[00:00.000 --> 00:11.200]  So, my name is Boris Baldassari, I work for the Eclipse Foundation as an open source consultant
[00:11.200 --> 00:17.000]  and I'd like to introduce the OSPO Alliance and the work we are doing on the Good Governance
[00:17.000 --> 00:19.000]  Initiative.
[00:19.000 --> 00:23.680]  So, to start with, what is an OSPO?
[00:23.680 --> 00:30.680]  So, OSPO stands for Open Source Program Office and it's a team within an organization that
[00:30.680 --> 00:34.520]  takes care of everything open source within the organization.
[00:34.520 --> 00:39.640]  So, it's supposed to be a single point of contact for any question people may have about
[00:39.640 --> 00:42.480]  open source licensing and so on.
[00:42.480 --> 00:47.720]  The OSPO is supposed to foster the awareness of open source within the organization, define
[00:47.720 --> 00:55.720]  and implement a strategy regarding open source for the organization, inbound, outbound and
[00:55.720 --> 00:57.720]  much more than that.
[00:57.720 --> 01:05.960]  So, the idea is to make sure that the organization makes a good use of the open source, they
[01:05.960 --> 01:09.560]  consume, produce and so on.
[01:09.560 --> 01:14.760]  It also includes things about the ecosystem, the open source ecosystem and the participation
[01:14.760 --> 01:19.720]  into the ecosystem, the open source ecosystem by the organization.
[01:19.720 --> 01:26.120]  It should be noted that it has many impacts on many domains, so it's from the legal, to
[01:26.120 --> 01:34.120]  the technical, to the security dependencies, development practices and so on.
[01:34.120 --> 01:42.760]  And it's a strong recent trend, so many organizations nowadays are in the process of setting up
[01:42.760 --> 01:44.960]  an OSPO.
[01:44.960 --> 01:49.360]  When I talk about organizations, I talk about any type of organization, so these could be
[01:49.360 --> 01:57.000]  corporations, SMEs, administrations, universities, NGOs and so on.
[01:57.000 --> 02:02.800]  The point with these organizations is that quite often they don't know anything about
[02:02.800 --> 02:08.760]  open source, it's not in their culture, so they just don't know where to start.
[02:08.760 --> 02:12.920]  That's where the OSPO Alliance comes into the picture.
[02:12.920 --> 02:20.640]  So, the OSPO Alliance was launched in 2021 by a group of four European non-profit organizations
[02:20.640 --> 02:26.240]  and the idea is to promote an approach to excellence in open source software management.
[02:26.240 --> 02:35.000]  We wanted it to be really easy to access, low barrier, there is no fee, there is no commitment.
[02:35.000 --> 02:39.800]  The only thing we ask is a letter of support, a statement of support from the organization
[02:39.800 --> 02:44.120]  to the principles of open source and the OSPO Alliance.
[02:44.120 --> 02:50.320]  All our activity is open, public and fully accessible, no need to register to get access
[02:50.320 --> 02:53.800]  to what we, to our outcomes.
[02:53.800 --> 03:00.000]  We are entirely governed by open source principles, so you can just come, join us, collaborate
[03:00.000 --> 03:07.240]  and if you are an active contributor, then you will become a maintainer and so on.
[03:07.240 --> 03:14.360]  And once again, it's for all types and sizes of organizations.
[03:14.360 --> 03:21.760]  Our mission is two-fold, so firstly, help the organizations make sure that they better
[03:21.760 --> 03:30.720]  use the open source software and ecosystem and properly take care of open source and
[03:30.720 --> 03:37.560]  also make them good citizens of the open source ecosystem, so not only consuming and producing
[03:37.560 --> 03:45.200]  but also participating and financing and being there and openly asserting their use of open
[03:45.200 --> 03:48.520]  source, so things like that.
[03:48.520 --> 03:53.680]  To achieve these goals, we have set up different sub-task forces.
[03:53.680 --> 04:00.360]  The first and the most visible one is the Good Governance Initiative Handbook, which
[04:00.360 --> 04:06.920]  is a blueprint to help organizations define and build their OSPO.
[04:06.920 --> 04:13.240]  We also provide a safe place to exchange information so people can ask any type of question when
[04:13.240 --> 04:18.880]  they are trying to replace some proprietary software by an open source alternative that
[04:18.880 --> 04:22.840]  they can ask for what others did.
[04:22.840 --> 04:27.280]  We have mailing lists, meetings, regular meetings.
[04:27.280 --> 04:33.880]  We participate to events and we also have a monthly session which is called the OSPO
[04:33.880 --> 04:40.240]  Unworn Sessions, where some of our members present how they did with their OSPO and share
[04:40.240 --> 04:45.400]  their good practices, their mistakes too.
[04:45.400 --> 04:54.520]  We also have a task force for evangelism and dissemination of our initiative.
[04:54.520 --> 05:00.560]  The Good Governance Handbook, as I said, is a blueprint to help organizations define,
[05:00.560 --> 05:08.960]  so build a roadmap and actually build their OSPO and make it a success.
[05:08.960 --> 05:15.080]  After that, we propose 25 activities, which are good practices that you want to implement
[05:15.080 --> 05:19.960]  when you build your OSPO and when you want to grow the open source awareness within your
[05:19.960 --> 05:22.080]  organization.
[05:22.080 --> 05:29.000]  These 25 activities are organized into five goals, which are levels of maturity.
[05:29.000 --> 05:36.560]  The first one will be identify the open source you use and identify the skills that you have.
[05:36.560 --> 05:44.760]  Start changing your contracts with your employees so they can actually contribute, set up or
[05:44.760 --> 05:52.680]  educate the legal team, educate the executives, contribute back, contribute upstream, assert
[05:52.680 --> 05:56.120]  publicly your use of open source, and so on.
[05:56.120 --> 06:05.040]  We also provide the methods to implement these 25 activities, so we recommend an agile-like
[06:05.040 --> 06:12.080]  process where you will pick a few activities, complete them, select a few other activities,
[06:12.080 --> 06:16.080]  and so on until you have completed the scope.
[06:16.080 --> 06:23.080]  We had quite some success, so the first edition of our Handbook was in 2021.
[06:23.080 --> 06:30.240]  Last year we did an update the 1.1 version, and we also have translations, so German and
[06:30.240 --> 06:36.800]  French are already available, and a few others are on their way, so Portuguese, Spanish, Italian,
[06:36.800 --> 06:40.080]  and whatever your language is, please join us.
[06:40.080 --> 06:45.280]  We use weblates, and we, of course, welcome contributors.
[06:45.280 --> 06:53.440]  Talking about the activities, they have really a wide range and scope, so it's from, as
[06:53.440 --> 06:58.480]  I said, identifying the open source you use, doing software composition analysis, dependency
[06:58.480 --> 07:03.360]  management, vulnerability management, it's also about implementing the good practices
[07:03.360 --> 07:09.760]  that we use in open source, so setting up peer reviews and things like that, training
[07:09.760 --> 07:17.280]  the people, HR, so the contract, allowing people to contribute, funding the ecosystem,
[07:17.280 --> 07:22.520]  the project that you use, and the foundation and the organization that make the open source
[07:22.520 --> 07:32.720]  ecosystem up to executive education and potentially making open source strategic asset for your
[07:32.720 --> 07:34.720]  organization.
[07:34.720 --> 07:40.640]  Each activity has the same structure, so we have a description that states what this
[07:40.640 --> 07:46.440]  activity is about, opportunity assessment, why would you implement this activity, what
[07:46.440 --> 07:53.240]  it will bring to you, progress assessment, so you know where you are and that enables
[07:53.240 --> 07:59.280]  to track your progress and know when you can, you can say that it's a complete activity
[07:59.280 --> 08:02.840]  and you can switch to the next.
[08:02.840 --> 08:08.360]  Recommendations, so feedback from the field, experienced people saying, well, you might
[08:08.360 --> 08:12.480]  have a look at this that will help, and also some tools and recommendations and resources
[08:12.480 --> 08:16.480]  that you might find useful.
[08:16.480 --> 08:23.680]  As I said, the good governance initiative is for any type of organizations, so there
[08:23.680 --> 08:28.260]  are activities that will not fit within your organization.
[08:28.260 --> 08:32.320]  The first thing that you will do actually when you will implement the handbook is look
[08:32.320 --> 08:38.240]  at all the activities and select the one that you want or reject the one that do not
[08:38.240 --> 08:44.200]  apply to your context, that's okay, and from there the activities are kind of generic,
[08:44.200 --> 08:50.320]  so what you want to do from there is for each activity create a scorecard which will be
[08:50.320 --> 08:59.000]  the local adaptation of the activity to your own organization, so that will imply stating
[08:59.000 --> 09:05.560]  the teams, the internal teams that you may reach out to, the competencies, skills that
[09:05.560 --> 09:10.800]  you may need, the processes, tools, and resources that you can use and that you will have to
[09:10.800 --> 09:17.440]  deal with, and also identify some specific tasks that are relevant to your context,
[09:17.440 --> 09:24.160]  and that this task will help you track your progress on the scorecard.
[09:24.160 --> 09:28.600]  We provide the scorecards in two versions, one is the PDF that you can simply print and
[09:28.600 --> 09:35.040]  fill in with a paper and pen, good old style, and also a digital one.
[09:35.040 --> 09:41.920]  So last year when we did the 1.1 version of the handbook, we introduced a new feature
[09:41.920 --> 09:46.120]  which is a deployable GGI program.
[09:46.120 --> 09:54.840]  So basically it's a GitLab project that you clone in your own GitLab or in any GitLab
[09:54.840 --> 10:00.600]  and from there there will be a bunch of scripts that will be executed, creates 25 activities
[10:00.600 --> 10:07.280]  as GitLab issues, so create a board so you can visualize them, you can click on an issue
[10:07.280 --> 10:11.400]  and see the description, opportunity assessment, and so on.
[10:11.400 --> 10:20.840]  From there you can edit the description to fill in your own scorecard, and once you have
[10:20.840 --> 10:25.240]  that, so you have all your issues, you can visualize them in the board, you have defined
[10:25.240 --> 10:28.480]  your scorecard, so you can just start working on them.
[10:28.480 --> 10:34.520]  So you select a few of them, you work on them, you complete them, you select a few other
[10:34.520 --> 10:36.240]  ones and so on.
[10:36.240 --> 10:43.680]  And each and every time, so it's a nightly script actually, but my GGI will create a
[10:43.680 --> 10:51.320]  GitLab page, a static website that will reflect where you are, what are your current activities,
[10:51.320 --> 10:58.600]  your past activities, and will even provide a simple dashboard.
[10:58.600 --> 11:06.440]  So the list of activities when you have implemented the my GGI looks like that, and the simple
[11:06.440 --> 11:10.800]  dashboard that you get and static website looks like that, so you have the full description
[11:10.800 --> 11:15.680]  of the activities that you are working on and also the scorecards.
[11:15.680 --> 11:23.960]  So it really tracks your own adaptation and implementation of the GGI program.
[11:23.960 --> 11:33.440]  So that's all, once again we are an open source initiative, so you can access all our resources
[11:33.440 --> 11:40.000]  for free, not even need to register whatsoever, you go to our website, Ospo-Alliance.org,
[11:40.000 --> 11:45.400]  from there you can download the Good Governance Handbook, there is an HTML version.
[11:45.400 --> 11:50.400]  You get access to all the translations that are available, and there is also a section
[11:50.400 --> 11:52.120]  about contributing.
[11:52.120 --> 11:59.600]  You can just simply join our calls, we have weekly calls and just connect, everything
[11:59.600 --> 12:04.760]  is there.
[12:04.760 --> 12:11.760]  So we are European based because our contributors are European, so it's really based on the
[12:11.760 --> 12:17.280]  European values and way of doing things and so on, but we are open to absolutely everyone.
[12:17.280 --> 12:23.600]  So just come, join us, you can help on the translations, on the updates of the handbook,
[12:23.600 --> 12:28.720]  on the dissemination, and if you want to follow us, it's here.
[12:28.720 --> 12:29.720]  And that's it.
[12:29.720 --> 12:30.720]  Thank you.
[12:30.720 --> 12:43.520]  Thank you very much.