How to Develop an Open Source Governance Training Program

How to Develop an Open Source Governance Training Program for Your Organization

Posted by Greg Bell on February 15th, 2012 in Governance

Your company is actively using open source software, and you’ve realized that an open source governance program is essential to managing the adoption and use of open source. You’ve developed an open source policy and implemented key components of best-in-class governance programs such as an open source request-and-approvals process, source code scanning before distribution, and perhaps even an Open Source Review Board (OSRB). Your engineers are happily (and safely) using open source, corporate counsel nods approvingly every time you pass in the hall, and you’re just about to put your feet up for a well-deserved break when it hits you – you don’t yet have an enterprise-wide governance training program in place.

Well, fret not. In this post I’ll walk you through the process of developing and implementing a training program that will get everyone in the enterprise – current employees, future employees, and outside suppliers – on the same page when it comes to open source governance. I’ll also give you a sample training course curriculum to get you started with developing governance training courses within your organization.

Segmenting Training Topics

The first step in developing your open source governance training program is outlining the topics to cover for different audiences within your organization. The introductory course should be appropriate (and required) for all employees in the business unit, while more advanced courses should be geared just towards engineering, legal, and business personnel who work directly with open source software within the company. Depending on your company’s goals and open source usage model, there may be different tracks (legal vs. technical) and gradations (intermediate vs. advanced) above the introductory course, or a general advanced course may work perfectly well for employees in different roles. However, if your company incorporates technology components from third-party suppliers, a separate course will likely be necessary for procurement personnel and outside suppliers.

It’s important to be as comprehensive as possible and avoid assumptions about what current or future employees know. You may have to endure some eye rolling when you ask engineers to attend the introductory open source governance course, but it’s an opportunity to level-set employees’ expectations and understanding of open source usage within the company (which very well may differ from division to division). In addition, it gives your company’s open source experts an opportunity to showcase their knowledge, answer questions from other employees, raise issues that need to be addressed, and provide valuable input on the training course itself.

Developing Course Outlines

Now that you’ve sketched out the topics that need to be covered for particular audiences, it’s time to create a first draft of your training course outlines. Try to involve key stakeholders in this process –- ideally, representatives from engineering, legal, procurement, the OSRB, and any other essential business units. You may need these folks to present different sections of the training course, so you may as well get them involved up-front.

Some of the topics your introductory training outline should cover include:

Open source basics: what it is and how it’s different from commercial software
How and why our company uses open source
Our company’s policies about open source usage
Introduction to our OSRB

Some of the topics your advanced training outline should cover include:

Common open source licenses and how to read a license
Which open source licenses are acceptable for use within our company
Common open source license obligations and how we fulfill them
How to bring open source software into our company
How to prepare source code deliverables
How to work with the open source community

Some of the topics your training outline for suppliers and procurement should cover include:

Acceptable open source licenses for inbound software
How to deliver software to our company
Contractual rep and warranty requirements
Source code scanning requirements
Introduction to our OSRB

For more detailed outlines of the topics you should consider including in your governance training courses, check out the Sample Open Source Training Courses document on our website.

Training Frequency

Naturally, the frequency of your governance training courses should be driven by factors such as head count, employee turnover, segmentation of course material (introductory vs. advanced courses), and the locations of personnel who need to attend. The frequency of updates to your open source policy and governance processes, as well as significant changes in company’s product offerings or open source usage model, may also impact the course schedule or necessitate retraining.

I recommend leveraging web conferencing tools and recording your training sessions in order to reduce the workload and accommodate employees with different schedules and locations. Try making recordings of your training sessions available on the company intranet, and work with the HR department to incorporate a requirement for “virtual attendance” of training classes into the new employee onboarding process.

Summary

As I discussed in my last post, an enterprise open source governance process can help your organization responsibly increase open source usage, improve employee morale and public relations, reduce legal risks, and improve budget and resource planning. But as with any business process, your open source governance process is only as effective as its implementation. An ongoing training program can help ensure that your open source governance process is consistently followed and maintained so that these important benefits don’t diminish over time.