SlideShare a Scribd company logo
1 of 18
Download to read offline
©2021 VMware, Inc. @geekygirldawn
Navigating Open
Source Risk
Open Source Lisbon June 2021


Dr. Dawn M. Foster


Director of OSS Community Strategy


fosterd@vmware.com fastwonderblog.com


Open Source at VMware @vmwopensource


blogs.vmware.com/opensource
@geekygirldawn
©2021 VMware, Inc.
Why should you care?


Ownership and Governance


Community


Resources


Final Thoughts
2
Agenda
Photo by Marco Verch - CC BY 2.0
©2021 VMware, Inc. @geekygirldawn 3
whoami
• Geek, traveler, reader

• 20+ yr tech career focused on
community & open source 

(Intel, Puppet, Scale Factory, …)

• OpenUK Board, CHAOSS Board and
Maintainer, TODO Group Steering

• Kubernetes contributor & CNCF
Contributor Strategy SIG

• PhD from the University of Greenwich
focus on Linux kernel collaboration
Photos by Mom, Josh Bancroft, Don Park
©2021 VMware, Inc. @geekygirldawn
Your business could


be disrupted
4
Why do we care about risk?
https://xkcd.com/2347/
©2020 VMware, Inc. @geekygirldawn
Ownership & Governance
Photo by K-nekoTR - CC BY-NC-ND 2.0
©2021 VMware, Inc. @geekygirldawn 6
Business Risk Licensing Example
Server Side Public
License*


(SSPL)
*Not an Open Source Initiative (OSI)


approved open source license!
©2021 VMware, Inc. @geekygirldawn 7
Undermines the project


leading to forks


and other disruptions
Business Risk Governance Example
©2021 VMware, Inc. @geekygirldawn
Leadership,


trademarks,


and projects
8
Determining


Neutrality for


Foundations?
Image by Andreas Komodromos CC BY-NC 2.0
©2021 VMware, Inc. @geekygirldawn
Lower risk:


participate as equals
9
Neutral Foundations
©2021 VMware, Inc. @geekygirldawn
Higher risk:


single company


in control
10
Company


Originated
Photo by Jan Fidler - CC BY 2.0
©2020 VMware, Inc. @geekygirldawn
Lower risk:


Processes for how


people collaborate


and make decisions
11
Governance is


about People
Photo by Allen and Allen - CC BY 2.0
©2020 VMware, Inc. @geekygirldawn
Image by the CNCF CC BY-N
2.0
Community
Image by the CNCF CC BY-NC 2.0
©2021 VMware, Inc. @geekygirldawn
Lower risk: helpful, kind, respectful, and welcoming
13
Awesome Community
Kubernetes CNCF CC BY 4.0
©2021 VMware, Inc. @geekygirldawn
Lower risk: keeps up


with contributions
14
Responsiveness
Image by Joe Penniston CC BY-NC-ND 2.0
©2021 VMware, Inc. @geekygirldawn
Lower risk:


active contributors 

and


organizational


diversity
15
Contributor


Risk
Image by the CNCF


CC BY-NC 2.0
@geekygirldawn
©2020 VMware, Inc. 16
Resources
CNCF Contributor Strategy Tag


https://github.com/cncf/sig-contributor-strategy


https://contribute.cncf.io/maintainers/


Linux Foundation’s TODO Group


https://todogroup.org/guides/


The Open Source Way Guidebook


https://github.com/theopensourceway/guidebook/
Photo by Vicente - CC BY-NC-ND 2.0
©2021 VMware, Inc. @geekygirldawn
Make informed and


deliberate decisions


about how much risk


we should accept and


monitor / mitigate


those risks.
17
Final Thoughts


on Risk
Photo by Mohanraj Sivanandam - CC BY 2.0
©2021 VMware, Inc. @geekygirldawn
Dr. Dawn M. Foster
fosterd@vmware.com


fastwonderblog.com


Open Source at VMware


blogs.vmware.com/opensource


@vmwopensource
18
Thank You!
Photo by Thangaraj Kumaravel - CC BY-NC-ND 2.0

More Related Content

Similar to Navigating Open Source Risk

Navigating Open Source Project Risk
Navigating Open Source Project RiskNavigating Open Source Project Risk
Navigating Open Source Project Risk
All Things Open
 
Measuring Project Health at VMware
Measuring Project Health at VMwareMeasuring Project Health at VMware
Measuring Project Health at VMware
Dawn Foster
 
GitHub API 101 with Python and Jupyter Notebooks
GitHub API 101 with Python and Jupyter NotebooksGitHub API 101 with Python and Jupyter Notebooks
GitHub API 101 with Python and Jupyter Notebooks
All Things Open
 

Similar to Navigating Open Source Risk (20)

Navigating Open Source Project Risk
Navigating Open Source Project RiskNavigating Open Source Project Risk
Navigating Open Source Project Risk
 
Collaborative Leadership: Governance Beyond Company Affiliation
Collaborative Leadership: Governance Beyond Company AffiliationCollaborative Leadership: Governance Beyond Company Affiliation
Collaborative Leadership: Governance Beyond Company Affiliation
 
Open Source Collaboration and Companies: Finding the Right Balance
Open Source Collaboration and Companies: Finding the Right BalanceOpen Source Collaboration and Companies: Finding the Right Balance
Open Source Collaboration and Companies: Finding the Right Balance
 
stackconf 2022: How to Be a Good Corporate Citizen in Open Source
stackconf 2022: How to Be a Good Corporate Citizen in Open Sourcestackconf 2022: How to Be a Good Corporate Citizen in Open Source
stackconf 2022: How to Be a Good Corporate Citizen in Open Source
 
How to Be a Good Corporate Citizen in Open Source
How to Be a Good Corporate Citizen in Open SourceHow to Be a Good Corporate Citizen in Open Source
How to Be a Good Corporate Citizen in Open Source
 
Be a Good Corporate Citizen in Kubernetes
Be a Good Corporate Citizen in KubernetesBe a Good Corporate Citizen in Kubernetes
Be a Good Corporate Citizen in Kubernetes
 
Be a Good Corporate Citizen in Kubernetes
Be a Good Corporate Citizen in KubernetesBe a Good Corporate Citizen in Kubernetes
Be a Good Corporate Citizen in Kubernetes
 
CHAOSS Metrics Overview and Examples
CHAOSS Metrics Overview and ExamplesCHAOSS Metrics Overview and Examples
CHAOSS Metrics Overview and Examples
 
Overcoming Imposter Syndrome to Become a Conference Speaker!
Overcoming Imposter Syndrome to Become a Conference Speaker!Overcoming Imposter Syndrome to Become a Conference Speaker!
Overcoming Imposter Syndrome to Become a Conference Speaker!
 
Measuring Project Health at VMware
Measuring Project Health at VMwareMeasuring Project Health at VMware
Measuring Project Health at VMware
 
GitHub API 101 with Python and Jupyter Notebooks
GitHub API 101 with Python and Jupyter NotebooksGitHub API 101 with Python and Jupyter Notebooks
GitHub API 101 with Python and Jupyter Notebooks
 
Pat Gelsinger - Welcome
Pat Gelsinger - WelcomePat Gelsinger - Welcome
Pat Gelsinger - Welcome
 
New Capabilities and Product Strategy for .NET on PCF
New Capabilities and Product Strategy for .NET on PCF New Capabilities and Product Strategy for .NET on PCF
New Capabilities and Product Strategy for .NET on PCF
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
 
2022 December Patch Tuesday
2022 December Patch Tuesday2022 December Patch Tuesday
2022 December Patch Tuesday
 
Picking Up the Pieces: How Campaigns Can Help Us Better Track Groups
Picking Up the Pieces: How Campaigns Can Help Us Better Track GroupsPicking Up the Pieces: How Campaigns Can Help Us Better Track Groups
Picking Up the Pieces: How Campaigns Can Help Us Better Track Groups
 
CPX360_2022_Endpoint Mobile.pptx
CPX360_2022_Endpoint Mobile.pptxCPX360_2022_Endpoint Mobile.pptx
CPX360_2022_Endpoint Mobile.pptx
 
Aaron Swain at VMware Tanzu Public Sector Connect 2021
Aaron Swain at VMware Tanzu Public Sector Connect 2021Aaron Swain at VMware Tanzu Public Sector Connect 2021
Aaron Swain at VMware Tanzu Public Sector Connect 2021
 
Audience-Driven Entertainment as the Next Frontier in Gaming / Christopher Ha...
Audience-Driven Entertainment as the Next Frontier in Gaming / Christopher Ha...Audience-Driven Entertainment as the Next Frontier in Gaming / Christopher Ha...
Audience-Driven Entertainment as the Next Frontier in Gaming / Christopher Ha...
 
Application Modernization: Migrating Mainframe Apps to the Cloud Using Spring
Application Modernization: Migrating Mainframe Apps to the Cloud Using SpringApplication Modernization: Migrating Mainframe Apps to the Cloud Using Spring
Application Modernization: Migrating Mainframe Apps to the Cloud Using Spring
 

More from Dawn Foster

Building Community for your Company’s OSS Projects
Building Community for your Company’s OSS ProjectsBuilding Community for your Company’s OSS Projects
Building Community for your Company’s OSS Projects
Dawn Foster
 
Building Community for your Company’s OSS Project
Building Community for your Company’s OSS ProjectBuilding Community for your Company’s OSS Project
Building Community for your Company’s OSS Project
Dawn Foster
 
Understanding Collaboration in Fluid Organizations, a Proximity Approach
Understanding Collaboration in Fluid Organizations, a Proximity ApproachUnderstanding Collaboration in Fluid Organizations, a Proximity Approach
Understanding Collaboration in Fluid Organizations, a Proximity Approach
Dawn Foster
 

More from Dawn Foster (16)

Collaboration in Linux Kernel Mailing Lists
Collaboration in Linux Kernel Mailing Lists Collaboration in Linux Kernel Mailing Lists
Collaboration in Linux Kernel Mailing Lists
 
Building Community for your Company’s OSS Projects
Building Community for your Company’s OSS ProjectsBuilding Community for your Company’s OSS Projects
Building Community for your Company’s OSS Projects
 
Building Community for your Company’s OSS Project
Building Community for your Company’s OSS ProjectBuilding Community for your Company’s OSS Project
Building Community for your Company’s OSS Project
 
How to be a terrible hiring manager
How to be a terrible hiring managerHow to be a terrible hiring manager
How to be a terrible hiring manager
 
A week in the Life of Kubernetes
A week in the Life of KubernetesA week in the Life of Kubernetes
A week in the Life of Kubernetes
 
Open Source Collaboration and Companies: Finding the Right Balance
Open Source Collaboration and Companies: Finding the Right BalanceOpen Source Collaboration and Companies: Finding the Right Balance
Open Source Collaboration and Companies: Finding the Right Balance
 
Strategies to Balance the Needs of the Company and the Community
Strategies to Balance the Needs  of the Company and the CommunityStrategies to Balance the Needs  of the Company and the Community
Strategies to Balance the Needs of the Company and the Community
 
Being a Good Corporate Citizen in Open Source
Being a Good Corporate Citizen in Open SourceBeing a Good Corporate Citizen in Open Source
Being a Good Corporate Citizen in Open Source
 
Open Source Collaboration and Companies: Finding the Right Balance
Open Source Collaboration and Companies: Finding the Right BalanceOpen Source Collaboration and Companies: Finding the Right Balance
Open Source Collaboration and Companies: Finding the Right Balance
 
Building a Community Metrics Strategy FOSDEM 2019
Building a Community Metrics Strategy FOSDEM 2019Building a Community Metrics Strategy FOSDEM 2019
Building a Community Metrics Strategy FOSDEM 2019
 
Open Source Collaboration: Finding the right balance
Open Source Collaboration: Finding the right balanceOpen Source Collaboration: Finding the right balance
Open Source Collaboration: Finding the right balance
 
Collaboration in Linux Kernel mailing lists
Collaboration in Linux Kernel mailing listsCollaboration in Linux Kernel mailing lists
Collaboration in Linux Kernel mailing lists
 
Collaboration in inux Kernel Mailing Lists 2018
Collaboration in inux Kernel Mailing Lists 2018Collaboration in inux Kernel Mailing Lists 2018
Collaboration in inux Kernel Mailing Lists 2018
 
Collaboration in Linux kernel Mailing Lists
Collaboration in Linux kernel Mailing ListsCollaboration in Linux kernel Mailing Lists
Collaboration in Linux kernel Mailing Lists
 
Understanding Collaboration in Fluid Organizations, a Proximity Approach
Understanding Collaboration in Fluid Organizations, a Proximity ApproachUnderstanding Collaboration in Fluid Organizations, a Proximity Approach
Understanding Collaboration in Fluid Organizations, a Proximity Approach
 
Collaboration in Linux Kernel Mailing Lists
 Collaboration in Linux Kernel Mailing Lists Collaboration in Linux Kernel Mailing Lists
Collaboration in Linux Kernel Mailing Lists
 

Recently uploaded

Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Lisi Hocke
 

Recently uploaded (20)

The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT  - Security and Governance for Generative AIBusinessGPT  - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AI
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
 
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
 
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAMWSO2Con2024 - Organization Management: The Revolution in B2B CIAM
WSO2Con2024 - Organization Management: The Revolution in B2B CIAM
 
WSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration ToolingWSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration Tooling
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeCon
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
 

Navigating Open Source Risk

  • 1. ©2021 VMware, Inc. @geekygirldawn Navigating Open Source Risk Open Source Lisbon June 2021 Dr. Dawn M. Foster Director of OSS Community Strategy fosterd@vmware.com fastwonderblog.com Open Source at VMware @vmwopensource blogs.vmware.com/opensource
  • 2. @geekygirldawn ©2021 VMware, Inc. Why should you care? Ownership and Governance Community Resources Final Thoughts 2 Agenda Photo by Marco Verch - CC BY 2.0
  • 3. ©2021 VMware, Inc. @geekygirldawn 3 whoami • Geek, traveler, reader • 20+ yr tech career focused on community & open source 
 (Intel, Puppet, Scale Factory, …) • OpenUK Board, CHAOSS Board and Maintainer, TODO Group Steering • Kubernetes contributor & CNCF Contributor Strategy SIG • PhD from the University of Greenwich focus on Linux kernel collaboration Photos by Mom, Josh Bancroft, Don Park
  • 4. ©2021 VMware, Inc. @geekygirldawn Your business could be disrupted 4 Why do we care about risk? https://xkcd.com/2347/
  • 5. ©2020 VMware, Inc. @geekygirldawn Ownership & Governance Photo by K-nekoTR - CC BY-NC-ND 2.0
  • 6. ©2021 VMware, Inc. @geekygirldawn 6 Business Risk Licensing Example Server Side Public License* (SSPL) *Not an Open Source Initiative (OSI) approved open source license!
  • 7. ©2021 VMware, Inc. @geekygirldawn 7 Undermines the project leading to forks and other disruptions Business Risk Governance Example
  • 8. ©2021 VMware, Inc. @geekygirldawn Leadership, trademarks, and projects 8 Determining Neutrality for Foundations? Image by Andreas Komodromos CC BY-NC 2.0
  • 9. ©2021 VMware, Inc. @geekygirldawn Lower risk: participate as equals 9 Neutral Foundations
  • 10. ©2021 VMware, Inc. @geekygirldawn Higher risk: single company in control 10 Company Originated Photo by Jan Fidler - CC BY 2.0
  • 11. ©2020 VMware, Inc. @geekygirldawn Lower risk: Processes for how people collaborate and make decisions 11 Governance is about People Photo by Allen and Allen - CC BY 2.0
  • 12. ©2020 VMware, Inc. @geekygirldawn Image by the CNCF CC BY-N 2.0 Community Image by the CNCF CC BY-NC 2.0
  • 13. ©2021 VMware, Inc. @geekygirldawn Lower risk: helpful, kind, respectful, and welcoming 13 Awesome Community Kubernetes CNCF CC BY 4.0
  • 14. ©2021 VMware, Inc. @geekygirldawn Lower risk: keeps up with contributions 14 Responsiveness Image by Joe Penniston CC BY-NC-ND 2.0
  • 15. ©2021 VMware, Inc. @geekygirldawn Lower risk: active contributors and organizational diversity 15 Contributor Risk Image by the CNCF CC BY-NC 2.0
  • 16. @geekygirldawn ©2020 VMware, Inc. 16 Resources CNCF Contributor Strategy Tag 
 https://github.com/cncf/sig-contributor-strategy https://contribute.cncf.io/maintainers/ Linux Foundation’s TODO Group 
 https://todogroup.org/guides/ The Open Source Way Guidebook 
 https://github.com/theopensourceway/guidebook/ Photo by Vicente - CC BY-NC-ND 2.0
  • 17. ©2021 VMware, Inc. @geekygirldawn Make informed and deliberate decisions about how much risk we should accept and monitor / mitigate those risks. 17 Final Thoughts on Risk Photo by Mohanraj Sivanandam - CC BY 2.0
  • 18. ©2021 VMware, Inc. @geekygirldawn Dr. Dawn M. Foster fosterd@vmware.com fastwonderblog.com Open Source at VMware blogs.vmware.com/opensource @vmwopensource 18 Thank You! Photo by Thangaraj Kumaravel - CC BY-NC-ND 2.0