Open Source Initiative Blog

1. Google Open Source Programs Office: The business impact of open source

   Creative, exciting applications of open source software can be found worldwide, and who better to share the details of new use cases than the practitioners themselves. In this blog series we’ll feature guests who told their open source stories during Practical Open Source Information (POSI) 2021, an online conference hosted by OSI. Check this channel for more practical open source stories.

   Amanda Casari is an open source scientist with the Google Open Source Programs Office where she leads Google’s research and engineering work with Project OCEAN. Open source programs offices (OSPOs) are established in organizations as a means to centralize policies, strategies, and guidance, and to ensure common practices across complex teams working on open source projects. Amanda offers some structure for any organization working with open source that is considering starting an OSPO of their own.

   Good program management practices, not just technology management, are essential for managing open source in organizations. Effective tracking and communication of business impact of an open source program relies on knowing the ‘why’ and the ‘how’ of your program. These answers help define expectations, needs, shared outcomes, and future opportunities for collaboration. Additionally, identifying stakeholders at this early stage is important in developing a consistent and effective communication plan for your open source project.

   Measuring the business impact of open source in an organization is a key function of an OSPO. Amanda notes that as compared to other metrics of measuring success, impact is the lens through which to look at open source projects. ROI, an economic model frequently used, is too simplistic to capture the complexities of open source ecosystems. Community investment for things such as onboarding new code reviewers, teaching them how to track down bugs, and other sponsorship work in a program is not something that can be measured by traditional ROI models such as hourly pay and tracked time, yet it’s core to the value of open source projects. At Google they use an input-output model of “Investment : Impact.” What goes into the programs and how success is measured in those programs is gauged using useful metrics and KPIs.

   The notion of metrics isn’t always embraced in an open source environment. Amanda clarifies that when she and her team at Google work with metrics, they’re working with qualitative and quantitative measurements, recorded (and unavoidably biased) observations with an understanding of the motive behind them. A sense of curiosity can lead to the story that the data tells about what you’re observing. That story needs to tie back to the visions established for your unique organization and stakeholders in order to demonstrate success.

   KPIs are a specific kind of metric that indicates what success looks like for a program so you know you’re meeting your goals and the goals of your stakeholders. It’s important that you’re tracking these markers and understand what the frequency, format expectations, and communication methods should be used.

   If you’re interested in digging deeper into the impact model guidelines Amanda shares based on her work at Google, you can watch her video from the POSI event below:

   The previous blog in this series features OSI members from RedHat in “Moving from a proprietary to an open source culture.” Click the link to read it, and come back to catch our next featured member from the Practical Open Source Information (POSI) 2021 in the coming weeks.

   if(window.strchfSettings === undefined) window.strchfSettings = {};window.strchfSettings.stats = {url: "https://open-source-initiative.storychief.io/google-open-source-programs-office-the-business-impact-of-open-source-61e9a602ee478?id=2065547852&type=3",title: "Google Open Source Programs Office: The business impact of open source",id: "d41e8c3e-e034-48f3-84d1-20372c1b1028"};(function(d, s, id) {var js, sjs = d.getElementsByTagName(s)[0];if (d.getElementById(id)) {window.strchf.update(); return;}js = d.createElement(s); js.id = id;js.src = "https://d37oebn0w9ir6a.cloudfront.net/scripts/v0/strchf.js";js.async = true;sjs.parentNode.insertBefore(js, sjs);}(document, 'script', 'storychief-jssdk'))

   

2. The price for software security and maintainer burnout / OSI News & Updates

   The price for software security and maintainer burnout

   2022 started reminding us that software security is a problem not only for open source packages. At the same time, “how to remunerate open source maintainers?” is a question with impossibly numerous answers: we need focus to find different solutions for different problems.

   Lots of security issues packed in a few weeks: December 2021 saw the Log4j package knocked down by a nasty bug. In January 2022 we witnessed an act of self-sabotation by a maintainer of two NPM packages.  On New Year's Day a bug in Microsoft Exchange ruined the celebrations for many system administrators. Very different scenarios that confirm how complex and fragile our IT infrastructure is. With open source software so popular, shipped in millions of software packages, the open source communities risk becoming a punching bag for problems it cannot necessarily solve.

   The disgruntled developer of the NPM packages blasted against the evil corporations “stealing” his work before vandalizing his own packages. It sounded like he suddenly realized the meaning of Open Source and wanted out. Unfortunately we’ve also heard in the past big corporations complaining about even bigger corporations free-riding their code. The debate risks spiraling down a path opposing open source developers against “evil forces” in a pointless finger pointing game.

   In a detailed white paper destined to the White House, the Apache Software Foundation (ASF) wrote “We can't fix open source supply chain issues by focusing exclusively on the upstream producer”. In the recommendations the ASF asks, among other things, businesses to contribute back.

   It’s then up to the open source communities to help businesses contributing back, because it’s far from trivial. Not every project has the same engagement rules, some maintainers are more amenable to newcomers than others. How and why to contribute to an open source project ties with the debate about the financial sustainability of open source development. Projects like Krita, Blender, Libre Office are very different from libraries like Log4J, color.js or platforms like Kubernetes. Talking about sustainability of each of those communities will require a different approach.

   Meanwhile we can celebrate the happy story of GnuPG: its maintainers announced in January that they don’t need donations anymore since they found more stable sources of funding thanks to a new business model and a solid customer base.

   There will be more crises with open source software at the center and before jumping to discussing solutions, let’s analyze the situation critically and avoid considering “open source” a single problem space. Discuss this and other topics with me during OSI's informal office hours on Fridays.

   Stefano Maffulli
   Executive Director, OSI

   In this month's Open Source Initiative Newsletter:

   • 2021 OSI Membership Campaign Recap
   • Open@RIT: Helping students embrace the power of Open Source
   • CodeSee: Why they support the OSI
   • ClearlyDefined is clearly making progress
   • OSI in the news: Maffulli comments in TechCrunch

   Meet OSI at SCALE 19x

   We'll be at SCaLE 19X – the 19th annual Southern California Linux Expo – March 3-6, 2022 in Pasadena, CA. Register here!

   Starting 2022 with over 1,300 new members!

   We did it! We’re welcoming 1,354 new members to the Open Source Initiative. The membership drive we launched at the end of 2021 surpassed our expectations. These new members are mostly “free” members and don’t have voting rights until they become full members.

   The campaign was the first of its kind: we introduced a new membership level with a zero cost, experimented with a purpose-built minisite and offered the new members customized badges which proved to be popular. We've also tested Plausible.io to track the campaign results without invading users’ privacy.

   Read the full post to find all the details.

   Join as a full member here.

   Open@RIT: Helping Students Embrace the Power of Open Source

   The Rochester Institute of Technology (RIT) not only offers a minor in free and open source software and free culture, but it also recently created an official Center of Excellence called Open@RIT. It’s dedicated to fostering the collaborative engine for faculty, staff, and students working on open source projects. The goal is to discover and grow the footprint of RIT’s impact on all things open across many disciplines, both within the university and beyond. This includes open source software, open data, open science, open hardware, and open educational resources and creative commons licensed efforts, which collectively they refer to as Open Work.

   Mike Nolan, Assistant Director at Open@RIT and Django Skorupa, Strategic Designer, walked  POSI participants through their work, and you can watch their presentation and read more here.

   CodeSee: Why we support the OSI

   CodeSee offers a developer tool called Maps, built to help developers and teams visually understand codebases. Maps are auto-syncing code diagrams, with features designed to drive collaboration, improve code reviews, reduce onboarding friction, and more. In September 2021, CodeSee launched OSS Port—a space for open source project maintainers and contributors to connect and collaborate, with the ability to use CodeSee Maps to easily onboard new developers and guide code reviews. Maps is forever-free to use on open source projects.

   Each member of the CodeSee team has a history in open source. Guided by a collective connection to the community, CodeSee is committed to advancing its progress through a series of initiatives. For starters, CodeSee Maps is forever-free to use on open source projects and is an integral part of our open source community, OSS Port. In addition, CodeSee maintains an open source sponsorship program, providing financial support to a select number of OSS projects so they can focus on continued development. And of course, we also sponsor the Open Source Initiative to uphold its work in stewarding the Open Source Definition.

   Read more about what CodeSee had to say about open source here.

   ClearlyDefined is clearly making progress

   As a reminder, ClearlyDefined is a repository of information about free and open source software (FOSS). You can turn to ClearlyDefined when you want to locate source information for a version (e.g., Git commit), verify licenses, and catch up on vulnerability notifications—all in one place.

   ClearlyDefined premiered in 2017. Since then, the community has reached several milestones, including these recent achievements:

   Support for Go components. If you use Go modules, you can now retrieve their license definitions using ClearlyDefined. For more information about how to do this, please see our documentation.
   A redesign of the ClearlyDefined user interface with a focus on usability and accessibility. This redesign should be deployed before the end of 2021.
   The community continues to complete curations and contribute code. A recent contribution from Qing Tomlinson fixed a long standing issue with characters in PyPi definition coordinates.

   In this new year, the ClearlyDefined community will be planning its road map and user stories for the 2022. We’d also like to thank Bloomberg for their contribution to Clearlydefined. Please join in and contribute to a very worthwhile cause that benefits the entire open source community. Learn more and join us at: https://clearlydefined.io/

   Read more about how the ClearlyDefined community has been busy the past month here.

   OSI in the news

   When is open source not open source? Executive Director Maffulli comments on Harness.io’s latest product release in TechCrunch.

   And a huge shoutout to our new sponsor

   • Candid Host

   Are you interested in sponsoring or partnering with the OSI? Please see our Sponsorship Prospectus. Contact us at sponsors@opensource.org to find out more about how your organization can promote open source development, communities and software.

   if(window.strchfSettings === undefined) window.strchfSettings = {};window.strchfSettings.stats = {url: "https://open-source-initiative.storychief.io/google-open-source-programs-office-the-business-impact-of-open-source?id=482962301&type=3",title: "The price for software security and maintainer burnout / OSI News & Updates",id: "d41e8c3e-e034-48f3-84d1-20372c1b1028"};(function(d, s, id) {var js, sjs = d.getElementsByTagName(s)[0];if (d.getElementById(id)) {window.strchf.update(); return;}js = d.createElement(s); js.id = id;js.src = "https://d37oebn0w9ir6a.cloudfront.net/scripts/v0/strchf.js";js.async = true;sjs.parentNode.insertBefore(js, sjs);}(document, 'script', 'storychief-jssdk'))

3. Open@RIT: Helping Students Embrace the Power of Open Source

   Creative, exciting applications of open source software can be found worldwide, and who better to share the details of new use cases than the practitioners themselves. In this blog series we’ll feature guests who told their open source stories during Practical Open Source Information (POSI) 2021, an online conference hosted by OSI. Five blogs will be featured in this series, so visit the OSI blog frequently to learn from what these open source advocates have to share.

   Creative, exciting applications of open source software can be found worldwide, and who better to share the details of new use cases than the practitioners themselves. In this blog series we’ll feature guests who told their open source stories during Practical Open Source Information (POSI) 2021, an online conference hosted by OSI.

   The Rochester Institute of Technology (RIT) not only offers a minor in free and open source software and free culture, but it also recently created an official Center of Excellence called Open@RIT. It’s dedicated to fostering the collaborative engine for faculty, staff, and students working on open source projects. The goal is to discover and grow the footprint of RIT’s impact on all things open across many disciplines, both within the university and beyond. This includes open source software, open data, open science, open hardware, and open educational resources and creative commons licensed efforts, which collectively they refer to as Open Work.

   Mike Nolan, Assistant Director at Open@RIT and Django Skorupa, Strategic Designer, walked POSI participants through their work, and you can watch their presentation, the video of which is embedded at the end of this post.

   Through their Open@RIT Fellowships, students interested in careers working with open source have the opportunity to serve on a project accelerator, offering them exposure to the launch or conversion of projects to open source. Open@RIT Fellows can begin building a community around and collaborating on on-campus projects to get first-hand experience in the maintenance and structure of the community, an important facet of open projects that balances the contribution of community members. Essentially, Open@RIT is a cooperative education program set up as a consultancy where student fellows are placed on a team that provides services such as design, development, technical writing, and project management on Open Work being developed by members of the RIT community.

   In its early days, the program focused on the creation of a methodology playbook detailing how Fellows work with faculty members, staff, and students on their open projects and how they create, build, and sustain communities around that work. This methodology playbook offers a framework for fellows to follow in their efforts to better understand and support the community that surrounds the Open Work. Leaders at Open@RIT give credit to the Mozilla Open Leadership Training Series and the work of Nadia Eghbal in her book Working in Public for inspiring their program and the development of the methodology.

   The consulting process used by Open@RIT with Fellows has three steps. Step one is contextualization, asking questions that allow student fellows to understand the scope and goals of the project. Step two is identification of stakeholders and contributors and how they’re attracted to a project, examined through an archetypal model. Here, goals of the stakeholders and contributors are compared with the goals of the project, revealing gaps in the contributor pathways. This naturally leads to step three which is identifying shortcomings. This step uncovers the role Open@RIT can play in support of the project, moving it toward a unified goal. This step develops a ground-up solution, reframing the problem as many times as necessary until an end-to-end pathway is established. Services provided by the fellows include project documentation, marketing inbound materials, feedback systems, and outreach and networking strategies.

   Many Open@RIT Fellows have never worked in open source before. The program offers them a valuable opportunity to learn about open source terms and methods while actually doing the work. Developing open source projects in an academic setting offers students an ecosystem that embraces questioning, teaching, and mentorship, which aligns with the definition of open source itself and equips these students to step into careers in open source with experience that sets them up for success.

   Watch Nolan and Django of Open@RIT at the POSI event:

   Come back to catch our next featured member from the Practical Open Source Information (POSI) 2021 next week.

   !-- if(window.strchfSettings === undefined) window.strchfSettings = {};window.strchfSettings.stats = {url: "https://open-source-initiative.storychief.io/openatrit-helping-students-embrace-the-power-of-open-source?id=554878812&type=3",title: "Open@RIT: Helping Students Embrace the Power of Open Source",id: "d41e8c3e-e034-48f3-84d1-20372c1b1028"};(function(d, s, id) {var js, sjs = d.getElementsByTagName(s)[0];if (d.getElementById(id)) {window.strchf.update(); return;}js = d.createElement(s); js.id = id;js.src = "https://d37oebn0w9ir6a.cloudfront.net/scripts/v0/strchf.js";js.async = true;sjs.parentNode.insertBefore(js, sjs);}(document, 'script', 'storychief-jssdk')) //--><!]]> </script><!-- End strchf script --></div></div></div>"

4. Results from the first new members campaign

   We did it! We’re welcoming 1,354 new members to the Open Source Initiative. The membership drive we launched at the end of 2021 surpassed our expectations. These new members are mostly “free” members and don’t have voting rights to elect the next board members; however, there is time to become a full member by the next election cycle in March.

   Quick facts about the campaign

   The campaign was the first of its kind. For starters we introduced a new membership level with a zero cost with the intention to reach out to people who are not able or in a position to pay for membership. We recognize that $40 can be a lot of money in many parts of the world.

   The campaign ran on a purpose-built minisite instead of the main site because we needed speed to execute the campaign. Modifying Drupal would have been more complicated. The new members badges proved to be popular: we’re studying ways to make them available inside the member pages as a permanent feature.

   Thanks to Plausible.io we tracked results of the campaign without invading users’ privacy. The full results are publicly accessible and a summary is below:

   • 5k unique visitors
   • 54% bounce rate
   • 4k referrals from opensource.org banner!
   • 67% traffic from mobile (28% desktop)
   • 27% overall signup conversion rate
   • 600 unique visitors downloaded the PNG badge (500 downloaded the svg version)

   

   

   A special mention should go to traffic via social media. Lots of people tend to overestimate the effect of promotions on these channels.

   

   Lessons learned and next steps

   The majority of traffic to the campaign was through the website, with social media traffic being quite small by comparison. The impact of social media on promotions like this is often overestimated. Social channels are great for engaging with the community, “reinforcing the brand”, and connecting with “influencers”: basically, social media helps make people aware that we exist, but isn’t a particularly effective tool to convince them to take an action. Therefore, we’ll emphasize our website for future promotions, and social media channels will continue to be a part of the promotional mix, but not the primary focus.

   As for next steps, our next campaign will be focused on encouraging our new free members to convert to voting members so that everyone's voice can be heard. Our next election is in March 2022. Stay tuned for more.

   if(window.strchfSettings === undefined) window.strchfSettings = {};window.strchfSettings.stats = {url: "https://open-source-initiative.storychief.io/results-from-the-first-new-members-campaign?id=1883100141&type=3",title: "Results from the first new members campaign",id: "d41e8c3e-e034-48f3-84d1-20372c1b1028"};(function(d, s, id) {var js, sjs = d.getElementsByTagName(s)[0];if (d.getElementById(id)) {window.strchf.update(); return;}js = d.createElement(s); js.id = id;js.src = "https://d37oebn0w9ir6a.cloudfront.net/scripts/v0/strchf.js";js.async = true;sjs.parentNode.insertBefore(js, sjs);}(document, 'script', 'storychief-jssdk'))

   

5. ClearlyDefined is clearly making progress

   The ClearlyDefined community has been busy the past month bringing much-needed improvements to the project.

   As a reminder, ClearlyDefined is a repository of information about free and open source software (FOSS). You can turn to ClearlyDefined when you want to locate source information for a version (e.g., Git commit), verify licenses, and catch up on vulnerability notifications—all in one place.

   ClearlyDefined premiered in 2017. Since then, the community has reached several milestones, including these recent achievements:

   • Support for Go components. If you use Go modules, you can now retrieve their license definitions using ClearlyDefined. For more information about how to do this, please see our documentation.
   • A redesign of the ClearlyDefined user interface with a focus on usability and accessibility. This redesign should be deployed before the end of 2021.

   The community continues to complete curations and contribute code. A recent contribution from from Qing Tomlinson fixed a long standing issue with characters in PyPi definition coordinates.

   Moving into the new year, the ClearlyDefined community will be planning its road map and user stories for the new year. Please join in and contribute to a very worthwhile cause that benefits the entire open source community. Learn more and join us at: https://clearlydefined.io/

   if(window.strchfSettings === undefined) window.strchfSettings = {};window.strchfSettings.stats = {url: "https://open-source-initiative.storychief.io/clearlydefined-update-december-2021?id=1821396906&type=3",title: "ClearlyDefined is clearly making progress",id: "d41e8c3e-e034-48f3-84d1-20372c1b1028"};(function(d, s, id) {var js, sjs = d.getElementsByTagName(s)[0];if (d.getElementById(id)) {window.strchf.update(); return;}js = d.createElement(s); js.id = id;js.src = "https://d37oebn0w9ir6a.cloudfront.net/scripts/v0/strchf.js";js.async = true;sjs.parentNode.insertBefore(js, sjs);}(document, 'script', 'storychief-jssdk'))