1. ©2021 VMware, Inc. @geekygirldawn
Navigating Open
Source Project Risk
All Things Open October 2021
Dr. Dawn M. Foster
Director of OSS Community Strategy
fosterd@vmware.com fastwonderblog.com
Open Source at VMware @vmwopensource
blogs.vmware.com/opensource

2. @geekygirldawn
©2021 VMware, Inc.
Why should you care?
Ownership and Governance
Policies and Documentation
Community
Resources
Final Thoughts
2
Agenda
Photo by Marco Verch - CC BY 2.0

3. ©2021 VMware, Inc. @geekygirldawn 3
whoami
• Geek, traveler, reader
• 20+ yr tech career focused on
community & open source
(Intel, Puppet, Scale Factory, …)
• OpenUK Board, CHAOSS Board and
Maintainer, TODO Group Steering
• CNCF Contributor Strategy TAG
• PhD from the University of Greenwich
focus on Linux kernel collaboration
Photos by Mom, Josh Bancroft, Don Park

4. ©2021 VMware, Inc. @geekygirldawn
Your business could
be disrupted
4
Why do we care about risk?
https://xkcd.com/2347/

5. ©2021 VMware, Inc. @geekygirldawn
Strategies should take
OSS risk into account
5
Risk and Strategy

6. ©2020 VMware, Inc. @geekygirldawn
Ownership and Governance
Photo by K-nekoTR - CC BY-NC-ND 2.0

7. ©2021 VMware, Inc. @geekygirldawn 7
Business Risk Licensing Example
Server Side Public License*
(SSPL)
*Not an Open Source Initiative (OSI) approved open source license!

8. ©2021 VMware, Inc. @geekygirldawn 8
Business Risk Governance Examples
Undermines the project
leading to forks
and other disruptions

9. ©2021 VMware, Inc. @geekygirldawn
Leadership,
trademarks,
and projects
9
Determining
Neutrality for
Foundations?
Image by Thomas Hawk CC BY-NC 2.0

10. ©2021 VMware, Inc. @geekygirldawn
Lower risk:
participate as equals
10
Neutral Foundations

11. ©2021 VMware, Inc. @geekygirldawn
Higher risk:
single company
in control
11
Company
Originated
Photo by Jan Fidler - CC BY 2.0

12. ©2020 VMware, Inc. @geekygirldawn
Lower risk:
Processes for how
people collaborate
and make decisions
12
Governance is
about People

13. ©2021 VMware, Inc. @geekygirldawn
Lower risk:
documented
neutral
leadership by
individuals
13
Leadership
Image by the CNCF CC BY-NC 2.0

14. ©2021 VMware, Inc. @geekygirldawn 14
Photo by Gael Varoquaux CC BY 2.0
Policies and Documentation

15. ©2021 VMware, Inc. @geekygirldawn
Lower risk:
proactive
security response
and policies
15
Security
Image by darwin Bell CC BY-NC 2.0

16. ©2021 VMware, Inc. @geekygirldawn
Licensing, code of conduct,
contribution, and
communication process
16
Minimum
Documentation
Photo by Ginny - CC BY-SA 2.0

17. ©2020 VMware, Inc. @geekygirldawn
Community
Image by the CNCF CC BY-NC 2.0

18. ©2021 VMware, Inc. @geekygirldawn
Lower risk: helpful, kind, respectful, and welcoming
18
Awesome Community
Kubernetes CNCF CC BY 4.0

19. ©2020 VMware, Inc. @geekygirldawn
Inclusive projects
are lower risk
19
Diversity,
Equity, and
Inclusion
Photo by David Jakes - CC BY 2.0
https://chaoss.community/metrics

20. ©2021 VMware, Inc. @geekygirldawn
Lower risk: keeps up
with contributions
20
Responsiveness
Image by Joe Penniston CC BY-NC-ND 2.0

21. ©2021 VMware, Inc. @geekygirldawn
Lower risk:
active contributors and
organizational diversity
21
Contributor Risk
Image by the CNCF
CC BY-NC 2.0

22. ©2021 VMware, Inc. @geekygirldawn
Lower Risk:
many adopters /
end users
22
Adopters
Image by the CNCF CC BY-NC 2.0

23. @geekygirldawn
©2020 VMware, Inc. 23
Resources
Linux Foundation’s TODO Group
https://todogroup.org/guides/
CNCF Contributor Strategy TAG Docs
https://contribute.cncf.io/maintainers/
The Open Source Way Guidebook
https://github.com/theopensourceway/guidebook/
Photo by Vicente - CC BY-NC-ND 2.0

24. ©2021 VMware, Inc. @geekygirldawn
Make informed and strategic
decisions about how much risk
to accept and plan to
monitor / mitigate those risks.
24
Final Thoughts on Risk
Photo by Mohanraj Sivanandam - CC BY 2.0

25. ©2021 VMware, Inc. @geekygirldawn
Dr. Dawn M. Foster
fosterd@vmware.com
fastwonderblog.com
Open Source at VMware
blogs.vmware.com/opensource
@vmwopensource
25
Thank You!
Photo by Thangaraj Kumaravel - CC BY-NC-ND 2.0