According to Red Hat, 90% of IT leaders are using enterprise open-source technology. What’s most interesting, and perhaps most troubling, is that 10% don’t. These companies are missing out on tremendous opportunities that could make a significant impact on their business. According to Bill Joy, co-founder of Sun Microsystems, “…no matter who you are, most of the smartest people work for someone else…If you rely solely on your own employees, you’ll never solve all your customers’ needs.”
We’ll give you some tips on how to bring open-source software (OSS) into your organization and give you ideas on how to increase chances for adoption.
The Internet Runs on Open Source
The digital economy runs on open source. This, according to Forrester, is why “failure to fully consider open-source options is unwise. Within a few short years, it will be unforgivably negligent.” In a time when delivering yesterday isn’t fast enough, you need to be able to move quickly. Using OSS gives you access to tools that can save you time when releasing new features.
Your company likely already uses OSS web servers, publication tools, CSS frameworks, programming languages, and technologies such as Apache, WordPress, and React. But that’s only a fraction of what’s available. As of 2020, GitHub reports having more than 190 million repositories. There are so many more valuable additions available for you to incorporate into your projects.
Use and Share OpenSource Utilities
The OSS paradigm champions the value of sharing and is the backbone of creativity and innovation across software development today. There is a mindset shift required to embrace this approach and it’s ok to start small. Share with your teammates the tools and utilities that improve your daily work. Here are a few ideas to get you started from the open-source tools we have here at Stoplight:
Spectral – This popular JSON/YAML linter allows you to scan your code to automatically detect programming and stylistic errors.
Prism – The Prism library is an open-source HTTP mock and proxy server framework for building well-structured and maintainable XAML applications.
Elements – The Elements project is an open-source documentation tool that helps you build highly customized, interactive API Docs with embeddable web components generated from OpenAPI documents.
Create an Internal Advocacy Group
You may face some initial difficulty in getting your organization to embrace a formal OSS strategy. Business leaders may not appreciate the value of adopting this practice. In fact, many see it as a risk. You’ll stand a better chance of getting everyone on board if you create an internal advocacy group. This group can help educate the organization about the advantages of OSS. They can be champions in the effort to gain supporters and additional advocates.
Advocate for an Open-Source Policy
Historically, downloading an open-source tool was no problem. You were free to download and use whatever you liked at your discretion. Management simply turned a blind eye and a deaf ear as long as it worked and things got done. Unfortunately, things are no longer as easy.
There can be difficulties in working with open source: licensing concerns have the legal department on edge, security vulnerabilities put corporate data at risk, and version compatibility issues can wreak havoc on production code. Instead of giving up entirely, consider establishing an OSS policy to proactively address these issues.
An OSS policy exists to strike a balance between maximizing the impact and value of OSS and ensuring that any legal, technical, or business risks are mitigated. What you don’t want, however, is something that stands in the way of your productivity. The guidelines should be:
- Permissive in that they allow you to contribute (within specified guidelines)
- Explicit in the sense that the policy is well-documented and transparent
- Frictionless in that it avoids bureaucracy and red tape
- Minimizes risk to the company
- Consistently followed by everyone
The policy should address guidelines for creating, using, and contributing to open-source projects.
Creating Guidelines
What portions of the code will be released? What types of licenses will be used? Where will it be released? What legal and leadership approvals will be required? Ignoring these items could lead to fines due to violating licensing requirements or at worst exposing proprietary information.
Utilization
One of the most critical aspects of using OSS is knowing what type of license you are dealing with. Understanding the implications of permissive vs. copyleft is necessary to determine your rights for using or modifying the code.
Contributing
Innovation is a huge benefit of contributing to the community. But who owns the intellectual property rights, the company or the developer? This is something that will need to be addressed before you start contributing code. Also, the policy should outline what types of projects in which employees are allowed to participate in.
Consider Innersourcing
If you continue to face resistance to the adoption of open-source solutions, you may want to consider innersourcing. Innersourcing is the process of applying open-source best practices to proprietary code and making these practices available internally to teams across the organization. That way everyone contributes and gets used to the process.
In today’s remote-first culture, developers are spread across the organization and often separated across several time zones. How often do you really get to collaborate with these team members? Without collaboration, everyone misses out on sharing developmental strategies that can promote creative solutions. Innersourcing is a great way to share and leverage innovations across the company. Additional benefits of innersourcing include:
- Release new features to the customer faster
- Create opportunities to reuse resources across the organization
- Allow teams to start new projects without the hassle of requesting and waiting for resources
- InnerSourced code promotes good documentation that allows teams to use the code without a steep learning curve
Approaching change this way helps foster an open-source culture. Ultimately, it gives the company a chance to test the open-source waters while minding the organization’s risk profile.
Implement Continuous Compliance
The best policy will not do any good if it is not enforced. You’ll need procedures in place to ensure everyone plays by the rules. Enforcement, however, shouldn’t hinder your workflow. Automating and building compliance into your teams’ existing workflows is key to empowering developers’ productivity.
Integrate with Your CI/CD Processes
Build compliance into the CI/CD process, evaluating every commit and every build. Why? Because components may turn vulnerable even if they were initially cleared for use. Implementing dependency scans in the CI/CD pipeline can automatically find security vulnerabilities. That way the build will fail if any item is not compliant. Not only that, automating your compliance means it becomes a part of your workflow rather than a separate hindrance.
Explore Open Sourcing Your Tools
Fears around OSS abound — everything from “competitors will steal our ideas” to “open source is giving our business free”. But these misconceptions can cripple an organization’s chances of keeping pace with innovation. There are strong reasons to open source your tools that more than compensate for potential downsides. Not only do you benefit from more contributions, but you also pay it forward to the community. You’ll promote your company while attracting engineers to your cause.
As a developer, being engrossed in your code every day can lead to tunnel vision, which makes it hard to see the solution to problems right in front of you. Releasing your code to the community gets it in front of a magnitude of contributors, which according to Linus’s law means, “given enough eyeballs, all bugs are shallow.”
The open-source community is likely to spot things you may have inadvertently overlooked. The opportunity to surface bugs and edge cases more rapidly leads to higher-quality code. Another significant benefit is that fresh eyes bring forth new use cases beyond what was initially intended.
Contribute to The Community
How many times have you “worked around” or put a band-aid on a problem while in the back of your mind wondering if there was a better solution? Often there is, and chances are high that the OSS community has already developed a solution.
Exposure to New Features
Participating in the community gives you exposure to features that could benefit your projects based on what has worked for others. Google puts it best, “more perspectives make better software.”
A Win-Win for Everyone
Joe Beda, Principal Engineer at VMware sums it up nicely: “Open source participation is a win-win for the company and the community… This isn’t about philanthropy, it’s about the opportunity for all and innovation at speed.”
Giving Back
Companies relying on OSS tools in their technology stack should contribute resources back to the community so that everyone can benefit. Also, it is in a company’s best interest to support and help influence the direction of the technology on which it relies.
Attract and Retain Top Talent
Contributing to OSS projects makes your company stand out as a leader and influencer in the community. Developers love working with the leaders of technology. When you position yourself this way, you’ll likely have no trouble acquiring top talent for your team.
Open-Source API Design
Your APIs are one of your company’s greatest assets. Why not open them up to the community? We’ve already seen the benefits. Your biggest challenge will likely be gaining enough support to embrace and contribute to the open-source community. Stoplight’s OpenAPI designer is the perfect place to prototype new APIs for both internal and external use.
For more open-source tools that might benefit your organization, check out our blog on the open-source tools our engineering team utilizes on a daily basis to improve their workflow. Visit our open-source page on the Stoplight website to learn more about our open-source offerings that plug into your Stoplight Workspace.