Open source software is an integral part of the tech stack in many enterprises and their adoption rate is set to grow in coming years. The multifold benefits from open source software is enabling organizations to enhance business operational efficiency.

However, a closer introspection at how various organizations adopt open source software clearly displays the disparity that exists between them. A few organizations have attained the maturity to use open source software to its fullest and achieve long-term benefits. However, many organizations are still focused on adhoc consumption of open source software to develop or enhance their business applications often led by a short-term open source vision.

What determines open source maturity level of an organization?

The maturity level of an organization can be associated with three core focus areas with respect to open source software adoption – open source software policies and license compliance, management of open source assets, and contribution to open source community initiatives.

• Open source software policies and license compliance: Each organization should have a defined open source policy that will provide guidance for their development community to review for risks and license compliance for consumption of open source component.
• Management of open source assets: The organization should have a complete asset inventory of all its open source assets. This should be tracked and managed to ensure that latest versions are updated on these assets to avoid inherent issues from older versions to impact security posture of these applications.
• Contribution to open source community initiatives: Organizations either collaborate with peers or drive open source community initiatives with the focus on developing innovative solutions to address common business problems. This involvement is essential to drive newer solutions and enable corporate support for open source initiatives. Collaboration is essential to thrive open source community initiatives. Corporates have a significant role to play in such community initiatives.

Any organization that is missing out on any of these focus areas will not be able to leverage all the benefits of open source software in a consistent and long-term basis.

Open Source Maturity Model for Enterprises

To enable open source transformation, Wipro has defined an Open Source Maturity Model for Enterprises as depicted in Figure 1. It is based on how an organization manages its open source assets, collaborates on open source initiatives both internally and externally, attains open source license compliance, and encourages reusability of open source components with a focus on security for open source software.

                                                                     Figure 1: Wipro’s Open Source Maturity Model for Enterprises

Open source maturity levels and their key characteristics

Level – 1

Absence of open source policies with focus on adhoc consumption of open source software to meet immediate or short term needs.

Level - 2

High security risk posture for the organization due to absence of inventory of open source assets and inability to apply changes to these assets on time.

Level - 3

Well-defined organization policy for open source software, ensure license compliance and promote collaboration of open source components internally with continuous focus on security.

Level - 4

Have internal competency and capability to manage all open source assets, promote open source collaboration internally and participate in external community initiatives adhering to best practices to secure open source assets.

Level - 5

Organization possesses the expertise and maturity to drive open source community initiatives through collaboration with peers. It has long-term open source strategy and is focused on innovation through collaboration in a secure manner.

Benefits of achieving higher maturity levels

Achieving open source maturity

No organization can remain aloof from open source community initiatives. To participate in such initiatives, it is essential that they should perform an internal review and asses their open source management processes and policies. This assessment should be based on the Open Source Maturity Model for Enterprise. Such an assessment will help them map their maturity level and then define measures to move up their level.

Improving maturity level is an open source transformation journey that will strengthen the organization’s internal processes and build maturity to be involved in open source community initiatives.

Wipro will help accelerate your transformation journey. Please contact us at ask.opensource2@wipro.com to discuss the short and long-term benefits of achieving higher open source maturity.

Vinod Panicker

Distinguished Member of Technical Staff – Senior Member & Chief Architect – Cybersecurity, Blockchain & Open Source, Wipro

Vinod is a DMTS member and has over 21 years of experience in software development and product architecture. Vinod currently leads the open source and blockchain security initiatives for the cybersecurity practice at Wipro. He is an expert in decentralized identity, blockchain security, building open source solutions, community-led tools development, open-source licensing, and re-engineering of products.

Reza Mortazavi Alavi

Managing Consultant - Risk, Compliance, Assurance - UK/I/CE, Wipro

Reza, with over 15 years of experience in leading technology risk and security executive projects, works with global clients to analyze, develop, and deliver solutions for complex risk and security challenges in digital transformation projects.

Sumod Rajan George PMP

Sr. Project Manager, Cybersecurity and Risk services, Wipro

Sumod has two decades of experience in software development, managing various projects and programs for business domains, such as retail, finance, healthcare, and transportation. He is currently part of the open source and blockchain security team with CRS, which develops solutions around decentralized identity management using blockchain technology and focuses on trustware security.