3 Steps to Jumpstart Your Open Source Policy
Developing and maintaining an open source policy is the foundation of an effective enterprise open source governance process. An open source policy that is current, comprehensive, adaptable, and continually reviewed will help guide your organization to increased open source usage where appropriate while reducing potential open source license violations.
When was the last time you reviewed and updated your company’s open source policy? If it’s been a year or more – or even worse, if you don’t yet have a formal, written open source policy – make a resolution to start the new year with a renewed focus on creating or updating your policy and aligning your open source governance processes with it.
Fortunately, there are a ton of great articles, examples, and suggestions available to help guide your efforts. Here’s a list of three easy steps to jumpstart your open source policy, plus a bunch of free policy and governance resources to help you get stated on the right track.
1. Bone Up On Open Source Policy Best Practices
You may not have experience writing an open source policy. Heck, you may not even be a lawyer (and for the record, I’m not either). That’s fine. No matter your level of experience and expertise, following best practices is as good a place to start as any.
One of the first open source policy resources I always recommend is Stormy Peters’ excellent article, Best Practices for Creating an Open Source Policy. Although several years old now, this article remains an essential primer for anyone engaged in open source policy creation or review. Stormy outlines everything from why you need a policy to critical components to the key questions you should consider as you create or update your company’s policy.
A fantastic companion to Stormy’s piece is Ragavan Srinivasan’s article, From Policy to Process: Best Practices for Creating an Open Source Governance Process. While the scope of Ragavan’s article goes well beyond open source policies, he does an excellent job of explaining the importance of policies as part of the overall enterprise open source governance process.
2. Evaluate Your Current Open Source Policy
Odds are you have some form of open source policy, even if it’s informal, poorly documented, or specific to a particular department or group within your organization. Start with whatever you have and conduct a thorough review with the key stakeholders in your organization – typically representatives from legal, engineering, procurement, and management – to establish the current state of your policy, identify areas that need improvement, and agree upon next steps.
As you get started on this phase of the process check out our on-demand webinar, Boost Your Open Source Policy: How to Evaluate and Improve Your Company’s Policy. In this session our CEO Steven Grandchamp leads a panel discussion with open source veterans from several Fortune 100 organizations who share their first-hand experience creating, maintaining, and implementing open source policies. This resource will help you understand not only how to get started with the evaluation process, but also how align your policy with changing needs and goals and communicate and implement the final policy document.
Another on-demand webinar worth your time during this phase is Developing an Open Source Governance and Compliance Program at Bank of America, in which Don D’Angelo, Senior Vice President of Open Source Product Management at Bank of America, shares invaluable tips from his experiences creating an open source policy and governance processes. This one will help you understand what an industry-leading open source policy looks like and how your evaluation process can set the groundwork for future policy greatness.
3. That Policy Ain’t Gonna Write Itself
Sooner or later you’re going to have to put pen to paper and translate all those best practices, examples, and tips to practical policy statements that are specific to your organization’s open source usage model. When you’re ready to start working on your open source policy, check out our free (and recently updated and expanded) Open Source Policy Builder, which walks you through all the questions your formal policy should answer, including:
- Which open source licenses are approved for use in your company’s products?
- Is open source distributed in your company’s products?
- Who’s responsible for understanding license terms and conditions and ensuring compliance with them?
- What kind of security or integrity review is required during procurement?
- Are employees allowed to contribute to open source projects?
- Are employees allowed to speak publicly about the company’s open source usage?
Finally, if at all possible check out examples of other organizations’ open source policies – particularly companies in your industry and/or with similar usage models. Many governmental organizations publish their policies (for example, check out the policies posted on Civic Commons), which may be at least interesting to read if not directly applicable. Additional examples might be found through colleagues at other companies, professional organizations or industry meetings, posting questions on LinkedIn groups, and conducting web searches. In short, take advantage of the community nature of open source and ask others for help – people are likely to share any information and resources they can to help you successfully and safely use open source software.
Have other open source policy resources to suggest? Please leave a comment!
Follow @openlogic
Follow @gbellcolorado
Subscribe to The Enterprise Open Source Blog by Email
