Link Search Menu Expand Document
Open Source Guide

An Open Source Program Office (OSPO) is the center of competency for an organization’s open source operations and structure. This can include setting code use, distribution, selection, auditing and other policies, as well as training developers, ensuring legal compliance and promoting and building community engagement that benefits the organization strategically. Typically OSPOs are structured to support a company’s open source goals. Every company is different and their OSPOs differ too. The //TODO Group is a community of OSPOs that help clarify and improve the role of OSPOs at companies. We work together to publish The Linux Foundation’s Open Source Resources page and speak at industry events.

There is no broad template for building an open source program that applies across all industries, or even across all companies in a single industry. However a typical OSPO addresses three categories of concerns: Fear, Love, and Money. More elaboratly: Legal Risk Mitigation, Improving Engineers’ Practices, and Enabling Financial Benefits.

Legal Risk Mitigation: The first concern companies have is related to legal compliance. OSPOs often oversee aspects of a company’s open source license compliance process. Companies that distribute software are typically most concerned with this and initiate their OPSO around the abatement of legal risk. The responsibilities of a program office in this area includes:

  • Maintaining open source license compliance reviews and oversight
  • Running a review process for inbound code use
  • Ensuring that the company contributes back to open source projects effectively

Improving Engineers’ Practices: OSPOs also improve engineering capabilities by providing guidance and policies about code management in an open source (and blended source) environment. Companies with many software engineers focus their OSPO on engineering policies and practices. The responsibilities of a program office in this area includes:

  • Clearly communicating the open source strategy within and outside the company
  • Fostering an open source culture within an organization
  • Ensuring high-quality and frequent releases of code to open source communities

Enabling Financial Benefits: Some companies focus on the financial implications of open source and leverage their OSPO to help drive a strategy around the use of commercial vs. open source vendors. Whereas some tech companies use their OPSO (and open source projects) to drive customers to commercial products. The responsibilities of a program office in this area includes:

  • Owning and overseeing the execution of the strategy
  • Facilitating the effective use of open source in commercial products and services
  • Engaging with developer communities to encourage adoption of strategic open source projects.

The Yahoo Open Source Program Office (OSPO)

At Yahoo, our Open Source Program Office (OSPO) helps developers at our company successfully use, contribute, and publish open source projects. Our OSPO focuses on in the following areas:

  • Publication Review and Support — We review projects and stage them for open source publication on a branded and managed GitHub organization.
  • License Compliance — We run a scan process during the build process on our mobile apps and distributed products to prepare open source display credits and ensure our apps contain exactly what we want them to contain, and nothing else.
  • Contribution Support — We support contributions to open source projects, specifically in cases where they require a contributor license agreement to be signed or where other factors require our involvement.
  • Strategy Review — We work with our technology leadership to ensure we use, contribute to, and create open source projects in a manner that will help reduce tech-debt, improve business outcomes, and support our goals to achieve engineering excellence.
  • Everyday Support - We serve as the first go-to group for any questions related to open source. We’ll help with questions about using open source (e.g. is this license OK?), giving employees access to an open source repo we manage, getting approval to sign a CLA, assessing if some news in the open source world impacts us, educating new teams on how interact with open source properly, and just about anything else that comes up.

By running an OSPO, we help our engineers focus on their engineering challenges, their sprints, and their products, while knowing that we have their back when it comes to questions about open source licenses, copyrights, and communities. This way fosters an open and collaborative working environment, just like you find in successful open source communities. We thrive on transparency and operate the program as an open source project encouraging collaboration and publishing all our work in the open. At Yahoo, nearly all our platforms are built upon open source projects. We strive to be an open source friendly company for engineers as we believe that together we can create the future, in the open.

Copyright 2021 Yahoo Inc. Content licensed under CC-BY-4.0