Guide to Open Source
Javier Perez
@jperezp_bos
Oct. 2018

Open Source Accelerating

GitHub Stats 2017

Top Open Source projects
Source: TechCrunch https://techcrunch.com/2017/04/07/tracking-the-explosive-growth-of-open-source-software/

GitHub cofounder Tom Preston-Werner
• Force multiplier
• Modular and documented
• Reduce duplication of effort
• Great advertising
• Attract talent
• Best technical interview possible

Other quotes about Open source

Not commonly associated with Open Source
• Adobe
• 273 GitHub repos, Cordova/PhoneGap http://opensource.adobe.com/
• Netflix
• All open, video streaming, build and deploy services to cloud elasticity, runtimes,
microservices http://netflix.github.io/
• Oracle
• Java, MySQL and OpenOffice. Supports the Linux Foundation, the Eclipse Foundation
and the OpenStack Foundation https://developer.oracle.com/opensource

• Samsung
• Only Intel and Red Hat have made more open source contributions to the Linux kernel
• Software for TVs, digital cameras, mobile phones and even smart refrigerators
• http://opensource.samsung.com/reception.do
• Microsoft
• Three years ago Microsoft decided to make open source pervasive throughout the
company and rolled open source into the main engineering groups. Everything is
published in GitHub and https://opensource.microsoft.com/
• In 2017 ~1,300 employees actively pushing code to 825 top repositories
Not commonly associated with Open Source

Top Org/Contributors to Open Source

Open Source
More than simply free “published” code

How to launch and Open Source project?
1. Open source license
2. README
3. Contribution guidelines
4. Code of conduct

1. Open Source License
• Every Open Source Software (OSS) needs a license file
• No license file means that it is not open source
• How much license reciprocity is required?
• What legal jurisdiction cover the license?
• GNU Project and Open Source Initiative with 100s of license types
• Most commonly used for open and free distribution: Apache or MIT

2. README file
• Good development practice
• More than how to use the project:
• What does the project do?
• Why is this project useful?
• How do I get started?
• Where can I get more help?

3. Contribution guidelines
• Add CONTRIBUTING file
• Tell the audience how to participate in your project
• How to file a bug report (GitHub issues and pull requests)
• How to suggest a new feature
• How to setup your environment and run tests
• Types of contributions you are looking for
• Vision and roadmap
• Mailing lists, even public JIRA

4. Code of conduct
• CODE_OF_CONDUCT file
• Where the code of conduct takes effect
• Whom the code of conduct applies to
• What happens if someone violates the code of conduct
• How to report violations
• Examples of unacceptable behavior by participants include:
• The use of sexualized language or imagery
• Personal attacks
• Trolling or insulting/derogatory comments
• Public or private harassment
• Publishing other's private information, such as physical or electronic addresses,
without explicit permission
• Other unethical or unprofessional conduct.

Roles in an Open Source project
• Maintainer
• ”Owner” and administrator, publish code, website, social media
• Committer
• Becoming a Committer in projects like Cordova, Node.js, Linux and others is a highly
regarded and respected role.
• Contributor
• Opportunity to learn, join a community and meet people.
• Users

Contribute to Projects
• Either company sponsored or individually
• It is called to “contribute upstream”
• When a company uses OSS if it does not contribute back upstream
their fixes or enhancements are left out. This drives high
maintenance cost

What not to Open Source
• Keys and credentials
• Customer data
• Employee data
• Patented intellectual property
• Code owned by other companies or entities (unless it is open source)

Open Source Foundations
• To collaborate and attract collaboration
• Independent and neutral body to promote project grow
• Legal guidance
• Examples:
• The Apache Software Foundation
• The Software Freedom Conservancy
• The Linux Foundation
• The Eclipse Foundation
• The Cloud Native Computing Foundation
• The OpenStack Foundation
• The Free Software Foundation
• The Open Source Initiative
• .NET Foundation
• Node.js Foundation

Open Source Business Models
• Product Support and Services Subscription model
• Software available for free, customers pay for productized version, support
and services
• From OSS projects to Products (commercialized)
https://redhatofficial.github.io

Open Source Business Models
• Pay for Additional features model
• Similar to in-app purchases on mobile apps
• OSS to keep growing the project and community
• Charge for advanced features and services
• Does not attract many contributors
 Support
 Admin tools
 Advanced security
 Advanced analytics
 Data viewer tool
 In-memory storage engine
 Integrations
 Commercial license
 Platform certification, training and
customer success program

Open Source Business Models
• Software as a Service model
• One of the most popular models now
• Hosting in the cloud, charging for the service
• No Capex for customers, up and running in minutes

Open Source Business Models
• Partnerships
• Keep it open and commercialize to partners that need the technology
• Offer a supported version to partners
• Mozilla Firefox gets paid by partners Yahoo, Amazon and Google for built-in
search
• Donations
• Wikipedia, and others

Build products and platforms with OSS
• Easier now with more open source components and libraries
• Easier now with APIs, microservices, all in container images

Why businesses are adopting OSS?
• To start for free or at a very low cost
• Use of the latest innovations
• Faster pace of bugs and vulnerabilities fixes
• Many options and many sources of support via documentation,
community forums/portals, videos and blog posts
• The power of working together, makes better OSS
• Developers are becoming full stack developers. Open source stacks
(MEAN, LAMP, others)
• Easier to recruit developers

It is time to open source
• We want to attract more developer users and employees
• We want to grow our community of users and contributors
• More open source tooling, integrations and plugins create stickiness
in the products
• Open source promotes improvement on architecture and coding
practices

Recommendations (1/4)
• Create a public GitHub Space (can also subscribe to a Business plan)
• Publish independent not core components
• Integrations and plugins
• Invite customers and developers to contribute (act as a maintainer)
• Take releases from GitHub repos
• Apply QA and QE
• Handover to Support
• Provide documentation

Recommendations (2/4)
• Monolithic to Microservices provides an opportunity to develop in the
open basic functions:
• Sign on, role based user management, monitoring, testing scripts
• Tools, scripts and CLIs currently in private repos
• Opportunity to showcase employees’ code, ideas and innovations

Recommendations (3/4)
• Target persona is developers
• Many organizations have now websites dedicated to developers
• https://developer.walmart.com
• https://developer.ibm.com/open/
• https://developer.twitter.com/
• Create developers.companyname.com, a place to find all technical
and developer-oriented information about your open source projects,
APIs and products.

Recommendations (4/4)
• Embrace open source app sec projects, don’t see them as threats or
competitors
• Find OSS that can complement and enhance your offering
• Build on top of OSS and contribute back
• Join a Foundation

Final Thought

Thank you
Javier Perez
@jperezp_bos