GGI: Introduction

Table of contents

Introduction

This document introduces a methodology to implement professional management of open source software in an organisation. It addresses the need to use open source software properly and fairly, safeguard the company from technical, legal and IP threats, and maximise the advantages of open source. Wherever an organisation stands on these topics this document proposes guidance and ideas to move forward and make your journey a success.

Context

Most large end-users and systems integrators already use Free and Open-Source Software (FOSS) either in their information systems or product and service divisions. Open source compliance has become an ever-growing concern, and many large companies have established compliance officers. However, while sanitising a company’s open-source production chain – which is what compliance is about – is fundamental, users must give back to communities and contribute to the sustainability of the open-source ecosystem. We see open source governance encompassing the whole ecosystem, engaging with local communities, nurturing a healthy relationship with open source software vendors and service specialists. This takes compliance to the next level, and this is what open source good governance is about.

This initiative goes beyond compliance and liability. It is about building awareness in communities of end-users (often software developers themselves) and systems integrators, and developing mutually beneficial relationships within the FOSS ecosystem.

OSS Good Governance enables organisations of all types – companies, small and large, city councils, universities, associations, etc. – maximise the benefits derived from open source by helping them align people, processes, technology and strategy. And in this area of maximising the advantages of open source, everyone is still learning and innovating, with nobody knowing where they actually stand regarding the state of the art in the domain.

This initiative aims to help organisations achieve these goals with:

  • A structured catalog of activities, a roadmap for the implementation of professional management of open source software.
  • A management tool to define, monitor, report and communicate about progress.
  • A clear and practical path for improvement, with small, affordable steps to mitigate risks, educate people, adapt processes, communicate inwards and outwards the organisation’s realm.
  • Guidance and a range of curated references about open-source licensing, best practices, training, and ecosystem engagement to leverage open-source awareness and culture, consolidate internal knowledge and extend leadership.

This guide has been developed with the following requirements in mind:

  • Any type of organisation is covered: from SMEs to large companies and not-for-profit organisations, from local authorities (e.g. town councils) to large institutions (e.g. governmental institutions). The framework provides building blocks for a strategy and hints for its realisation, but how the activities are executed depends entirely on the program’s context and is up to the program manager. It may prove helpful to look for consulting services and to exchange with peers.
  • No assumption is made about the level of technical knowledge within the organisation or the domain of activity. For example, some organisations will need to set up a complete training curriculum, while others might simply propose ad-hoc material to the teams.
  • Where possible, the names of hyperlinks are tagged with a language code for you to know the language of the content before opening it, e.g. (EN) for an english content. In case the language can be adapted or is configurable, the tagging is (MULTI).

Some activities will not be relevant to all situations, but the whole framework still provides a comprehensive roadmap and paves the way for tailored strategies.

About the Good Governance Initiative

At OW2, an initiative is a joint effort to address a market need. The Good Governance Initiative (EN) proposes a methodological framework to implement professional management of open source software within organisations.

The Good Governance initiative is based on a comprehensive model inspired by the popular Abraham Maslow’s hierarchy of human needs and motivations, as illustrated by the picture below.

Maslow and the GGI

Through ideas, guidelines and activities the Good Governance initiative provides a blueprint for the implementation of organisational entities tasked with professional management of open source software, what is also called OSPO (for Open Source Program Offices). The methodology is also a management system to define priorities, and monitor and share progress.

As they implement the OSS Good Governance methodology, organisations will enhance their skills in a number of directions, including:

  • using open source software properly and safely within the company to improve software reuse and maintainability and software development velocity;
  • mitigating the legal and technical risks associated with external code and collaboration;
  • identifying required training for teams, from developers to team leaders and managers, so everybody shares the same vision;
  • prioritizing goals and activities, to develop an efficient open source strategy;
  • communicating efficiently within the company and to the external world to make the most off the open source strategy;
  • improving the organisation’s competitiveness and attractiveness for top open source talents.

About the OSPO Alliance

The OSPO Alliance was launched by a coalition of leading open source non-profit organizations, including OW2, Eclipse Foundation, OpenForum Europe, and Foundation for Public Code, with a mission to grow awareness for open source and to promote the structured and professional management of open source by companies and administrations.

While the Good Governance initiative is focused on developing a management methodology, the OSPO Alliance has the broader goal to help companies, particularly in non-technology sectors, and public institutions discover and understand open source, start benefiting from it across their activities and grow to host their own OSPOs.

The OSPO Alliance has established the OSPO Alliance website hosted at https://ospo-alliance.org (EN). The OSPO Alliance serves the community with a safe place to discuss and exchange on the topics of OSPOs, and provides a repository for a comprehensive set of resources for corporations, public institutions, and research and academic organizations. The OSPO Alliance connects with OSPOs around the world as well as with supportive community organizations. It encourages best practices and fosters contribution to the sustainability of the open source ecosystem. Check out the OSPO Alliance (EN) website for a quick overview of complementary frameworks of IT management best practices.

The OSPO Alliance (EN) website is also the place where we collect feedback about the initiative and its content (e.g. activities, body of knowledge) from the community at large.

Translations

This book was originally written in English. It is also available in many other languages thanks to an ongoing community work to translate the GGI Handbook. As progress evolves rapidly, we recommend to check out our official website for a complete list of available translations.

See https://ospo-alliance.org/ggi/ (EN)

The GGI handbook is translated using Weblate (MULTI), an open source project and platform that offers free hosting for open source projects. We want to thank them deeply, as well as all our translation contributors. You are amazing.

See https://hosted.weblate.org/projects/ospo-zone-ggi/#languages (MULTI)

About this release

Cybersecurity: activities have been reviewed and challenged against security considerations. This perspective is reinforced due to todays’ increased focus on cybersecurity, amplified by regulations (US Executive Order 14028, EU Cyber resilience Act). In this release, security in activities are tuned in that perspective while strictly avoiding being regulation or geography specific.

Deploy My-GGI-Board on GitLab/GitHub: reflecting the demand from organisations, it is now possible to deploy My-GGI-Board on your own GitLab/GitHub spaces. This will create an Issues Board for a clear overview of your current activities and a static website to share progress and current work.

Translations: handbook content is now available in 9 languages on https://ospo-alliance.org/translations, both in a PDF each and online HTML. Based on Weblate and automation scripts, the handbook may now be generated with content and table of contents with different alphabets.

Enhancements & corrections: this version also contains updated links, minor corrections or updated wording based on user feedback.

Full roadmap and release history is available in our GGI Roadmap on Gitlab (EN).

Contributors

The following great people have contributed to the Good Governance Initiative handbook:

  • Frédéric Aatz (Microsoft France)
  • Boris Baldassari (Castalia Solutions, Eclipse Foundation)
  • Philippe Bareille (Ville de Paris)
  • Gaël Blondelle (Eclipse Foundation)
  • Vicky Brasseur (Wipro)
  • Philippe Carré (Nokia)
  • Pierre-Yves Gibello (OW2)
  • Michael Jaeger (Siemens)
  • Sébastien Lejeune (Thales)
  • Max Mehl (Free Software Foundation Europe)
  • Catherine Nuel (OW2)
  • Hervé Pacault (Orange)
  • Stefano Pampaloni (RIOS)
  • Christian Paterson (OpenUp)
  • Simon Phipps (Meshed Insights)
  • Silvério Santos (Orange Business)
  • Cédric Thomas (OW2)
  • Nicolas Toussaint (Orange Business)
  • Paolo Vecchi (Omnis Cloud)
  • Florent Zara (Eclipse Foundation)
  • Igor Zubiaurre (Bitergia)

This book was originally written in English. It is also available in other languages, please see our official website (EN) for a complete list.

Licence

This work is licenced under a Creative Commons Attribution 4.0 International (MULTI) licence (CC-BY 4.0). From the Creative Commons website:

You are free to:

  • Share it — copy and redistribute the material in any medium or format
  • Adapt it — remix, transform, and build upon the material

for any purpose, even commercially.

As long as you give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.

All content is Copyright OSPO Alliance and others.