastly you'll learn about a community of practice that is perfectly suited to the needs of Fintech companies looking to get started in Open Source.

OSSF 2018 - Danese Cooper of NearForm - Getting the most out of Open Source i...

FINOS

The Developer (GrokOpen - Colin Charles) Your popular OSS project gets corporate-backing & widespread community adoption. You create an enterprise supported version as it's easier to sell an "enterprise spin-off with support" that is better than the currently "stable" community edition. It flourishes as the money starts rolling in. Is one version better than the other? The community gets annoyed but you need resources to keep the releases coming and the code maintained. Just because it’s open source doesn’t mean it’s free. Forking happens. Rewind. What works? What doesn’t work? How do you manage the split personality nature well to keep management as well as the community happy. Learn from other successful models as well as the many failed experiments.

OSSF 2018 - Colin Charles of GrokOpen - Community vs. enterprise how not to ...

FINOS

OpenChain is a scalable, flexible compliance programme, developed by the Linux Foundation. Based on well-understood compliance programmes such as ISO 27001, it maps existing supply-chain procurement and production practices from other sectors into software development. It provides a great foundation for businesses of all sizes to adopt appropriate practices and procedures in place to control development and supply chain risks, with particular emphasis on open source licence compliance. Already adopted by companies like Qualcomm, Siemens, Toyota and ARM, it’s rapidly becoming a procurement standard for open source and open-source-derived software. The speaker, Andrew Katz, has helped companies of all sizes to adopt open chain procurement practices, and presents case studies on the process and benefits.

OSSF 2018 - Andrew Katz of Moorcrofts - OpenChain: a Tested Framework for Ope...

FINOS

More from FINOS (20)