- Home
- >
- DevOps News
- >
- 3 Core Tenets of the VMware Open Source Program Office – InApps
3 Core Tenets of the VMware Open Source Program Office – InApps is an article under the topic Devops Many of you are most interested in today !! Today, let’s InApps.net learn 3 Core Tenets of the VMware Open Source Program Office – InApps in today’s post !
Key Summary
- Overview: The article by InApps Technology explores the three core tenets of VMware’s Open Source Program Office (OSPO) in 2022, highlighting how VMware integrates open source principles into its operations to drive innovation, collaboration, and compliance, with insights applicable to software development practices.
- What is VMware’s OSPO?:
- Definition: VMware’s Open Source Program Office is a dedicated entity responsible for managing the company’s engagement with open source software, ensuring strategic alignment, compliance, and community contribution.
- Purpose: Facilitates VMware’s use of and contribution to open source projects, fostering innovation and maintaining trust with the open source community.
- Context: VMware, a leader in virtualization and cloud computing, relies heavily on open source technologies (e.g., Kubernetes, Linux) to enhance its products.
- 3 Core Tenets of VMware’s OSPO:
- 1. Open Source as a Strategic Asset:
- Tenet: VMware views open source software as a critical driver of innovation and competitive advantage, not just a cost-saving tool.
- Details: Actively contributes to and consumes open source projects to accelerate product development and align with industry standards.
- Actions: Sponsors key projects (e.g., Kubernetes, Harbor), encourages employee contributions, and integrates open source into products like VMware Tanzu.
- Impact: Enhances product quality, reduces development time, and builds ecosystem trust.
- Example: VMware’s contributions to Kubernetes improve container orchestration for its cloud solutions.
- 2. Community Engagement and Collaboration:
- Tenet: VMware prioritizes active participation in open source communities to foster collaboration and mutual benefit.
- Details: Engages through code contributions, event sponsorships (e.g., KubeCon), and transparent communication with developers.
- Actions: Maintains open source projects like Harbor (container registry) and Velero (backup/recovery), and supports community governance models.
- Impact: Strengthens relationships, gains community insights, and drives adoption of VMware-backed projects.
- Example: VMware developers collaborate on GitHub to enhance Harbor’s features based on community feedback.
- 3. Compliance and Governance:
- Tenet: VMware ensures strict adherence to open source licenses and implements robust governance to mitigate legal and operational risks.
- Details: Manages license compliance (e.g., Apache, MIT, GPL), tracks dependencies, and educates teams on open source obligations.
- Actions: Uses tools like Black Duck or FOSSA for dependency scanning, maintains internal policies, and conducts regular audits.
- Impact: Protects intellectual property, avoids legal issues, and builds trust with stakeholders.
- Example: VMware scans a product’s codebase to ensure GPL compliance before release.
- 1. Open Source as a Strategic Asset:
- Benefits of VMware’s OSPO Tenets:
- Innovation: Strategic open source use accelerates development and adoption of cutting-edge technologies.
- Trust: Community engagement and compliance build credibility with developers and customers.
- Cost Efficiency: Leveraging open source reduces proprietary development costs; offshore support in Vietnam ($20–$50/hour via InApps) saves 20–40% vs. U.S./EU rates ($80–$150/hour).
- Scalability: Governance ensures open source projects scale securely within enterprise environments.
- Collaboration: Community contributions enhance VMware’s ecosystem and influence industry standards.
- Challenges:
- License Complexity: Navigating diverse open source licenses (e.g., GPL vs. permissive) requires expertise.
- Resource Allocation: Balancing internal development with community contributions can strain teams.
- Security Risks: Open source dependencies may introduce vulnerabilities (e.g., Log4j).
- Cultural Shift: Embedding open source practices across a large organization demands ongoing education.
- Security Considerations:
- Dependency Scanning: Use Snyk or Dependabot to identify and patch vulnerabilities in open source libraries.
- Secure Contribution: Implement code reviews and signed commits to ensure integrity.
- Auditing: Log compliance checks for audit trails to meet SOC 2 or ISO 27001 standards.
- Example: InApps integrates Snyk to secure open source dependencies in a client’s Kubernetes cluster.
- Use Cases:
- Cloud Computing: Enhancing VMware Tanzu with Kubernetes contributions for scalable cloud platforms.
- Containerization: Maintaining Harbor for secure container image management.
- Backup/Recovery: Supporting Velero for disaster recovery in cloud-native environments.
- Enterprise Software: Ensuring compliance for open source components in VMware products.
- InApps Technology’s Role:
- Leading HCMC-based provider with 500+ experts in open source development, skilled in Kubernetes, cloud, and DevOps.
- Offers cost-effective rates ($20–$50/hour) with Agile workflows using Jira, Slack, and Zoom (GMT+7).
- Supports open source integration, compliance, and community engagement for global clients.
- Example: InApps builds a Kubernetes-based platform for a U.S. client, leveraging VMware’s open source tools.
- Recommendations:
- Treat open source as a strategic asset by contributing to and consuming relevant projects.
- Actively engage with communities via code, events, and transparent communication.
- Implement robust governance with automated tools to ensure license compliance and security.
- Partner with InApps Technology for cost-effective open source solutions, leveraging Vietnam’s talent pool to support OSPO-like initiatives.
Read more about 3 Core Tenets of the VMware Open Source Program Office – InApps at Wikipedia
You can find content about 3 Core Tenets of the VMware Open Source Program Office – InApps from the Wikipedia website
VMware sponsored this post.
Editor’s note: This is Part Two of VMware’s three-part “Getting to Great” series on its Open Source Program Office.
In the first part of this series, we explored the rationale behind creating an Open Source Program Office (OSPO). For VMware, compliance, promoting community best practices and enabling an ethos of discovery and innovation comprise the VMware OSPO charter.
Compliance
Suzanne Ambiel
Suzanne is the director of open source marketing and strategy for VMware. She’s been with VMware since 2011 traversing, the company landscape: from VMware View to vSAN and now, Open Source.
“When it comes to licensing and security, everyone should be concerned over sporadic and spontaneous individual OSS contributions. For this reason, you regularly see OSPOs involved as a central point for establishing the guard rails around compliance,” Tim Pepper, VMware senior staff engineer, said. This applies to both inbound and outbound Open Source Software (OSS code).
For Dirk Hohndel, VMware’s chief open source officer, compliance is always top of mind. “How do you ensure that you understand what went into the software that you’re running? Who built it? Who authenticates that there are no malware components in there? Who is ultimately responsible for what it is that creates this infrastructure?” Hohndel asked in a InApps podcast “Why Container Security Has No Easy Answers.” There is a myriad of best practices that differ when developing in an OSS environment as compared with proprietary-only code production.
Further evidence of the commitment to compliance is Tern: an open source project initiated and maintained by VMware open source engineers, Nisha Kumar and Rose Judge. Recently contributed to the Linux Foundation’s Automated Compliance Tooling initiative, Tern helps developers inventory the contents of their container images, revealing often hidden packages and their metadata. Understanding what comprises a container better enables accurate license compliance.
For many, the starting point for an OSPO is compliance — and it’s a good place to start. But once established, consider expanding the charter to other areas — best practices, mentoring and innovation.
Community Best Practices
Rhonda Edwards
Rhonda is an open source marketer with a passion for innovative technologies contributing to the fourth Industrial Revolution. She is an electrical engineer by training. @rhondanet
The open source culture of “community collaboration” can run counter to established internal practices — for both technology as well as non-technology companies. It’s natural to want to “protect” your investments as they may lead to a competitive advantage. However, that’s not always true and in some cases, open sourcing technology can lead to faster innovation, widespread adoption and increased relevance.
Understanding how, why, where and when to contribute to and participate in open source communities is the key to success – and an OSPO can help you find that path to success. For Darren Hart, senior Director of the Open Source Technology Center, it starts with understanding why you are contributing to open source. “Engaging in the OSS communities of the projects you use allows you to improve the health and viability of the projects you depend on and better architect your code to work with upstream projects, minimizing the technical debt over simply forking them. You also have the opportunity to influence the direction of the project by contributing your use case, leading to more robust and generally useful projects.” Once you understand how your motivations align with others in the community, you can begin to learn how to collaborate. “Collaboration is a skill, learnable and learned, teachable and taught. Whether called developer advocacy, developer relations or community management, the gist is that this nuanced skill can be championed by the OSPO. Well-practiced, it can dramatically improve the quality of interactions a company’s staff has in open source communities,” Pepper said.
Doubling down, Mark Peek, principal engineer at VMware said: “While an open source program office is often asked for ‘yes/no’ answers on inbound or outbound open source questions, I don’t think that is its most important purpose. Really it is about teaching and educating around various aspects of open source such as best practices, working with communities, understanding licenses and other obligations associated with open source. This evolves the OSPO from being a gatekeeper to empowering the internal teams to know the right things to do.”
VMware’s OSPO provides processes, best practices and most importantly, mentorship for individuals who want to participate in and contribute to open source communities. From straightforward coaching to more complicated software architecture to tool and process development, the OSPO team helps to guide the conversation, choices and strategy. As you consider building an OSPO for your company, don’t overlook the powerful and positive impact this technical and strategic leadership can have on your teams.
Innovation and Discovery
An oft-quoted saying (Joy’s Law) in management and technical fields asserts that: “…no matter who you are, most of the smartest people work for someone else..” In that statement, Bill Joy expressed the desire to tap into the creativity and capabilities beyond a company’s employee payroll. He went on to state, “…If you rely solely on your own employees, you’ll never solve all your customer’s needs.” And that is the essence of open source — to reach beyond company boundaries to innovate and discover faster — to deliver better outcomes for everyone.
It’s important to note that participation and contribution to open source isn’t about charity or obligation. “Open source participation is a win-win for the company and the community…” Joe Beda, principal engineer at VMware, said. “This isn’t about philanthropy, it’s about the opportunity for all and innovation at speed.”
In a commercial space, products need to get to market and they usually have a sell-by date. Companies (revenue) can’t wait for ideas to sprout opportunistically from outside. “Product Management inherently operates on timelines that are different than speculative R&D and ‘scratching an itch’ that is often the early basis of open source projects. Alternatively, an OSPO team that can look at and engage in early open source ecosystem project trends can provide valuable input to both product teams and open source projects,” adds Pepper. An OSPO can give you a team dedicated not just to product but instead to community and open source granting freedom to explore beyond the constraints of a roadmap.
So how does VMware choose between open source and proprietary? It depends, but in every decision, both our customers and the community play important roles. Hohndel said, “Our approach has been that we provide the APIs, the open source components that our customers are interested in and tie it all together around a stack of proprietary software that we feel best serves the more high-end enterprise needs, whether it’s in storage, in complex networking situations or just in the scalability.”
In part three, we explore the awakening of the OSPO superpower and how companies, even those who are not in the software “business,” can begin to reap the benefits of OSS.
The Linux Foundation is a sponsor of InApps
Feature image via Pixabay.
Source: InApps.net
Let’s create the next big thing together!
Coming together is a beginning. Keeping together is progress. Working together is success.
