VMware sponsored this post.
Editor’s note: This is Part Two of VMware’s three-part “Getting to Great” series on its Open Source Program Office.
In the first part of this series, we explored the rationale behind creating an Open Source Program Office (OSPO). For VMware, compliance, promoting community best practices and enabling an ethos of discovery and innovation comprise the VMware OSPO charter.
“When it comes to licensing and security, everyone should be concerned over sporadic and spontaneous individual OSS contributions. For this reason, you regularly see OSPOs involved as a central point for establishing the guard rails around compliance,” Tim Pepper, VMware senior staff engineer, said. This applies to both inbound and outbound Open Source Software (OSS code).
For Dirk Hohndel, VMware’s chief open source officer, compliance is always top of mind. “How do you ensure that you understand what went into the software that you’re running? Who built it? Who authenticates that there are no malware components in there? Who is ultimately responsible for what it is that creates this infrastructure?” Hohndel asked in a The New Stack podcast “Why Container Security Has No Easy Answers.” There is a myriad of best practices that differ when developing in an OSS environment as compared with proprietary-only code production.
Further evidence of the commitment to compliance is Tern: an open source project initiated and maintained by VMware open source engineers, Nisha Kumar and Rose Judge. Recently contributed to the Linux Foundation’s Automated Compliance Tooling initiative, Tern helps developers inventory the contents of their container images, revealing often hidden packages and their metadata. Understanding what comprises a container better enables accurate license compliance.
For many, the starting point for an OSPO is compliance — and it’s a good place to start. But once established, consider expanding the charter to other areas — best practices, mentoring and innovation.
Community Best Practices
The open source culture of “community collaboration” can run counter to established internal practices — for both technology as well as non-technology companies. It’s natural to want to “protect” your investments as they may lead to a competitive advantage. However, that’s not always true and in some cases, open sourcing technology can lead to faster innovation, widespread adoption and increased relevance.
Understanding how, why, where and when to contribute to and participate in open source communities is the key to success – and an OSPO can help you find that path to success. For Darren Hart, senior Director of the Open Source Technology Center, it starts with understanding why you are contributing to open source. “Engaging in the OSS communities of the projects you use allows you to improve the health and viability of the projects you depend on and better architect your code to work with upstream projects, minimizing the technical debt over simply forking them. You also have the opportunity to influence the direction of the project by contributing your use case, leading to more robust and generally useful projects.” Once you understand how your motivations align with others in the community, you can begin to learn how to collaborate. “Collaboration is a skill, learnable and learned, teachable and taught. Whether called developer advocacy, developer relations or community management, the gist is that this nuanced skill can be championed by the OSPO. Well-practiced, it can dramatically improve the quality of interactions a company’s staff has in open source communities,” Pepper said.
Doubling down, Mark Peek, principal engineer at VMware said: “While an open source program office is often asked for ‘yes/no’ answers on inbound or outbound open source questions, I don’t think that is its most important purpose. Really it is about teaching and educating around various aspects of open source such as best practices, working with communities, understanding licenses and other obligations associated with open source. This evolves the OSPO from being a gatekeeper to empowering the internal teams to know the right things to do.”
VMware’s OSPO provides processes, best practices and most importantly, mentorship for individuals who want to participate in and contribute to open source communities. From straightforward coaching to more complicated software architecture to tool and process development, the OSPO team helps to guide the conversation, choices and strategy. As you consider building an OSPO for your company, don’t overlook the powerful and positive impact this technical and strategic leadership can have on your teams.
Innovation and Discovery
An oft-quoted saying (Joy’s Law) in management and technical fields asserts that: “…no matter who you are, most of the smartest people work for someone else..” In that statement, Bill Joy expressed the desire to tap into the creativity and capabilities beyond a company’s employee payroll. He went on to state, “…If you rely solely on your own employees, you’ll never solve all your customer’s needs.” And that is the essence of open source — to reach beyond company boundaries to innovate and discover faster — to deliver better outcomes for everyone.
It’s important to note that participation and contribution to open source isn’t about charity or obligation. “Open source participation is a win-win for the company and the community…” Joe Beda, principal engineer at VMware, said. “This isn’t about philanthropy, it’s about the opportunity for all and innovation at speed.”
In a commercial space, products need to get to market and they usually have a sell-by date. Companies (revenue) can’t wait for ideas to sprout opportunistically from outside. “Product Management inherently operates on timelines that are different than speculative R&D and ‘scratching an itch’ that is often the early basis of open source projects. Alternatively, an OSPO team that can look at and engage in early open source ecosystem project trends can provide valuable input to both product teams and open source projects,” adds Pepper. An OSPO can give you a team dedicated not just to product but instead to community and open source granting freedom to explore beyond the constraints of a roadmap.
So how does VMware choose between open source and proprietary? It depends, but in every decision, both our customers and the community play important roles. Hohndel said, “Our approach has been that we provide the APIs, the open source components that our customers are interested in and tie it all together around a stack of proprietary software that we feel best serves the more high-end enterprise needs, whether it’s in storage, in complex networking situations or just in the scalability.”
In part three, we explore the awakening of the OSPO superpower and how companies, even those who are not in the software “business,” can begin to reap the benefits of OSS.
The Linux Foundation is a sponsor of The New Stack
Feature image via Pixabay.