Dawn Foster, profile picture
Uploaded byDawn Foster
145 views

Navigating Open Source Risk

This document discusses navigating open source project risk. It identifies several areas of risk for open source projects including ownership and governance, policies and documentation, community health, and lack of resources. It provides examples of lower risk approaches in each area such as having neutral foundations, documented processes, inclusive communities, and security policies. The document recommends making strategic decisions about risk and monitoring risks over time.

Software
Related topics:
All Things Open

Embed presentation

Download to read offline
©2021 VMware, Inc. @geekygirldawn Navigating Open Source Project Risk All Things Open October 2021 Dr. Dawn M. Foster Director of OSS Community Strategy fosterd@vmware.com fastwonderblog.com Open Source at VMware @vmwopensource blogs.vmware.com/opensource
@geekygirldawn ©2021 VMware, Inc. Why should you care? Ownership and Governance Policies and Documentation Community Resources Final Thoughts 2 Agenda Photo by Marco Verch - CC BY 2.0
©2021 VMware, Inc. @geekygirldawn 3 whoami • Geek, traveler, reader • 20+ yr tech career focused on community & open source 
 (Intel, Puppet, Scale Factory, …) • OpenUK Board, CHAOSS Board and Maintainer, TODO Group Steering • CNCF Contributor Strategy TAG • PhD from the University of Greenwich focus on Linux kernel collaboration Photos by Mom, Josh Bancroft, Don Park
©2021 VMware, Inc. @geekygirldawn Your business could be disrupted 4 Why do we care about risk? https://xkcd.com/2347/
©2021 VMware, Inc. @geekygirldawn Strategies should take OSS risk into account 5 Risk and Strategy
©2020 VMware, Inc. @geekygirldawn Ownership and Governance Photo by K-nekoTR - CC BY-NC-ND 2.0
©2021 VMware, Inc. @geekygirldawn 7 Business Risk Licensing Example Server Side Public License* (SSPL) *Not an Open Source Initiative (OSI) approved open source license!
©2021 VMware, Inc. @geekygirldawn 8 Business Risk Governance Examples Undermines the project leading to forks and other disruptions
©2021 VMware, Inc. @geekygirldawn Leadership, trademarks, and projects 9 Determining Neutrality for Foundations? Image by Thomas Hawk CC BY-NC 2.0
©2021 VMware, Inc. @geekygirldawn Lower risk: participate as equals 10 Neutral Foundations
©2021 VMware, Inc. @geekygirldawn Higher risk: single company in control 11 Company Originated Photo by Jan Fidler - CC BY 2.0
©2020 VMware, Inc. @geekygirldawn Lower risk: Processes for how people collaborate and make decisions 12 Governance is about People
©2021 VMware, Inc. @geekygirldawn Lower risk: documented neutral leadership by individuals 13 Leadership Image by the CNCF CC BY-NC 2.0
©2021 VMware, Inc. @geekygirldawn 14 Photo by Gael Varoquaux CC BY 2.0 Policies and Documentation
©2021 VMware, Inc. @geekygirldawn Lower risk: proactive security response and policies 15 Security Image by darwin Bell CC BY-NC 2.0
©2021 VMware, Inc. @geekygirldawn Licensing, code of conduct, contribution, and communication process 16 Minimum Documentation Photo by Ginny - CC BY-SA 2.0
©2020 VMware, Inc. @geekygirldawn Community Image by the CNCF CC BY-NC 2.0
©2021 VMware, Inc. @geekygirldawn Lower risk: helpful, kind, respectful, and welcoming 18 Awesome Community Kubernetes CNCF CC BY 4.0
©2020 VMware, Inc. @geekygirldawn Inclusive projects are lower risk 19 Diversity, Equity, and Inclusion Photo by David Jakes - CC BY 2.0 https://chaoss.community/metrics
©2021 VMware, Inc. @geekygirldawn Lower risk: keeps up with contributions 20 Responsiveness Image by Joe Penniston CC BY-NC-ND 2.0
©2021 VMware, Inc. @geekygirldawn Lower risk: active contributors and organizational diversity 21 Contributor Risk Image by the CNCF CC BY-NC 2.0
©2021 VMware, Inc. @geekygirldawn Lower Risk: many adopters / end users 22 Adopters Image by the CNCF CC BY-NC 2.0
@geekygirldawn ©2020 VMware, Inc. 23 Resources Linux Foundation’s TODO Group https://todogroup.org/guides/ CNCF Contributor Strategy TAG Docs https://contribute.cncf.io/maintainers/ The Open Source Way Guidebook https://github.com/theopensourceway/guidebook/ Photo by Vicente - CC BY-NC-ND 2.0
©2021 VMware, Inc. @geekygirldawn Make informed and strategic decisions about how much risk to accept and plan to monitor / mitigate those risks. 24 Final Thoughts on Risk Photo by Mohanraj Sivanandam - CC BY 2.0
©2021 VMware, Inc. @geekygirldawn Dr. Dawn M. Foster fosterd@vmware.com fastwonderblog.com Open Source at VMware blogs.vmware.com/opensource @vmwopensource 25 Thank You! Photo by Thangaraj Kumaravel - CC BY-NC-ND 2.0

More Related Content

PDF
Navigating Open Source Risk
byDawn Foster
 
PDF
Collaborative Leadership: Governance Beyond Company Affiliation
byDawn Foster
 
PDF
Collaborative Leadership: Governance Beyond Company Affiliation
byDawn Foster
 
PDF
Collaborative Leadership: Governance Beyond Company Affiliation
byDawn Foster
 
PDF
Is this Open Source Project Healthy or Lifeless?
byAll Things Open
 
PDF
Is this Open Source Project Healthy or Lifeless?
byDawn Foster
 
PDF
Being a Good Corporate Citizen in Open Source
byDawn Foster
 
PDF
Measuring Project Health at VMware
byDawn Foster
 
Navigating Open Source Risk
byDawn Foster
 
Collaborative Leadership: Governance Beyond Company Affiliation
byDawn Foster
 
Collaborative Leadership: Governance Beyond Company Affiliation
byDawn Foster
 
Collaborative Leadership: Governance Beyond Company Affiliation
byDawn Foster
 
Is this Open Source Project Healthy or Lifeless?
byAll Things Open
 
Is this Open Source Project Healthy or Lifeless?
byDawn Foster
 
Being a Good Corporate Citizen in Open Source
byDawn Foster
 
Measuring Project Health at VMware
byDawn Foster
 

Similar to Navigating Open Source Risk

PDF
CHAOSS Metrics Overview and Examples
byDawn Foster
 
PDF
Collaborative Leadership: Governance Beyond Company Affiliation
byDawn Foster
 
PDF
How to Be a Good Corporate Citizen in Open Source
byDawn Foster
 
PDF
stackconf 2022: How to Be a Good Corporate Citizen in Open Source
byNETWAYS
 
PDF
Open Source Collaboration and Companies: Finding the Right Balance
byDawn Foster
 
PDF
Be a Good Corporate Citizen in Kubernetes
byDawn Foster
 
PDF
Be a Good Corporate Citizen in Kubernetes
byDawn Foster
 
PPTX
VMware Corporate Overview Presentation 2001, VMware Perspectiva Corporativa
bySuministros Obras y Sistemas
 
PDF
Community catalysts value of open source
byDave Neary
 
PDF
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
byParis Open Source Summit
 
PDF
Continuous Verification in a Serverless World
byLeon Stigter
 
PDF
Trusting Your Ingredients @DevOpsDays Columbus 2019
byLeon Stigter
 
PDF
Ensuring Security and Feature Freshness with VMware Tanzu Observability
byVMware Tanzu
 
PDF
Open source software 101: Compliance and risk management
byOsler, Hoskin & Harcourt LLP
 
PDF
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
bySynopsys Software Integrity Group
 
PDF
Stu w22 a
bySelectedPresentations
 
PDF
Vmware’s move to a digital workspace
bysporta72
 
PDF
Open Source Security for Newbies - Best Practices
byBlack Duck by Synopsys
 
PPTX
Lunix xx
bydhabiahbader
 
PPT
Ten Elements of Open Source Governance
byRogue Wave Software
 
CHAOSS Metrics Overview and Examples
byDawn Foster
 
Collaborative Leadership: Governance Beyond Company Affiliation
byDawn Foster
 
How to Be a Good Corporate Citizen in Open Source
byDawn Foster
 
stackconf 2022: How to Be a Good Corporate Citizen in Open Source
byNETWAYS
 
Open Source Collaboration and Companies: Finding the Right Balance
byDawn Foster
 
Be a Good Corporate Citizen in Kubernetes
byDawn Foster
 
Be a Good Corporate Citizen in Kubernetes
byDawn Foster
 
VMware Corporate Overview Presentation 2001, VMware Perspectiva Corporativa
bySuministros Obras y Sistemas
 
Community catalysts value of open source
byDave Neary
 
#OSSPARIS19 - Understanding Open Source Governance - Gilles Gravier, Wipro Li...
byParis Open Source Summit
 
Continuous Verification in a Serverless World
byLeon Stigter
 
Trusting Your Ingredients @DevOpsDays Columbus 2019
byLeon Stigter
 
Ensuring Security and Feature Freshness with VMware Tanzu Observability
byVMware Tanzu
 
Open source software 101: Compliance and risk management
byOsler, Hoskin & Harcourt LLP
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
bySynopsys Software Integrity Group
 
Stu w22 a
bySelectedPresentations
 
Vmware’s move to a digital workspace
bysporta72
 
Open Source Security for Newbies - Best Practices
byBlack Duck by Synopsys
 
Lunix xx
bydhabiahbader
 
Ten Elements of Open Source Governance
byRogue Wave Software
 

More from Dawn Foster

PDF
Overcoming Imposter Syndrome to Become a Conference Speaker!
byDawn Foster
 
PDF
Building Community for your Company’s OSS Project
byDawn Foster
 
PDF
Building Community for your Company’s OSS Projects
byDawn Foster
 
PDF
Understanding Collaboration in Fluid Organizations, a Proximity Approach
byDawn Foster
 
PDF
Building a Community Metrics Strategy FOSDEM 2019
byDawn Foster
 
PDF
Open Source Collaboration and Companies: Finding the Right Balance
byDawn Foster
 
PDF
Being a Good Corporate Citizen in Open Source
byDawn Foster
 
PDF
Strategies to Balance the Needs of the Company and the Community
byDawn Foster
 
PDF
Open Source Collaboration and Companies: Finding the Right Balance
byDawn Foster
 
PDF
Collaboration in Linux Kernel Mailing Lists
byDawn Foster
 
PDF
Open Source Collaboration: Finding the right balance
byDawn Foster
 
PDF
A week in the Life of Kubernetes
byDawn Foster
 
PDF
Collaboration in Linux Kernel mailing lists
byDawn Foster
 
PDF
Collaboration in Linux kernel Mailing Lists
byDawn Foster
 
PDF
Collaboration in Linux Kernel Mailing Lists
byDawn Foster
 
PDF
Collaboration in inux Kernel Mailing Lists 2018
byDawn Foster
 
PDF
How to be a terrible hiring manager
byDawn Foster
 
Overcoming Imposter Syndrome to Become a Conference Speaker!
byDawn Foster
 
Building Community for your Company’s OSS Project
byDawn Foster
 
Building Community for your Company’s OSS Projects
byDawn Foster
 
Understanding Collaboration in Fluid Organizations, a Proximity Approach
byDawn Foster
 
Building a Community Metrics Strategy FOSDEM 2019
byDawn Foster
 
Open Source Collaboration and Companies: Finding the Right Balance
byDawn Foster
 
Being a Good Corporate Citizen in Open Source
byDawn Foster
 
Strategies to Balance the Needs of the Company and the Community
byDawn Foster
 
Open Source Collaboration and Companies: Finding the Right Balance
byDawn Foster
 
Collaboration in Linux Kernel Mailing Lists
byDawn Foster
 
Open Source Collaboration: Finding the right balance
byDawn Foster
 
A week in the Life of Kubernetes
byDawn Foster
 
Collaboration in Linux Kernel mailing lists
byDawn Foster
 
Collaboration in Linux kernel Mailing Lists
byDawn Foster
 
Collaboration in Linux Kernel Mailing Lists
byDawn Foster
 
Collaboration in inux Kernel Mailing Lists 2018
byDawn Foster
 
How to be a terrible hiring manager
byDawn Foster
 

Recently uploaded

PDF
NYC ACE 12-Nov-2025-Combined Presentation.pdf
byAUGNYC
 
PDF
A new Vision of Software Sustainability and its Engineering: Reflections and ...
byPatricia Lago
 
PDF
AI/ML Infra Meetup | SkyPilot: Open-source System to Scale AI across Clusters...
byAlluxio, Inc.
 
PPTX
Enhance Workplace Safety with EHA Good Catch System
byEHA Soft Solutions
 
PDF
SWEBOK: the software engineering body of knowledge (SC25 Workshop Research So...
byHironori Washizaki
 
PDF
Hyperon Chain – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority1
 
PDF
DSD-INT 2025 From Software to Impact - Water Quality Modelling for the UN Oce...
byDeltares
 
PDF
The Evolution of Project Portfolio Management - What Modern PMOs Are Doing Di...
byOnePlan Solutions
 
PDF
Oracle AI Database 26ai _ AI-Native Database for Enterprises.pdf
byAstuteBusiness
 
PDF
How to Make Your AI Reliable: Comprehensive Guide to Testing AI Applications ...
byQATestLab Quality is a rule
 
PPTX
Harnessing BUSY Software for Smart Business Management.pptx
byMoving Cloud
 
PDF
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
PDF
Smarter Testing Safer Systems Balancing AI and Oversight in Regulated Environ...
byApplitools
 
PDF
6 Hotel Booking Trends You Can’t Ignore in 2025.pdf
byHotelogix
 
PDF
DSD-INT 2025 REACT - Rapid E-flow Assessment and Communication Tool - Flores
byDeltares
 
PPTX
The Sync Strikes Back: Tales from the MOPs Trenches
bybbedford2
 
PDF
DSD-INT 2025 Transport and Fate of Microplastics in Fluvial System (Rhine Riv...
byDeltares
 
PDF
DSD-INT 2025 3D Modeling of Shallow Water Dynamics Using Delft3D FM - Martins
byDeltares
 
PDF
Threat Hunting with Garuda: From Manual Analysis to AI-Driven Hunting By Monn...
byCysinfo Cyber Security Community
 
PPTX
Short Film Script Development Process HARMONIA
byzdolezalmedia
 
NYC ACE 12-Nov-2025-Combined Presentation.pdf
byAUGNYC
 
A new Vision of Software Sustainability and its Engineering: Reflections and ...
byPatricia Lago
 
AI/ML Infra Meetup | SkyPilot: Open-source System to Scale AI across Clusters...
byAlluxio, Inc.
 
Enhance Workplace Safety with EHA Good Catch System
byEHA Soft Solutions
 
SWEBOK: the software engineering body of knowledge (SC25 Workshop Research So...
byHironori Washizaki
 
Hyperon Chain – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority1
 
DSD-INT 2025 From Software to Impact - Water Quality Modelling for the UN Oce...
byDeltares
 
The Evolution of Project Portfolio Management - What Modern PMOs Are Doing Di...
byOnePlan Solutions
 
Oracle AI Database 26ai _ AI-Native Database for Enterprises.pdf
byAstuteBusiness
 
How to Make Your AI Reliable: Comprehensive Guide to Testing AI Applications ...
byQATestLab Quality is a rule
 
Harnessing BUSY Software for Smart Business Management.pptx
byMoving Cloud
 
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
Smarter Testing Safer Systems Balancing AI and Oversight in Regulated Environ...
byApplitools
 
6 Hotel Booking Trends You Can’t Ignore in 2025.pdf
byHotelogix
 
DSD-INT 2025 REACT - Rapid E-flow Assessment and Communication Tool - Flores
byDeltares
 
The Sync Strikes Back: Tales from the MOPs Trenches
bybbedford2
 
DSD-INT 2025 Transport and Fate of Microplastics in Fluvial System (Rhine Riv...
byDeltares
 
DSD-INT 2025 3D Modeling of Shallow Water Dynamics Using Delft3D FM - Martins
byDeltares
 
Threat Hunting with Garuda: From Manual Analysis to AI-Driven Hunting By Monn...
byCysinfo Cyber Security Community
 
Short Film Script Development Process HARMONIA
byzdolezalmedia
 

Navigating Open Source Risk

  • 1.
    ©2021 VMware, Inc.@geekygirldawn Navigating Open Source Project Risk All Things Open October 2021 Dr. Dawn M. Foster Director of OSS Community Strategy fosterd@vmware.com fastwonderblog.com Open Source at VMware @vmwopensource blogs.vmware.com/opensource
  • 2.
    @geekygirldawn ©2021 VMware, Inc. Whyshould you care? Ownership and Governance Policies and Documentation Community Resources Final Thoughts 2 Agenda Photo by Marco Verch - CC BY 2.0
  • 3.
    ©2021 VMware, Inc.@geekygirldawn 3 whoami • Geek, traveler, reader • 20+ yr tech career focused on community & open source 
 (Intel, Puppet, Scale Factory, …) • OpenUK Board, CHAOSS Board and Maintainer, TODO Group Steering • CNCF Contributor Strategy TAG • PhD from the University of Greenwich focus on Linux kernel collaboration Photos by Mom, Josh Bancroft, Don Park
  • 4.
    ©2021 VMware, Inc.@geekygirldawn Your business could be disrupted 4 Why do we care about risk? https://xkcd.com/2347/
  • 5.
    ©2021 VMware, Inc.@geekygirldawn Strategies should take OSS risk into account 5 Risk and Strategy
  • 6.
    ©2020 VMware, Inc.@geekygirldawn Ownership and Governance Photo by K-nekoTR - CC BY-NC-ND 2.0
  • 7.
    ©2021 VMware, Inc.@geekygirldawn 7 Business Risk Licensing Example Server Side Public License* (SSPL) *Not an Open Source Initiative (OSI) approved open source license!
  • 8.
    ©2021 VMware, Inc.@geekygirldawn 8 Business Risk Governance Examples Undermines the project leading to forks and other disruptions
  • 9.
    ©2021 VMware, Inc.@geekygirldawn Leadership, trademarks, and projects 9 Determining Neutrality for Foundations? Image by Thomas Hawk CC BY-NC 2.0
  • 10.
    ©2021 VMware, Inc.@geekygirldawn Lower risk: participate as equals 10 Neutral Foundations
  • 11.
    ©2021 VMware, Inc.@geekygirldawn Higher risk: single company in control 11 Company Originated Photo by Jan Fidler - CC BY 2.0
  • 12.
    ©2020 VMware, Inc.@geekygirldawn Lower risk: Processes for how people collaborate and make decisions 12 Governance is about People
  • 13.
    ©2021 VMware, Inc.@geekygirldawn Lower risk: documented neutral leadership by individuals 13 Leadership Image by the CNCF CC BY-NC 2.0
  • 14.
    ©2021 VMware, Inc.@geekygirldawn 14 Photo by Gael Varoquaux CC BY 2.0 Policies and Documentation
  • 15.
    ©2021 VMware, Inc.@geekygirldawn Lower risk: proactive security response and policies 15 Security Image by darwin Bell CC BY-NC 2.0
  • 16.
    ©2021 VMware, Inc.@geekygirldawn Licensing, code of conduct, contribution, and communication process 16 Minimum Documentation Photo by Ginny - CC BY-SA 2.0
  • 17.
    ©2020 VMware, Inc.@geekygirldawn Community Image by the CNCF CC BY-NC 2.0
  • 18.
    ©2021 VMware, Inc.@geekygirldawn Lower risk: helpful, kind, respectful, and welcoming 18 Awesome Community Kubernetes CNCF CC BY 4.0
  • 19.
    ©2020 VMware, Inc.@geekygirldawn Inclusive projects are lower risk 19 Diversity, Equity, and Inclusion Photo by David Jakes - CC BY 2.0 https://chaoss.community/metrics
  • 20.
    ©2021 VMware, Inc.@geekygirldawn Lower risk: keeps up with contributions 20 Responsiveness Image by Joe Penniston CC BY-NC-ND 2.0
  • 21.
    ©2021 VMware, Inc.@geekygirldawn Lower risk: active contributors and organizational diversity 21 Contributor Risk Image by the CNCF CC BY-NC 2.0
  • 22.
    ©2021 VMware, Inc.@geekygirldawn Lower Risk: many adopters / end users 22 Adopters Image by the CNCF CC BY-NC 2.0
  • 23.
    @geekygirldawn ©2020 VMware, Inc.23 Resources Linux Foundation’s TODO Group https://todogroup.org/guides/ CNCF Contributor Strategy TAG Docs https://contribute.cncf.io/maintainers/ The Open Source Way Guidebook https://github.com/theopensourceway/guidebook/ Photo by Vicente - CC BY-NC-ND 2.0
  • 24.
    ©2021 VMware, Inc.@geekygirldawn Make informed and strategic decisions about how much risk to accept and plan to monitor / mitigate those risks. 24 Final Thoughts on Risk Photo by Mohanraj Sivanandam - CC BY 2.0
  • 25.
    ©2021 VMware, Inc.@geekygirldawn Dr. Dawn M. Foster fosterd@vmware.com fastwonderblog.com Open Source at VMware blogs.vmware.com/opensource @vmwopensource 25 Thank You! Photo by Thangaraj Kumaravel - CC BY-NC-ND 2.0