Managing Open Source Compliance comprises several skill sets. Besides a legal expertise also management and technical skills are required to succeed with this challenge. The following role models provide you with an idea of how the responsibilities could be distributed and matched to the TrustSource roles.
On the one hand there is the technical expertise required to make changes on source code. We typically see this with the Developer role. Following overview states the role characteristics:
To improve the skills of the developer in the domain of open source, we have provided a specific training as "certified Open Source Expert Developer". Further information can be found here.
In addition to that we see a more management related task, which we associated with the Project Manager role. The Project Manager shall take the responsibility for the delivery of a compliant solution. This role could be taken - depending on the individual organizational design and the available skill set - by a SCRUM Master, a product owner or a team lead. Following overview outlines the core characteristics of that role:
Finally someone needs to overview the execution. This we have assigned to the role of the Compliance Manager.
We also provide training to learn how to cope with the role of the compliance manager. Find here a sample schedule as well as a skill concept for that role.
Open Source Board
As usual in a corporate context, guiding decisions of no or go should not lie in the hands of a single individual only. Especially decisions impacting speed of development, quality of products and risk management are influenced by more than a single department. Pressure from market (e.g. product owners), stakeholder from management side (e.g. legal) and delivery responsible (e.g. developers or project managers) need to agree on the most reasonable way forward. To resolve conflicts and find common positions, we recommend to instantiate a so called Open Source Board, with the following Characteristics:
In general the board should be equipped with one or three standing members - depending on the size and regional spread of the organization, the board itself might be Structured cascading - organizing and developing the open source compliance matter on a regular basis.
They then would add individual project members on a case base to resolve escalations or contribute to the policy, clarify procedures, etc.
PLEASE NOTE: This is a complex and highly difficult topic. The implementation requires experience in organizational design, the individual organization as well as the topic itself to provide an accepted and comprehensive design. The given samples above can only illustrate how the acting roles are understood in the TrustSource context. This model has already been implemented in some companies and they are fine with it. But this does not mean, it will work for every company. Feel free to contact our support for further discussion.