search

finos / open-source-readiness

Accelerate financial services firms’ journeys toward open source readiness, by advancing the readiness of participants’ firms and informing guidance for the broader industry in the form of white papers, presentations, and blog posts.
https://osr.finos.org
Apache License 2.0
35 stars 29 forks source link

Quantify the benefits of higher OSMM levels #78

Open psmulovics opened 1 year ago

psmulovics commented 1 year ago

Making a model to trickle down the executive desire to execution.

robmoffat commented 11 months ago

Tagged @victorjunlu based on discussions yesterday

robmoffat commented 4 months ago

Level 3 (Contribution)

Cost of Forking:

1 FORK = E10,000 - 100,000 TCO (@tsteenbe) Unwitting creation of multiple forks of the same project.

We need to get more insight into SW development costs. Licensing / Compliance are known. Engineering perspective - 20-30% reduction In cloud build costs.

(PH) - Is there a misunderstanding that there is proprietary business logic in these forks, do management believe that's why they can't open source it? e.g.

(RM) - I'd not thought of this before because it's a huge violation of architectural principles.

A lot of managers communicate the need for forks to be proprietary as a moat to protect their workspace. If they could work with upstream directly, this would mean that staff are more fungible. Open Source is used as a defensive shield. Forks protect the engineering budget. This is like bad development Io create job security.

Internal Forks are waste (in the lean language)

Mobilty

However, CxOs are interested in employee mobility. Using proper open source packages aids mobility.

Measures

The goal should be to upstream form.

  1. Unmanaged (forks that were created without management supervision),
  2. Temporary - meant to die at some point. You should measure the lifespan of these.
  3. Hard forks - if you're not allowing contribution, then all forks are hard. the longer the life of the temporary fork, the more likely it becomes a hard fork.

For every fork, you should know where it goes: which projects it ends up in. etc. Otherwise it's unmanaged. Is it being built? is it used in a project?

Problems

CI/CD could be per-team, or for the whole organisation. Artifactory or Nexus should be able to tell you about this. A forked binary of Apache Commons. It could be hard to detect these at scale. Tools are bad here.

first step - get an organisational github org.

robmoffat commented 4 months ago

Gartner route

robmoffat commented 4 months ago

PS - the only internal alternative to forking is to write your own version

psmulovics commented 4 months ago

@mimiflynn , let's discuss whether we can put some numbers on this