Community Blog

Open Source Readiness - Weekly Update - 14 February 2023

Written by Jim St. Clair | 2/14/23 4:31 PM

This year at FINOS we are focusing on one of FINOS' key existing projects: Open Source Readiness. This is FINOS' term for helping the finance industry "do open source properly". 

Training, Testing and Tools: Turning the wrench in open source 

As we have outlined in our previous blogs, it’s been exciting to see how much work already exists in other collaborative efforts. Here within the Linux Foundation, we have our FINOS’ Open Source Readiness project, and the TODO group, which are joined by the OSPO Alliance, OSPO++, and a multitude of organizations with their own open source programs. As noted last year, there has been an ongoing evolution in the open source programs in various industries, so the time seems right to harmonize these ideas to help define and benchmark open source efforts. 

As we mentioned before, FINOS is committed to building on what these groups have developed to begin synthesizing a Body of Knowledge and Maturity Model for organizations to leverage for adopting and contributing to open source. 

Why is this important?

There’s a tremendous amount of effort from committed parties to help define roles, activities and education to support and promote Open Source. This is hand-in-hand with organizations around the globe using OSPOs and contributing to code. However, a Body of Knowledge promotes comprehensive, uniform training, tasks and activities that are consensus-driven models for how to do something - in this case, how the Financial Industry agrees to adopt and contribute to open source. This follows similar methods in other industries to define key knowledge and activities and even support certification. For example, the CFA Institute and Project Management Institute maintain Bodies of Knowledge represents the core knowledge, skills, and abilities generally accepted and applied by professionals globally in their technical areas. 

Learning and Doing

While there are a multitude of guides and activities to support open source development, the Body of Knowledge will delineate not only the roles and responsibilities that organizations would adopt, but also the specific training they should complete, tasks that they perform, and tools that they would use.

For example, using open source license management as an example, the Body of Knowledge encompasses:

  • Training - specific courses and/or certifications based on roles (such as LF Training In License Compliance Management)
  • Tools - Training on compliance management also includes use of management tools, such as FOSSology or OpenChain.

Activities - Specific, demonstrable steps or actions that should/must be performed

Maturity Model

Given that the Body of Knowledge defines the roles, activities and tools, then the final step is agreement upon how comprehensively the organization applies it and integrates it into their operations - a level of organizational maturity. A good example is the Capability Maturity Model Integration (CMMI) maturity levels around organizational processes. CMMI is a model that helps organizations to enable process improvement, specifically to develop behaviors that decrease risks in service, product, and software development. The CMMI, and its various derivatives, includes 5 levels from “Ad hoc” to “fully integrated” processes. Building on that, FINOS wants to build what is arguably the first ever comprehensive and consensus-driven compilation of both information about open source programs and an ability to evaluate it, and ultimately benchmark within your organization. We are excited to help chart a path for FINOS members and the open source community! 

 

Interested in this FINOS open source project, or any of our other projects? Click the link below to see how to get involved in the FINOS Community.