Open Source Summit Europe 2022

OSPOs act as critical components of successful organizations. At TODO, we've seen firsthand how an effective OSPO can help an organization achieve its business goals and objectives by leveraging the power of open source with clear strategy and alignment.

This keynote shares an overview of the different efforts and new initiatives the TODO Group is working on during this year to help OSPOs in Europe and ease collaboration across communities. 

Open Source Program Offices and similar open source focused teams serve many organizations to provide strategy and alignment for an organization's open source efforts. Managing open source in an organization is a broad and complex topic requiring a wide scope of skills, responsibilities, team sizes, and ways of working - making it hard to get complete overview that can be shared with the wider organization or help you with managing your OSPO. The OSPO Mind Map was created by the open source community for the community to map the Open Source Program Office's key areas (responsibilities, roles, behavior, and team size) and divide them into more easily accessible parts in just one page. During this presentation, Ana and Thomas will share with the audience how this mind map is structured and how Open Source Program Office professionals can make use of the OSPO Mind Map to help implement an OSPO strategy, structure their activities and better communicate the OSPO initiative within their organization. The audience will learn the story behind the OSPO Mind Map project, a practical implementation of the mind map for their OSPO as well as ways they can contribute to the project.

OSS is incredibly positive - without projects like Docker, Kubernetes, Debian, NGINX, Apache, or others, technological innovation would be painfully slow. Its innovation, ease of use, and zero cost meant that nearly every piece of software contains OSS. OSS is everywhere, including data centres, hospitals, e-commerce, phone networks, mobile devices, and power stations. Last year, the Whitehouse issued an Executive Order after the fallout of SolarWinds. This kickstarted the use of SBOMs, a flurry of new projects to protect the supply chain, and the rise of OpenSSF. - How has the EU responded to Critical Threats in OSS? - Are the threats to the EU different from the USA? - The EU is not 1 country but is made up of 27 countries- how does this affect change? - Let's look at Ireland as an example country in EU and how it is affected by threats to the OSS supply chain and how the EU helps. Note, I did a blog on securing OSS projects that helps me talk about this: https://cloudsmith.com/blog/efforts-to-secure-oss-fired-up-after-log4shell/

Imagine waking up one morning to find out that your beloved open source database, which lies at the heart of your system, is being relicensed. What does that mean? Can you still use it as before? Could the new license be infectious and require you to open source your own business logic? This doom’s day nightmare scenario isn’t hypothetical. It is, in fact, very real, for databases and other OSS, with several examples over the past year alone. On this talk Horovits will review some of the less known risks of open source, and share his lessons learned from Elasticsearch’s recent relicensing move, as well as other case studies from the past year. If you use OSS, you’ll learn how to safeguard yourself. If you’re in the process of evaluating a new OSS, you’ll learn to look beyond the license and consider additional criteria. If you're debating open-sourcing a project, you'll gain important perspectives to consider.

With the proliferation of open source projects available to do everything from complex machine learning to converting tabs to spaces, making smart decisions for what projects to take on as your dependencies has never been harder. What is important to one project, developer, or company when adopting an open source dependency may vary greatly from another. The uncomfortable situation that many find themselves in is not knowing what to evaluate or even how to find the relevant information. Current open source initiatives focus on the composition of open source software, the security posture of its operational practices, and other forms of compliance – the importance of which should not be downplayed! Still, given the importance of open source software in today's technological landscape, we need to think outside of the box and examine what other challenges consumers of open source face when assessing, adopting, and patching open source code. This talk will take a look at how maintainers can provide critical information about their own projects to potential adopters, as well as introduce ways that open source programs offices can consume this information to streamline evaluation, improve maintenance, and facilitate contributions back upstream.

Against a backdrop of ever increasing global challenge - from climate to COVID to armed conflict - the world of open source development and community stands at the same crossroad that has always been before us: How we will choose to build our future projects, advance the state of the art, and sustain efforts focused on critical technical infrastructure? In this talk, Leslie Hawthorn will explore the key opportunities before us and how we can best leverage the lessons of early successes - and failures - in the open source world to navigate our future.

As part of this discussion, she will explore promising trends on the global open source scene, including:

• The must-be-seized potential of expanding open source development in an era when technical knowledge has become available to practitioners at an unforeseeably high velocity.
• The rise and institutionalization of the Open Source Program Office as a vehicle for increasing collaboration and efficiency outside of the corporate sector;
• The role of open source software as a vehicle for reskilling our workforce, creating economic mobility, and solving global problems at a local level.

Attendees of this talk will leave with:

•  A solid understanding of the shifting landscape of the human element in our open source software development.
• Best practices for businesses to best engage in this shifting landscape, particularly in their application to emerging arenas for open source, from industry verticals to academia.
• How to engage the opportunity to rethink “the new normal” as a fertile ground for both innovation and sustainable growth and evolution of our communities. 

Additionally, you will be treated to a whirlwind tour of some of the very best moments to advance the community state of the art that your humble speaker has personally witnessed over the past 15+ years while working with hundreds of different communities across the globe.

The open source community suffers from both a long-term lack of funding from corporations which benefit from its code, and from a lack of governance which affords growth and sustainability. This tenuity leads to an unstable landscape for corporate involvement. As awareness of this problem has grown, engagement in existing solutions remains lacking - particularly from companies who would benefit from a more secure, well-resourced open source ecosystem.
Many corporate OSPOs altruistically support projects fiscally, hoping for a short-term ROI. However, the return on altruistic endeavors is often itself short lived, and so investments dry up. How can corporations effectively leverage the altruistically motivated OSS practitioners internally with an eye towards long-term returns for their investments in the projects they touch, the ecosystem they work in, and their own competitive markets?
This panel, led by Community Development Manager at Open Source Collective, Richard Littauer, invites OSPO leaders Suzanne Ambiel (VMware), Alyssa Wright (Bloomberg), and Mike Fix (Stripe) to discuss corporate strategies for investing in open source sustainably. How can companies fund projects with an eye towards real return on investment, in order to keep their programs running for the long haul?

When efforts to contribute to, participate-in, lead and support upstream projects are siloed in product teams, or reliant on advocacy of individuals who 'get it' , the impact for our customers, and the entire ecosystem falls short of the potential. In this talk, Emma will share the concept of 'internal community building' to both empower and scale impact on upstream projects and beyond. Specifically, this talk will focus on three of Microsoft's cross-organizational community building efforts, each it's own group with specific goals : - Upstream impact on open source metrics (CHAOSS) - Upstream impact on diversity equity and inclusion - And (no big deal) every open source project on the planet. This is InnerSource working for open source, and I will share what has worked (and not worked!) . Go team upstream!

Sony Group is a company with business units in a wide variety of categories, including electronics, semiconductors, gaming, film, music and finance. Much of Sony‘s early work with Open Source was focused on its electronics business (which efforts was talked at OSPOCon 2021). In this talk Sato&Fukuchi would like to discuss the challenges that we faced spreading our Open Source program throughout Sony's other business units. Each business category has different products, technology, culture, and a unique approach to Open Source. While it is efficient to have some things in common, it is unreasonable for the entire group to have exactly the same programs. The electronics business, which develops consumer electronics products with embedded Linux, focuses on both contribution and compliance, while the film business focuses on contribution and interoperation of software assets, including open sourcing 3D animation tools and formats. The approach is to have an OSPO central hub around community experts for Open Source program and communications, and to share policies, education, and best practices within the group. In this talk, Sato&Fukuchi will describe how we are responding to the challenges by modifying our Open Source program and support for the different business categories.

You are building an Open Source Program Office (an OSPO) that is the center of excellence for open source consumption, contribution, and production. Your company already has a Project or Program Management Organization (a PMO) that is the center of excellence for program strategy, management, and execution. How can these two organizations collaborate effectively? How is your Open Source Program Officer different from a Program Manager? What can we learn from each other? This talk by leaders from both the Open Source Program Office and the Program Management Office will focus on lessons learned over the course of a four year collaboration. We will give specific examples of problems that we solved together, times we disagreed but still made progress, and ongoing challenges that we’re still working on. Audience members from medium-to-large companies will benefit the most from this talk. Attendees will learn: 1. How do you connect these two organizations? 2. Why should your PMO care about open source? 3. Why should your OSPO have an embedded PMO member? 4. How can your OSPO and PMO team up to make a big community impact with a small team? 5. How can you bring more partners to the table, evaluate goals, and build consensus?

For most of the modern developers working in a collaborative environment e.g. with git and contributing bugfixes and features "upstream" is "normal". But what about non-Coders? Our Open Source Office decided to switch to an Open Source Approach for Open Source Management in 2017. The evolution of the community since then was very positive. For the daily work there was a big impact to switch from a closed approach to an open approach with the ability to share "upstream" and collaborate with the community. One side was the infrastructure (including file-formats) that somehow should support a git-approach if possible, on the other side you need to know what are the community meetings that are important to attend and get a feeling for the right pulse. The talk will give some insights in the way we collaborate on code and non-code contents and our experiences on our journey to the community. It may serve as inspiration for "new" Open Source Offices for their own journey and where to find orientation in the existing communities (e.g. ToDo-Group, Tooling Group, OpenChain etc.)

In a world of KPIs, OKRs and challenging enterprise level metrics it’s no surprise that OSPOs across the globe are under increasing pressure to demonstrate value to business leaders much like any other business functions. Additionally, with internal OSPO leaders increasingly wanting to track their community activity, industry reach and impact, there is a strong case for defining and leveraging open source metrics to meet these demands. Attaching value, and not just financial gain, to the efforts of OSPOs, contributors and the open source methodology is a difficult task. Numerous reports quantify and benchmark open source at an industry or geographic level but what is being done within organisations to provide this insight in a business context? Throughout this session, the speakers will present the business case for metrics specific to OSPOs and the value that introducing such measures can provide to organisations. Furthermore, a deep-dive into a series of scenarios such as contributor growth, language adoption and ensuring long term contribution will be explored with methods and ideas to monitor such data points including real world examples from EPAM sharing the tooling we have implemented to support with reporting on value and how this can be mirrored in other OSPOs.

As companies move beyond consumption, contributions are often done ad-hoc, and when control is introduced, compliance, defensive IP portfolios, and lack of knowledge of the potential value creation may risk blocking otherwise motivated contributions. Contributions should be made with the right purpose in the right places, connecting to the business goals of a company. In this talk, Johan will present ways and means for OSPOs to set up internal contribution processes that enable a distributed and efficient community engagement for their development organization. More specifically, Johan will present a framework that enables companies to balance the objectives and complexities of contributing to and releasing software as open source. The framework is based on multiple case studies and interviews with international software-intensive companies and their OSPOs. Based on experience from a live implementation, Johan will also exemplify how the framework can be used to set up a contribution process along with lessons learned. The blend of theory and practice will provide the audience with a practical tool-set to consider and apply within their organizations, helping to create a mindset among developers and managers to default to the question “can this be made open?”.

We will talk about the tools and techniques we have been using to merging two cultures that often can be in conflict. Though just like Peanut Butter and Chocolate - together they can create something better and more powerful than alone. The public sector loves the transparency, speed, and effectiveness of open source processes. But the public sector also needs standards, diversity, inclusion, open governance, and safety/privacy to be able to use these open source tools fairly and effectively. They need this even more so to be able to freely participate and fund these communities. For example, if an open-source project is actually governed by a single corporate entity they have to worry about anti-trust issues. Or if a project is mostly overseas, they have to be concerned about export control issues. We are focused on raising the maturity level of open source so that government entities and their OSPOs can both use and fund projects safely and legally. Let's open a conversation and start a checklist!

The sunsetting of an open source project could be part of its life cycle but are we ever really prepared for it or could it be prevented?
Along with all the inspiration and excitement, proper planning is required to start an open source project, but there is a certain portion of all projects that won’t become widely adopted or will be replaced by the next great idea. Often the reason for deprecating projects is that they just weren’t the best option, but there are also examples where the lack of resources or shift in priorities can cause a good idea to be left on the drawing board. Knowing and accepting that fact can reduce frustration and help plan for the “sunset” of a project, or even prevent it and allow others to pick up the project.

The audience can walk away from this talk with:

Understanding why not only the launch but also the deprecation of a project requires a plan and preparation
Practical advice and list of steps that are required to responsibly deprecate an open source project as a good open source citizen with clear communication about the process
Examples of learning opportunities from prior mistakes such as common reasons for project deprecation and how they can be prevented

More awareness that innovation requires freedom to experiment, fail and try again.

This Presentation is about how to contribute to or to launch an Open Source project (also called "outbound open source") as a company. It aims to describe a complete and lean process, that can be implemented in companies of any size (large but also small or medium sized organizations). Companies can tailor the proposed procedure to their needs. I.e., depending on the size and situation of the company not all steps need to be implemented. It covers compliant contributions to existing projects as well as launching own Open Source Projects as a company. Different contribution models are introduced and explained. Additionally, a recommendation is provided how spare time contributions from employees (aka moonlighting) can be made known and transparent to the company to protect the employee. Topics and good practices to be considered when planning to launch an own Open Source project as a company are provided. Although the provided information does not guarantee the success of such an endeavor it is proven in use and very helpful for decision-making, launching and maintaining The procedure and background information is available as a “guide” and on GitHub under https://github.com/todogroup/outbound-oss