A good open source policy is a major step towards open source compliance. A policy gives guidance and direction on how to deal with the critical issues of open source management. The creation of such a policy also bears the opportunity for an organization to dig into the open source topic and clearly work out the means of it for the organization itself.
A sound open source policy will comprise the following topics:
- Clarify the need for Open Source Compliance by explaining the impacts and threats resulting from the failure to act compliant.
- Outline the benefits from open source usage and general requirements (yes, it can be simple!)
- Clearly underline senior sponsorship and the need to comply.
- General procedures and organization
- Open Source Board
- Roles and responsibilities
- Corporate Open Source Policy
- Processes and escalation procedures
- Criteria for the selection for open source
- Procedures on how to apply open source in house internal development
- Examination of project goals and architecture
- Risk assessment and general project policy considerations
- Decision on Black- and White-lists
- Integration of development environment with TrustSource
- Publishing of used components
- Patching and update procedures
- Procedures on how to open source internal projects
- Preconditions for open sourcing
- Examination of goals and stakes
- Decision on what to open source / architecture design
- Design of a suitable contributors agreement
- Publication of repository
- Communication strategy
This list by far is not exhaustive. But it shall give a glimpse of what to expect from such a document. Depending on your own situation it might make sense to focus on specific aspects and skip others. Our consultants are happy to help, find more advice at the EACG website.