Check out all the on-demand sessions from the Intelligent Security Summit here.
Let the OSS Enterprise newsletter guide your open source journey! Sign up here.
Microsoft hasn’t always been a bastion of open source software (OSS) — former CEO Steve Ballmer once even went so far as to call OSS ‘a cancer’. But it’s changed days at the technology giant, with Ballmer’s successor Satya Nadella going to great lengths to convince the world that it was wrong about open source.
Seven years in the hot seat and counting, Nadella has overseen Microsoft joining the Linux Foundation, the open source initiative (OSI), and the open source security foundation (OSSF). The company has also open-sourced many of its own technologies, including the .NET framework. Elsewhere, Microsoft is a top contributor to third-party projects such as Google’s Chromium, and let’s not forget that it doled out $7.5 billion for GitHub, the de facto code hosting and collaboration platform for open source projects.
Earlier this year, Sarah Novotny, Microsoft’s open source lead for the Azure Office of the CTO, wrote that open source software is now the “accepted model” for cross-company collaboration, enabling Big Tech rivals to quickly join forces for the greater good. Underpinning much of this is the humble open source program office (OSPO), which has emerged as an integral part of business operations, ranging from venture capital-backed startups to the tech giants of the world.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
OSPOs bring formality and order to companies’ open source endeavors, helping them align project goals with key business objectives, set policies, manage license and compliance issues, and more. VentureBeat caught up with Stormy Peters, director of Microsoft’s open source programs office, to get the lowdown on Microsoft’s OSPO, its evolution since its launch back in 2014, and the role it plays in helping Microsoft manage its myriad open source efforts.
The open source factor
The benefits of open source software are well understood — it lowers the barrier to entry and gives companies greater control over their technology and data stack. But perhaps more than that, engaging and collaborating with the open source community is a focal point for most of the big tech companies because it helps them compete for top technical talent.
“These are exciting times as more and more organizations are engaging more with open source,” Peters said. “It’s also just as important to developers to be able to use open source in their work — jobs that involve open source are more likely to retain developers.”
However, the growing threat of software supply chain attacks and other security issues, not to mention all the license and compliance complexities, puts considerable pressure on developers and engineers when all they really want to be doing is building products. And that, ultimately, is what the OSPO is all about.
“OSPOs help make sure your developers can move quickly,” Peters said. “Without an OSPO, teams across Microsoft would probably have to do a lot more manual compliance work, and they would all have to reinvent the wheel when it comes to understanding open source licenses, compliance, best practices, and community — we know they’d do well, but we want to help them do even better and faster by learning from each other and using tools standard across the company.”
Open source program offices have evolved greatly through the years, according to Peters, with two specific changes standing out in terms of scope and industry adoption. “OSPOs no longer focus solely on license compliance and intellectual property concerns — we now help with best practices, training, outreach, and more,” Peters explained. “And, it’s no longer just tech companies that have OSPOs.”
Indeed, a recent survey from TODO Group, a membership-based organization for collaborating and sharing best practices around open source projects, found that while OSPO adoption is still at its highest in the tech industry, other industries such as education and the public sector are gaining steam.
“The types of Microsoft customers interested in creating OSPOs that I’ve spoken to range from a large retail business in North America, to a bank in South America, to a car manufacturer in Europe,” Peters added.
Microsoft’s OSPO tracks all the open source it uses internally, while it engages with its development teams that are looking to open-source their own software. It also figures out all the license issues to ensure they remain compliant, instigates any necessary legal and business reviews where required, provides training, and more.
“The OSPO works across the company to collaborate with different open source experts and leaders to help curate guidance and policy,” Peters said. “We want to reduce friction and make it easier for employees to use open source — that includes using and contributing to open source software, as well as launching projects in the community.”
Despite the extensive scope of the work, Microsoft’s OSPO team remains relatively lean with just eight people, though that doesn’t account for all those across the business and beyond that they actively engage with, from engineering through security, legal, marketing, and more. There is also a group of more than “100 open source champions” from across its global divisions who regularly meet with the OSPO to help pass on knowledge down the chain and through their own networks.
“Our job is to help make it easier for employees to use and contribute to open source,” Peters explained. “We work with all the groups to help set policy, empower employees with knowledge and tools, and consult different groups across Microsoft and others in the industry on their open source strategy.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.