An OSPO is people.

Your Open Source Program Office is not about the office you work in or the tools you use. Your OSPO should bring together people with different perspectives and expertise so that your organization can use open source correctly and effectively - no matter what you do.

Just a few of the groups and perspectives that should be represented:

Leadership and Legal

What is the overall goal of your organization? What strategies do you want to pursue, and what risks do you want to take? Consider:

  • M&A / Corporate development
  • Legal strategy and risk tolerance
  • Compliance


How does open source fit into the software development lifecycle? What about:

  • Source code scanning / CI / CD
  • Software composition analysis
  • Bills of Materials
  • Coordination with vendors/projects

IS/IT, Internal Tools

Working with open source requires high levels of automation. Who is responsible for:

  • Requests / Auditing
  • Process workflow
  • Security vulnerability identification / mitigation
  • Software supply chain issues

Communications and Marketing

Open source is a community activity. How do you talk about your open source efforts with others?

  • Pull request coordination/training
  • OSS conference coordination
  • Internal and external messaging
  • Marketing and promoting projects

Human Resources

Your OSPO can have a big effect on your ability to attract and retain great people. Think about:

  • Hiring developers
  • Training, CLEs
  • Guideline/Policy docs
  • Online behavior