SlideShare a Scribd company logo
Tobie Langel, Principal, UnlockOpen
tobie@unlockopen.com
Open source contribution
policies that don’t suck!
Do you have an open source policy?
No
48%
Don't know
13%
Yes
39%
< 250 employees
61%
11%
28%
> 10,000 employees
25%
10%
65%
Source: The New Stack & Linux Foundation/TODO
Group 2018 Open Source Program Management
Survey (https://github.com/todogroup/survey)
Remember this is a biased sample!
What does not having a policy mean?
Contrary to popular belief, it does not mean that you don’t have an
open source policy at all.
It means that you don’t have a written one.
You have a policy, whether it is written
down or not. It could range from “no
open source at all” to “anything goes.” 
—Heather J. Meeker, Open Source Licensing Specialist,
author of Open Source for Business.
What does having a policy mean?
Think you’re in the right camp because you have an open source
contribution policy? Think again!
• You can have a very restrictive open source policy.
• You can have a very bureaucratic process to obtain approval.
• You can have a very opaque process to obtain approval.
None of these are fun!
PermissiveRestrictive
Implicit
Explicit
Startups
SMEs
Non-tech
enterprise
Old tech
company
Trend setters
Tech
companies
What is a policy that doesn’t suck?
Engineering
perspective
Legal
perspective
Business
perspective
What is a policy that doesn’t suck?
Permissive. Allows open source contribution to be an
integral part of the company’s engineering culture and
best practices. Based on trust and autonomy.
Explicit. The decision making process is well documented
and transparent.
Informative. The policy explains the why an helps educate
engineers.
Frictionless. Avoid bureaucracy, red tape, lengthly back
and forth with legal, etc.
Engineering
perspective
What is a policy that doesn’t suck?
Minimizes risk. Avoid:
• giving away competitive advantage,
• giving away IP that can be used defensively (or—shudders
—offensively),
• reputational damages and accidental infringements.
Consistently followed across the company. Keep contribution
under your radar. Avoid compliance issues.
Savvy about written information. Sometimes you want a
paper-trail (e.g. compliance), sometimes you don’t.
Doesn’t drown critical problems in a sea of menial issues.
Legal
perspective*
* IANAL (I am not a lawyer).
Please talk to me if you are
and want to help me
improve this slide.
What is a policy that doesn’t suck?
Engineering to be happy and productive.
Risks minimized and well understood.
Good communication between legal and engineering.
Alignment with Business goals.
Business
perspective
At the heart is a tension
Legal wants to minimize risk.
Prefers oral communication.
Manager’s schedule.
Favors spectrum thinking.
Conservative role.
Engineering wants to maximize velocity.
Prefers written communication.
Maker’s schedule.
Favors binary thinking.
Innovative role.
Coming to agreement
Acknowledge that this tension is normal. It’s just checks and balances.
Listen to both sides.
Remind them that their role is to help achieve common business goals.
• Legal’s role is to minimize risk, but not at the expense of innovation.
• Engineering’s needs can’t be fulfilled at the expense of the company’s survival.
Find common ground. A good policy will improve the life of both sides.
Align your open source activity with your business goals. If you are a patent troll,
then don’t do open source.
Accept that your open source policy will change with your business.
Contributing
open source
What is a policy really about?
Using
open source
Well understood problem, essentially:
• Using software with licenses that are compatible with your
current and future business model.
• Compliance.
Using open source
Tip: a common issue is missing licenses. Equip engineering with a process
(and issue or pull request templates) to request proper OSI-approved licenses.
Contributing
open source
Contributing
at
work
Contributing
outside of
work
Can employees contribute to open source on
their free time?
• Yes, without asking for permission.
• Yes, but must ask for permission. So that sometimes means “no”,
right?
• I don’t know.
• Nope.
Contributing outside of work
Other
4%
Don't know
37%
Must ask
12%
Yes!
47%
“How does your employer's IP agreement/policy affect your free-
time contributions to open source unrelated to your work?”
“Respondents were sampled randomly from traffic and qualifying
activity to licensed open source repositories on GitHub.com and invited
to complete the survey through a dialog box. A smaller sample was
recruited from open source communities sourced outside of GitHub, […]”
Contributing outside of work
Source: GitHub 2017 open source survey
(http://opensourcesurvey.org/2017/).
But again… this is a highly biased sample.
Contributing outside of work
Why so much confusion?
• Depends on the jurisdiction, but not uncommon, especially in the
USA, for companies to own employees’ production 24/7.
• Sometimes, extra criteria apply. For example, in California, IP
developed with company equipment—even outside of work—
belongs to the employer.
• This prevents employees from contributing to open source,
unless they ask for, and are granted permission to do so.
Contributing outside of work
The common solution: ask for permission
• Most companies have a process for this.
• Tends to focus on releasing open source or working on a limited set
of pre-approved projects.
• Breaks down when there’s a high number of dependencies (such as
for Node.js projects).
Contributing outside of work
The better solution: BEIPA
• Balanced Employee IP Agreement
• https://github.com/github/balanced-employee-ip-agreement
• Project created by GitHub, based on its own IP agreement.
• BEIPA only claims control of creations made for or relating to the
company's business.
Contributing
at
work
Patching
Releasing
Releasing open source at work
• Distinguish large open source projects you want to promote from
smaller "day to day” modules. (E.g. Google’s < 100 LoC rule.)
• Offer well oiled and well documented processes, checklists,
templates, and tooling (see: https://github.com/todogroup/policies).
• Offer help.
• Promote working in the open rather than releasing software once
it’s done. (Consider README-driven development to avoid scope creep.)
Patching open source at work
• By far the most common activity and the most important one.
• The experience must be as frictionless as possible for engineers.
• Surface the process by which decisions are made and trust
engineers to do the right thing. This let’s legal focus on the
difficult cases.
• Cache decisions (build approve- and deny- lists) so that the
process gets faster as time goes by.
Outside of
work
Patching
Using
open source
Releasing
At work
Contributing open source
Turn your policy into an app!
• Automatically approve requests that meet pre-established
requirements (e.g. patch an MIT-licensed open source project on
GitHub).
• Automatically reject requests that don’t meet your criteria (but
allow motivated appeals).
• Manually handle other requests and cache the decision so more
gets automated over time.
Using such a system, Adobe was able to shorten it’s review time
from 4.6 days to 4.6 hours.
Turn your policy into an app!
Using such a system, Adobe was able to shorten it’s review time
from 4.6 days to 4.6 hours.
But there’s more. The data collected can help:
• understand your open source activity,
• promote it,
• connect engineers unknowingly contributing to the same projects,
• etc.
Turn your policy into an app!
Thank you!
Tobie Langel (@tobie)
Principal, UnlockOpen
tobie@unlockopen.com

More Related Content

What's hot

Impactful SE Research: Some Do's and More Don'ts
Impactful SE Research: Some Do's and More Don'tsImpactful SE Research: Some Do's and More Don'ts
Impactful SE Research: Some Do's and More Don'ts
Gail Murphy
 
Global Complex Project - How to deliver efficiently.
Global Complex Project - How to deliver efficiently.Global Complex Project - How to deliver efficiently.
Global Complex Project - How to deliver efficiently.
Sunny Menon
 
Publishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic PublishersPublishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic Publishers
Craig Miller
 
2016 metrics-as-culture
2016 metrics-as-culture2016 metrics-as-culture
2016 metrics-as-culture
Nicole Forsgren
 
Mark Graban Deming Red Bead 2016 SHS
Mark Graban Deming Red Bead 2016 SHSMark Graban Deming Red Bead 2016 SHS
Mark Graban Deming Red Bead 2016 SHS
Mark Graban
 
Lean Security
Lean SecurityLean Security
Lean Security
Ben Johnson
 
The Real Lessons of Dr. Deming’s Red Bead Factory
The Real Lessons of Dr. Deming’s Red Bead FactoryThe Real Lessons of Dr. Deming’s Red Bead Factory
The Real Lessons of Dr. Deming’s Red Bead Factory
Mark Graban
 
Winnipeg ISACA Security is Dead, Rugged DevOps
Winnipeg ISACA Security is Dead, Rugged DevOpsWinnipeg ISACA Security is Dead, Rugged DevOps
Winnipeg ISACA Security is Dead, Rugged DevOps
Gene Kim
 
Getting your work funded
Getting your work fundedGetting your work funded
DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...
DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...
DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...
Gene Kim
 
[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...
[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...
[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...
Ho Chi Minh City Software Testing Club
 
Agility from First Principles
Agility from First PrinciplesAgility from First Principles
Agility from First Principles
Tathagat Varma
 
Fables fantasies and facts
Fables fantasies and factsFables fantasies and facts
Fables fantasies and facts
Kelsey van Haaster
 
Managing international software projects interactively using scrum
Managing international software projects interactively using scrumManaging international software projects interactively using scrum
Managing international software projects interactively using scrum
Peter Horsten
 
Webinar - Design thinking 101 - 2018-07-24
Webinar - Design thinking 101 - 2018-07-24Webinar - Design thinking 101 - 2018-07-24
Webinar - Design thinking 101 - 2018-07-24
TechSoup
 
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev ops
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev opsKim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev ops
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev ops
Gene Kim
 
Implementing Licensing— A Journey
Implementing Licensing— A JourneyImplementing Licensing— A Journey
Implementing Licensing— A Journey
Flexera
 
How to get what you really want from Testing' with Michael Bolton
How to get what you really want from Testing' with Michael BoltonHow to get what you really want from Testing' with Michael Bolton
How to get what you really want from Testing' with Michael Bolton
TEST Huddle
 
Using Periodic Audits To Prevent Catastrophic Project Failure
Using Periodic Audits To Prevent Catastrophic Project FailureUsing Periodic Audits To Prevent Catastrophic Project Failure
Using Periodic Audits To Prevent Catastrophic Project Failure
icgfmconference
 
2012 05 corp fin 1c
2012 05 corp fin 1c2012 05 corp fin 1c
2012 05 corp fin 1c
Gene Kim
 

What's hot (20)

Impactful SE Research: Some Do's and More Don'ts
Impactful SE Research: Some Do's and More Don'tsImpactful SE Research: Some Do's and More Don'ts
Impactful SE Research: Some Do's and More Don'ts
 
Global Complex Project - How to deliver efficiently.
Global Complex Project - How to deliver efficiently.Global Complex Project - How to deliver efficiently.
Global Complex Project - How to deliver efficiently.
 
Publishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic PublishersPublishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic Publishers
 
2016 metrics-as-culture
2016 metrics-as-culture2016 metrics-as-culture
2016 metrics-as-culture
 
Mark Graban Deming Red Bead 2016 SHS
Mark Graban Deming Red Bead 2016 SHSMark Graban Deming Red Bead 2016 SHS
Mark Graban Deming Red Bead 2016 SHS
 
Lean Security
Lean SecurityLean Security
Lean Security
 
The Real Lessons of Dr. Deming’s Red Bead Factory
The Real Lessons of Dr. Deming’s Red Bead FactoryThe Real Lessons of Dr. Deming’s Red Bead Factory
The Real Lessons of Dr. Deming’s Red Bead Factory
 
Winnipeg ISACA Security is Dead, Rugged DevOps
Winnipeg ISACA Security is Dead, Rugged DevOpsWinnipeg ISACA Security is Dead, Rugged DevOps
Winnipeg ISACA Security is Dead, Rugged DevOps
 
Getting your work funded
Getting your work fundedGetting your work funded
Getting your work funded
 
DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...
DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...
DOES SFO 2016 - Kaimar Karu - ITIL. You keep using that word. I don't think i...
 
[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...
[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...
[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...
 
Agility from First Principles
Agility from First PrinciplesAgility from First Principles
Agility from First Principles
 
Fables fantasies and facts
Fables fantasies and factsFables fantasies and facts
Fables fantasies and facts
 
Managing international software projects interactively using scrum
Managing international software projects interactively using scrumManaging international software projects interactively using scrum
Managing international software projects interactively using scrum
 
Webinar - Design thinking 101 - 2018-07-24
Webinar - Design thinking 101 - 2018-07-24Webinar - Design thinking 101 - 2018-07-24
Webinar - Design thinking 101 - 2018-07-24
 
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev ops
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev opsKim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev ops
Kim IT Pro Forum Eugene: IT at Ludicrous Speeds - rugged dev ops
 
Implementing Licensing— A Journey
Implementing Licensing— A JourneyImplementing Licensing— A Journey
Implementing Licensing— A Journey
 
How to get what you really want from Testing' with Michael Bolton
How to get what you really want from Testing' with Michael BoltonHow to get what you really want from Testing' with Michael Bolton
How to get what you really want from Testing' with Michael Bolton
 
Using Periodic Audits To Prevent Catastrophic Project Failure
Using Periodic Audits To Prevent Catastrophic Project FailureUsing Periodic Audits To Prevent Catastrophic Project Failure
Using Periodic Audits To Prevent Catastrophic Project Failure
 
2012 05 corp fin 1c
2012 05 corp fin 1c2012 05 corp fin 1c
2012 05 corp fin 1c
 

Similar to Open source contribution policies, OW2online, June 2020

'Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!''Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!'
Shane Coughlan
 
To Open Source or Not to Open Source...Where is the ROI?
To Open Source or Not to Open Source...Where is the ROI?To Open Source or Not to Open Source...Where is the ROI?
To Open Source or Not to Open Source...Where is the ROI?
Ted Haeger
 
InnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyInnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your company
Eric Caron
 
Open Source Craft at Twitter
Open Source Craft at TwitterOpen Source Craft at Twitter
Open Source Craft at Twitter
Chris Aniszczyk
 
IDCEE 2013: How to do a successful company around open source - Michael Widen...
IDCEE 2013: How to do a successful company around open source - Michael Widen...IDCEE 2013: How to do a successful company around open source - Michael Widen...
IDCEE 2013: How to do a successful company around open source - Michael Widen...
IDCEE
 
Cannibis Program Webinar Series - Roman Arzhintar on Collaborative Product B...
Cannibis Program Webinar Series -  Roman Arzhintar on Collaborative Product B...Cannibis Program Webinar Series -  Roman Arzhintar on Collaborative Product B...
Cannibis Program Webinar Series - Roman Arzhintar on Collaborative Product B...
Vator
 
Micheal Monty Widenius - Free Open Source Software Entrepreneurship
Micheal Monty Widenius -  Free Open Source Software EntrepreneurshipMicheal Monty Widenius -  Free Open Source Software Entrepreneurship
Micheal Monty Widenius - Free Open Source Software Entrepreneurship
South Tyrol Free Software Conference
 
Questions On Technical Design Decisions
Questions On Technical Design DecisionsQuestions On Technical Design Decisions
Questions On Technical Design Decisions
Rikki Wright
 
Onboarding Freelancers LinkedIn Group Deck
Onboarding Freelancers LinkedIn Group Deck Onboarding Freelancers LinkedIn Group Deck
Onboarding Freelancers LinkedIn Group Deck
Business901
 
Open Source Product Management with KEMP Tech's PM
Open Source Product Management with KEMP Tech's PMOpen Source Product Management with KEMP Tech's PM
Open Source Product Management with KEMP Tech's PM
Product School
 
Make Your Payroll Selection and Implementation a Success
Make Your Payroll Selection and Implementation a SuccessMake Your Payroll Selection and Implementation a Success
Make Your Payroll Selection and Implementation a Success
Net at Work
 
From Technical Debt to Technical Health
From Technical Debt to Technical HealthFrom Technical Debt to Technical Health
From Technical Debt to Technical Health
Declan Whelan
 
Open Source Horror Stories and Lessons Learned
Open Source Horror Stories and Lessons LearnedOpen Source Horror Stories and Lessons Learned
Open Source Horror Stories and Lessons Learned
Open Source Strategy Forum
 
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)
FINOS
 
(PROJEKTURA) agileadria agile for corporations
(PROJEKTURA) agileadria agile for corporations(PROJEKTURA) agileadria agile for corporations
(PROJEKTURA) agileadria agile for corporations
Ratko Mutavdzic
 
Open Source Product Management
Open Source Product ManagementOpen Source Product Management
Open Source Product Management
Danny Rosen
 
Build your Own Technology Roadmap!
Build your Own Technology Roadmap!Build your Own Technology Roadmap!
Build your Own Technology Roadmap!
Sascha Wenninger
 
Let's talk FOSS!
Let's talk FOSS!Let's talk FOSS!
Let's talk FOSS!
AditiSaxena72
 
Os Nolen Gebhart
Os Nolen GebhartOs Nolen Gebhart
Os Nolen Gebhart
oscon2007
 
Scaling Software Delivery.pdf
Scaling Software Delivery.pdfScaling Software Delivery.pdf
Scaling Software Delivery.pdf
Tiffany Jachja
 

Similar to Open source contribution policies, OW2online, June 2020 (20)

'Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!''Open source contribution policies that don’t suck!'
'Open source contribution policies that don’t suck!'
 
To Open Source or Not to Open Source...Where is the ROI?
To Open Source or Not to Open Source...Where is the ROI?To Open Source or Not to Open Source...Where is the ROI?
To Open Source or Not to Open Source...Where is the ROI?
 
InnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your companyInnerSource - Using open source best practices to help your company
InnerSource - Using open source best practices to help your company
 
Open Source Craft at Twitter
Open Source Craft at TwitterOpen Source Craft at Twitter
Open Source Craft at Twitter
 
IDCEE 2013: How to do a successful company around open source - Michael Widen...
IDCEE 2013: How to do a successful company around open source - Michael Widen...IDCEE 2013: How to do a successful company around open source - Michael Widen...
IDCEE 2013: How to do a successful company around open source - Michael Widen...
 
Cannibis Program Webinar Series - Roman Arzhintar on Collaborative Product B...
Cannibis Program Webinar Series -  Roman Arzhintar on Collaborative Product B...Cannibis Program Webinar Series -  Roman Arzhintar on Collaborative Product B...
Cannibis Program Webinar Series - Roman Arzhintar on Collaborative Product B...
 
Micheal Monty Widenius - Free Open Source Software Entrepreneurship
Micheal Monty Widenius -  Free Open Source Software EntrepreneurshipMicheal Monty Widenius -  Free Open Source Software Entrepreneurship
Micheal Monty Widenius - Free Open Source Software Entrepreneurship
 
Questions On Technical Design Decisions
Questions On Technical Design DecisionsQuestions On Technical Design Decisions
Questions On Technical Design Decisions
 
Onboarding Freelancers LinkedIn Group Deck
Onboarding Freelancers LinkedIn Group Deck Onboarding Freelancers LinkedIn Group Deck
Onboarding Freelancers LinkedIn Group Deck
 
Open Source Product Management with KEMP Tech's PM
Open Source Product Management with KEMP Tech's PMOpen Source Product Management with KEMP Tech's PM
Open Source Product Management with KEMP Tech's PM
 
Make Your Payroll Selection and Implementation a Success
Make Your Payroll Selection and Implementation a SuccessMake Your Payroll Selection and Implementation a Success
Make Your Payroll Selection and Implementation a Success
 
From Technical Debt to Technical Health
From Technical Debt to Technical HealthFrom Technical Debt to Technical Health
From Technical Debt to Technical Health
 
Open Source Horror Stories and Lessons Learned
Open Source Horror Stories and Lessons LearnedOpen Source Horror Stories and Lessons Learned
Open Source Horror Stories and Lessons Learned
 
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)
 
(PROJEKTURA) agileadria agile for corporations
(PROJEKTURA) agileadria agile for corporations(PROJEKTURA) agileadria agile for corporations
(PROJEKTURA) agileadria agile for corporations
 
Open Source Product Management
Open Source Product ManagementOpen Source Product Management
Open Source Product Management
 
Build your Own Technology Roadmap!
Build your Own Technology Roadmap!Build your Own Technology Roadmap!
Build your Own Technology Roadmap!
 
Let's talk FOSS!
Let's talk FOSS!Let's talk FOSS!
Let's talk FOSS!
 
Os Nolen Gebhart
Os Nolen GebhartOs Nolen Gebhart
Os Nolen Gebhart
 
Scaling Software Delivery.pdf
Scaling Software Delivery.pdfScaling Software Delivery.pdf
Scaling Software Delivery.pdf
 

More from OW2

OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in RomaOW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2
 
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
OW2
 
GLPi v.10, les fonctionnalités principales et l'offre cloud
GLPi v.10, les fonctionnalités principales et l'offre cloudGLPi v.10, les fonctionnalités principales et l'offre cloud
GLPi v.10, les fonctionnalités principales et l'offre cloud
OW2
 
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
OW2
 
FusionIAM : la gestion des identités et des accés open source
FusionIAM : la gestion des identités et des accés open sourceFusionIAM : la gestion des identités et des accés open source
FusionIAM : la gestion des identités et des accés open source
OW2
 
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2
 
SFScon'20 Bringing the User into the Equation
SFScon'20 Bringing the User into the EquationSFScon'20 Bringing the User into the Equation
SFScon'20 Bringing the User into the Equation
OW2
 
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
OW2
 
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
OW2
 
Open Source governance and the Eclipse Foundation, OW2online, June 2020
Open Source governance and the Eclipse Foundation, OW2online, June 2020Open Source governance and the Eclipse Foundation, OW2online, June 2020
Open Source governance and the Eclipse Foundation, OW2online, June 2020
OW2
 
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
OW2
 
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
OW2
 
Open Source Compliance at Orange, OW2online, June 2020
Open Source Compliance at Orange, OW2online, June 2020Open Source Compliance at Orange, OW2online, June 2020
Open Source Compliance at Orange, OW2online, June 2020
OW2
 
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
OW2
 
Intelligent package management with FASTEN, OW2online, June 2020
Intelligent package management with FASTEN, OW2online, June 2020Intelligent package management with FASTEN, OW2online, June 2020
Intelligent package management with FASTEN, OW2online, June 2020
OW2
 
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
OW2
 
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
OW2
 
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
OW2
 
Cacti and Big Data at Orange France, OW2online, June 2020
Cacti and Big Data at Orange France, OW2online, June 2020Cacti and Big Data at Orange France, OW2online, June 2020
Cacti and Big Data at Orange France, OW2online, June 2020
OW2
 
Open Source Geographic Information System at Orange, OW2online, June 2020
Open Source Geographic Information System at Orange, OW2online, June 2020Open Source Geographic Information System at Orange, OW2online, June 2020
Open Source Geographic Information System at Orange, OW2online, June 2020
OW2
 

More from OW2 (20)

OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in RomaOW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
 
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
 
GLPi v.10, les fonctionnalités principales et l'offre cloud
GLPi v.10, les fonctionnalités principales et l'offre cloudGLPi v.10, les fonctionnalités principales et l'offre cloud
GLPi v.10, les fonctionnalités principales et l'offre cloud
 
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
 
FusionIAM : la gestion des identités et des accés open source
FusionIAM : la gestion des identités et des accés open sourceFusionIAM : la gestion des identités et des accés open source
FusionIAM : la gestion des identités et des accés open source
 
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
 
SFScon'20 Bringing the User into the Equation
SFScon'20 Bringing the User into the EquationSFScon'20 Bringing the User into the Equation
SFScon'20 Bringing the User into the Equation
 
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
 
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
 
Open Source governance and the Eclipse Foundation, OW2online, June 2020
Open Source governance and the Eclipse Foundation, OW2online, June 2020Open Source governance and the Eclipse Foundation, OW2online, June 2020
Open Source governance and the Eclipse Foundation, OW2online, June 2020
 
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
 
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
 
Open Source Compliance at Orange, OW2online, June 2020
Open Source Compliance at Orange, OW2online, June 2020Open Source Compliance at Orange, OW2online, June 2020
Open Source Compliance at Orange, OW2online, June 2020
 
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
 
Intelligent package management with FASTEN, OW2online, June 2020
Intelligent package management with FASTEN, OW2online, June 2020Intelligent package management with FASTEN, OW2online, June 2020
Intelligent package management with FASTEN, OW2online, June 2020
 
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
 
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
 
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
 
Cacti and Big Data at Orange France, OW2online, June 2020
Cacti and Big Data at Orange France, OW2online, June 2020Cacti and Big Data at Orange France, OW2online, June 2020
Cacti and Big Data at Orange France, OW2online, June 2020
 
Open Source Geographic Information System at Orange, OW2online, June 2020
Open Source Geographic Information System at Orange, OW2online, June 2020Open Source Geographic Information System at Orange, OW2online, June 2020
Open Source Geographic Information System at Orange, OW2online, June 2020
 

Recently uploaded

Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
CEPTES Software Inc
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
HackersList
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Mydbops
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
maigasapphire
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
CiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.pptCiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.ppt
moinahousna
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
HackersList
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
Edge AI and Vision Alliance
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
chetankumar9855
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
SynapseIndia
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
ArgaBisma
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
SynapseIndia
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
ssuser1915fe1
 

Recently uploaded (20)

Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
CiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.pptCiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.ppt
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
 

Open source contribution policies, OW2online, June 2020

  • 1. Tobie Langel, Principal, UnlockOpen tobie@unlockopen.com Open source contribution policies that don’t suck!
  • 2. Do you have an open source policy? No 48% Don't know 13% Yes 39% < 250 employees 61% 11% 28% > 10,000 employees 25% 10% 65% Source: The New Stack & Linux Foundation/TODO Group 2018 Open Source Program Management Survey (https://github.com/todogroup/survey) Remember this is a biased sample!
  • 3. What does not having a policy mean? Contrary to popular belief, it does not mean that you don’t have an open source policy at all. It means that you don’t have a written one. You have a policy, whether it is written down or not. It could range from “no open source at all” to “anything goes.”  —Heather J. Meeker, Open Source Licensing Specialist, author of Open Source for Business.
  • 4. What does having a policy mean? Think you’re in the right camp because you have an open source contribution policy? Think again! • You can have a very restrictive open source policy. • You can have a very bureaucratic process to obtain approval. • You can have a very opaque process to obtain approval. None of these are fun!
  • 6. What is a policy that doesn’t suck? Engineering perspective Legal perspective Business perspective
  • 7. What is a policy that doesn’t suck? Permissive. Allows open source contribution to be an integral part of the company’s engineering culture and best practices. Based on trust and autonomy. Explicit. The decision making process is well documented and transparent. Informative. The policy explains the why an helps educate engineers. Frictionless. Avoid bureaucracy, red tape, lengthly back and forth with legal, etc. Engineering perspective
  • 8. What is a policy that doesn’t suck? Minimizes risk. Avoid: • giving away competitive advantage, • giving away IP that can be used defensively (or—shudders —offensively), • reputational damages and accidental infringements. Consistently followed across the company. Keep contribution under your radar. Avoid compliance issues. Savvy about written information. Sometimes you want a paper-trail (e.g. compliance), sometimes you don’t. Doesn’t drown critical problems in a sea of menial issues. Legal perspective* * IANAL (I am not a lawyer). Please talk to me if you are and want to help me improve this slide.
  • 9. What is a policy that doesn’t suck? Engineering to be happy and productive. Risks minimized and well understood. Good communication between legal and engineering. Alignment with Business goals. Business perspective
  • 10. At the heart is a tension Legal wants to minimize risk. Prefers oral communication. Manager’s schedule. Favors spectrum thinking. Conservative role. Engineering wants to maximize velocity. Prefers written communication. Maker’s schedule. Favors binary thinking. Innovative role.
  • 11. Coming to agreement Acknowledge that this tension is normal. It’s just checks and balances. Listen to both sides. Remind them that their role is to help achieve common business goals. • Legal’s role is to minimize risk, but not at the expense of innovation. • Engineering’s needs can’t be fulfilled at the expense of the company’s survival. Find common ground. A good policy will improve the life of both sides. Align your open source activity with your business goals. If you are a patent troll, then don’t do open source. Accept that your open source policy will change with your business.
  • 12. Contributing open source What is a policy really about? Using open source
  • 13. Well understood problem, essentially: • Using software with licenses that are compatible with your current and future business model. • Compliance. Using open source Tip: a common issue is missing licenses. Equip engineering with a process (and issue or pull request templates) to request proper OSI-approved licenses.
  • 16. Can employees contribute to open source on their free time? • Yes, without asking for permission. • Yes, but must ask for permission. So that sometimes means “no”, right? • I don’t know. • Nope. Contributing outside of work
  • 17. Other 4% Don't know 37% Must ask 12% Yes! 47% “How does your employer's IP agreement/policy affect your free- time contributions to open source unrelated to your work?” “Respondents were sampled randomly from traffic and qualifying activity to licensed open source repositories on GitHub.com and invited to complete the survey through a dialog box. A smaller sample was recruited from open source communities sourced outside of GitHub, […]” Contributing outside of work Source: GitHub 2017 open source survey (http://opensourcesurvey.org/2017/). But again… this is a highly biased sample.
  • 18. Contributing outside of work Why so much confusion? • Depends on the jurisdiction, but not uncommon, especially in the USA, for companies to own employees’ production 24/7. • Sometimes, extra criteria apply. For example, in California, IP developed with company equipment—even outside of work— belongs to the employer. • This prevents employees from contributing to open source, unless they ask for, and are granted permission to do so.
  • 19. Contributing outside of work The common solution: ask for permission • Most companies have a process for this. • Tends to focus on releasing open source or working on a limited set of pre-approved projects. • Breaks down when there’s a high number of dependencies (such as for Node.js projects).
  • 20. Contributing outside of work The better solution: BEIPA • Balanced Employee IP Agreement • https://github.com/github/balanced-employee-ip-agreement • Project created by GitHub, based on its own IP agreement. • BEIPA only claims control of creations made for or relating to the company's business.
  • 23. Releasing open source at work • Distinguish large open source projects you want to promote from smaller "day to day” modules. (E.g. Google’s < 100 LoC rule.) • Offer well oiled and well documented processes, checklists, templates, and tooling (see: https://github.com/todogroup/policies). • Offer help. • Promote working in the open rather than releasing software once it’s done. (Consider README-driven development to avoid scope creep.)
  • 24. Patching open source at work • By far the most common activity and the most important one. • The experience must be as frictionless as possible for engineers. • Surface the process by which decisions are made and trust engineers to do the right thing. This let’s legal focus on the difficult cases. • Cache decisions (build approve- and deny- lists) so that the process gets faster as time goes by.
  • 26. Turn your policy into an app! • Automatically approve requests that meet pre-established requirements (e.g. patch an MIT-licensed open source project on GitHub). • Automatically reject requests that don’t meet your criteria (but allow motivated appeals). • Manually handle other requests and cache the decision so more gets automated over time.
  • 27. Using such a system, Adobe was able to shorten it’s review time from 4.6 days to 4.6 hours. Turn your policy into an app!
  • 28. Using such a system, Adobe was able to shorten it’s review time from 4.6 days to 4.6 hours. But there’s more. The data collected can help: • understand your open source activity, • promote it, • connect engineers unknowingly contributing to the same projects, • etc. Turn your policy into an app!
  • 29. Thank you! Tobie Langel (@tobie) Principal, UnlockOpen tobie@unlockopen.com