October 2024 OSFF Survey and Discussion

Over the course of 2024, the OSR SIG completed the Checklist from the perspective of their own companies (13 results). Here are the results of that survey.

Per Level

An interesting thing to note here is that Contribution lags level 4. This matches up empirically with the opinions of those present. In 2024 contribution is a problem.

Per Activity

At this level, we noted that Building an Open Source Culture, Managing Open Source talent, Contributing a Firm Open Source Project and Leveraging open Source As A Strategy were rated lower than other activities.

Discussion

At a round table in October 2024, members of the FINOS community discussed the results. Since the meeting was Chatham House Rule, the transcript can't be published, however here are some abridged notes of the points raised:

1. Variability in Maturity and Capabilities Across Organizations:

   • Banks and large institutions differ significantly in their open-source maturity.
   • Some divisions excel in open-source contributions, while others lag (e.g., "level four or five" vs. "zeros and ones").

2. Challenges with Scale and Engineering Quality:

   • Managing open-source initiatives at scale (e.g., 30,000 engineers vs. 2,000 engineers) introduces unique challenges.
   • Metrics like code quality, productivity, and open-source contributions (e.g., using tools like Blue Optima) can help identify high-performing teams.

3. Industry Benchmarks and Surveying:

   • There’s value in benchmarking open-source engagement across industries beyond banking, such as blockchain and fintech.
   • Randomized surveys could provide more balanced data but face logistical challenges.

4. Emerging Metrics and Leadership Buy-In:

   • Metrics like contribution frequency, quality testing, and engagement are vital to measure success.
   • Open-source maturity checklists evolved from a self-assessment tool into a competitive benchmarking system.

5. Leadership and Governance:

   • To promote open-source participation, leadership must see tangible business benefits.
   • Governance structures (e.g., software radars or tracking tools) are essential for oversight and risk management.

6. Value of Open-Source in Decision-Making:

   • Open-source metrics inform strategic decisions at a business level, driving priorities like testing, quality assurance, and reduced production rollback rates.
   • Leaders need a tailored narrative to align open-source goals with business objectives.

7. Broader Ecosystem Considerations:

   • Beyond traditional financial services, industries with developer-centric cultures (e.g., blockchain) may approach open-source differently.
   • Exploring the interplay between internal processes (e.g., inner-source adoption) and external open-source contributions could be beneficial.

8. Resource Constraints and Individual Contributions:

   • Many organizations still rely on limited resources or even singular contributors for critical open-source projects.
   • This highlights the need for sustainable funding and broader participation.

9. Decision-Making Frameworks:

   • Effective open-source strategies require alignment from top leadership down to the engineering teams.
   • Examples include developer experience investment, structured documentation, and embedding open-source in the organizational culture.

10. Governance and Risk Management:

• Without oversight, organizations risk exposure to unknown dependencies or security vulnerabilities.
• Governance frameworks are vital for visibility into the software supply chain.