Did you know that 100% of VMware software touches open source components?
We are part of the open source ecosystem, and it is part of us.
It’s been a while since VMware stepped with “strategic intent” into the open source ecosystem. Plenty has happened in the last several years: a boom, rapid growth, a pandemic, industry shifts, maybe a bust and still more changes are on the horizon. Those in open source look at the future and wonder what it holds. But what everyone can depend on is the strategic importance of open source and VMware’s unwavering commitment to the community.
For at least the past five years, the Linux Foundation’s TODO Group – or Talk Openly, Develop Openly – has surveyed open source contributors around the world to gauge the advancement, successes and challenges they face. The organization’s goal is to foster a comprehensive knowledge-sharing community to spread helpful open source tools and practices.
According to TODO’s “Open Source Program Office (OSPO) 2022 Survey,” 50% of respondents have adopted an OSPO, showing the highest level of adoption in the past five years. It’s clear that VMware’s OSPO is in good and growing company. Additionally, 65% of organizations that frequently contribute code upstream have a formally structured OSPO. To keep thriving, it’s essential that corporate OSPOs and individual contributors alike uphold three key pillars: compliance, community and invention.
1. Compliance
Open source compliance is VMware OSPO’s top priority. Really, it should be at the forefront of every open source user’s contributions. Without compliance, the open source ecosystem would eventually cease to exist. Radoslava Zheleva put it nicely earlier this year, saying, “Although OSS is free of charge, it’s not free of obligations.”
Like what Vice President and Chief Open Source Officer Chip Childers said recently in an interview, “Open source comes with risks. … We work with our product development teams and the security organization about best practices to help reduce risk from vulnerabilities.”
To be a responsible contributor and community member, license compliance must always be part of the equation, which includes proactive tools, proper training and adherence to Contributors License Agreements (CLAs) and Developer Certificate of Origin (DCO). It’s so important that there’s an entire Linux Foundation annual conference dedicated to compliance. TODO’s study revealed that “better license compliance” was among the top ten benefits companies with OSPOs realized.
2. Community
This was an active year for VMware on the conference circuit. We zigzagged the world making connections with our open source friends and collaborators. From Dublin and Detroit, to San Francisco, to tuning in around the world from our home offices, VMware employees presented on various topics about which they’re passionate. And while we were in attendance, we learned about new and exciting projects that piqued new passions. In the TODO survey, nearly half (48%) of respondents cited that one of the biggest advantages of their company’s OSPO is the greater influence they have in the open source community. We know that we love to meet our online collaborators in person whenever possible and work with a diverse range of incredibly skilled people.
Also, this year, we got to know our own colleagues better through our spotlight interview series. We learned their open source origin stories like how Nikhita found her love of coding in her quest for air conditioning, how Whitney melded her affinity for art with technical concepts, and Tasha’s technology journey. It’s important to highlight the contributions of open source standouts, especially giving the microphone to voices that traditionally are not as prevalent in the community to inspire new generations of contributors.
Is there someone extraordinary in the community you think we should highlight? Let us know!
3. Invention
2022 was the year of the software supply chain: advancements in understanding, adoption and technical releases. From SBOM creation and build reproducibility to community tooling like SLSA and sigstore, contributors and users can feel much better about the security of every software component. Securing the software supply chain is a huge job and is a challenge best met with the full force of the community.
VMware open source projects, like the Certifier Framework and Carvel, ease the adoption of Confidential Computing and management of Kubernetes, respectively. Carvel’s addition to the Cloud Native Computing Foundation, especially, demonstrates continued invention and is a big step forward in advancing the larger community. Any process that lessens the massive load upon the shoulders of contributors and maintainers, the more time they’ll have to focus on invention.
Thank you!
We’re happy to have such a strong and supportive open source community around us, and we’re awed each and every day by the brilliance of the community we have the privilege of working with. For continual growth, it’s key to learn something new every day, and we can’t wait to continue working alongside you. Happy new year and see you in 2023!
Stay tuned to the Open Source Blog and follow us on Twitter for more deep dives into the world of open source contributing.
