[CFP]: How to automate your FOSS policy and processes

[tsteenbe]

Session Title

How to automate your FOSS policy and processes

Session Description

If you look at the OSPO mind map you will see an OSPO may have a lots of responsibilities such as "establish and improve Open Source processes", "oversee Open Source compliance", "eliminate friction from using and contributing to Open Source". Yet a lot of OSPOs only have a few people working on these responsibilities especially those who just started their OSPO. How do scale your OSPO with a small team?

Automation is the answer, but that raises the question which tools to use for which use cases. In this session Thomas will show how several OSPOs have been working together to create open source tooling to automate their FOSS policies and processes. He will demonstrates a reference processes for how one can automate 'oversee Open Source Compliance' and 'Publishing a new open source project' from start to finish and some of lessons he learned on automation over the years.

Benefits to the Ecosystem

You will learn:

• How you can automate your FOSS policy and processes by re-using the tooling, data and policy rules created by collaboration between several OSPOs under the Linux Foundation.
• How you can make your policy and process simpler thereby making the life easier of your organization's developers whilst keeping your legal counsel happy and can contribute to improve licensing/security in the FOSS community.
• What should be in your FOSS policy document and what not

Help us narrow down the focus a bit more. Please choose the OSPO related topic that best describes your proposal.

Adoption and Discovery, Compliance, Legal Developer Education, and Inventory, Evangelizing OSS Use and Ecosystem Participation

What level of experience should the audience have to best understand your presentation?

OSPO 101 (Beginner)

Speaker Name

Thomas Steenbergen

Speaker Bio

Thomas Steenbergen is the Head of Open Source Program Office at EPAM Systems (www.epam.com). He is steering committee member and one of the co-founders/organizers of the European Chapter of the TODO group and co-founder of the OpenChain Reference Tooling Work Group - both industry working groups where companies collaborate to address shared open source challenges. He is also an active contributor to the SPDX ISO specification for over 5 years, helping to better match what developers find in code and incorporate security (lead Security Profile).

As a core contributor to the OSS Review Toolkit, he enables highly automated open source policy checks in CI/CD by providing easy, open-source & scalable tooling and to share results in open standard (SBoM) formats. He is a frequent speaker and panellist at various global open source conferences and is always happy to start a conversation around anything open source. Thomas has held a variety of technical lead roles over the past 15 years across the Netherlands, United Kingdom and Germany.

Speaker preferred pronouns

he/him

[anajsana]

LGTM! As we discussed in slack, we can schedule this for the OSPOlogy November session (November 16 at 17:00 CET) @tsteenbe

[anajsana]

landing page created! https://community.linuxfoundation.org/events/details/lfhq-todo-group-presents-how-to-automate-your-foss-policy-and-processes/