A good open source policy is a major step towards open source compliance. A policy gives guidance and direction on how to deal with the critical issues of open source management. The creation of such a policy also bears the opportunity for an organization to dig into the open source topic and clearly work out the means of it for the organization itself.
A sound open source policy will comprise the following topics:
- Introduction
- Clarify the need for Open Source Compliance by explaining the impacts and threats resulting from the failure to act compliant.
- Outline the benefits from open source usage and general requirements (yes, it can be simple!)
- Clearly underline senior sponsorship and the need to comply.
- General procedures and organization
- Open Source Board
- Roles and responsibilities
- Corporate Open Source Policy
- Processes and escalation procedures
- Criteria for the selection for open source
- Procedures on how to apply open source in house internal development
- Examination of project goals and architecture
- Risk assessment and general project policy considerations
- Decision on Black- and White-lists
- Integration of development environment with TrustSource
- Publishing of used components
- Patching and update procedures
- Procedures on how to open source internal projects
- Preconditions for open sourcing
- Examination of goals and stakes
- Decision on what to open source / architecture design
- Design of a suitable contributors agreement
- Publication of repository
- Communication strategy
This list by far is not exhaustive. But it shall give a glimpse of what to expect from such a document. Depending on your own situation it might make sense to focus on specific aspects and skip others. Our consultants are happy to help, find more advice at the EACG website.
Comments
0 comments
Please sign in to leave a comment.