11 Tips for Creating an OSS Policy
Get Management Buy-In
Development teams usually have an in-depth understanding of OSS benefits, but management may not, so tell them about the efficiencies and advantages OSS affords your business.
Identify Key Shareholders
Gather a team with cross-functional responsibilities: software architects, developers and engineers, QA and release managers, legal counsel, product and business managers, and security pros.
Understand Your Product Development Process
How is your organization using OSS? It may be crucial for your legal and business teams to understand your product development process so you don’t create an OSS policy that stalls or hinders your development cycle or product innovation.
Evaluate Open-Source Use
Open source can be used to build your product, but it might not be distributed with it. Internal or external use can have different license implications. Whenever you use, consume or contribute to open source, stay compliant and protect your intellectual property from exposure.
Audit Your Code
During your evaluation process, engage a third-party service to perform a code audit to help uncover the open-source code you use throughout your organization. As part of an OSS governance program, catalog and monitor what arrives from open-source and third-party suppliers.
Draft a Policy
After all key stakeholders have assessed your company’s use of OSS, draft a formal policy. If you have multiple divisions, it’s not necessary to have the same policy across each line of business.
Review Policy With Stakeholders
Circulate the policy among stakeholders for review and approval. Make sure your OSS policy works for development processes and aligns with your business goals.
Implement It Across Your Enterprise
For your policy to be implemented successfully, train people in OSS. Address what it is, what it isn’t, and how it will work in your company. Create clear documentation and communicate with engineering and other key groups to make sure they understand how the policy works.
Build in a Feedback Loop
During the implementation process, obtain feedback from the key players you’re training. “The best way to kill an open-source compliance program is to document something that is not in line with how people are actually working,” cautions Harmon’s Alyssa Harvey Dawson.
Regularly Review and Update Policy
Your OSS policy must align with your company’s business goals. As your policy becomes integrated and changes occur in your organization, collect feedback and adapt the policy to ensure that it consistently works with your development processes.
Conclusion
By following these steps, you can build an effective OSS policy that ensures compliance and mitigates operational risk. It will also enable product development teams to successfully produce and distribute innovative products that keep your customers happy.
