The Open Source Maturity Model
The Open Source Maturity Model (OSMM) is a framework that helps organizations assess and improve their use of open source software. The primary purpose of the OSMM is to provide a structured way for organizations to evaluate their open source practices and identify areas for improvement. The model consists of a set of maturity levels, each with a defined set of characteristics and activities that an organization must achieve to move to the next level.
Why Have an Open Source Maturity Model?
- The OSMM framework can help organizations to better understand the benefits and risks of using open source software and to establish policies and procedures to manage these effectively.
- The model can also be used as a tool for benchmarking an organization's open source maturity against that of other organizations in the same industry or sector.
- The OSMM can provide guidance to organizations on how to improve their open source practices and to align these with their overall business objectives.
- The ultimate goal of an OSMM is to enable organizations to maximize the benefits of open source software while managing the associated risks and costs effectively.
- Since there are lots of Activities in this body of knowledge, the maturity levels provide some guidance about the order to tackle activities. Organisations beginning their open source journey are advised to start with activities categorized as Level 1 and proceed from there.
Existing Maturity Models
There are two pre-existing published open source maturity models at the time of writing which are both fairly similar. The OSBOK attempts to synthesize these into a single whole:
In December 2021, The OSPO Alliance published on the OW2 site the "OW2 Open Source Good Governance Initiative which is a 5-level maturity model
In February 2022, the TODO Group (a sub-foundation of the Linux Foundation) published "The Evolution of the Open Source Program Office (OSPO)" describing a five-level OSPO maturity model (Stages 0-4) based on its work with Bloomberg, Comcast and Porsche.
Fortunately, there is common agreement between these two models about what practices are expected at each level. Here, we adopt a 1-5 numbering scheme as this is more consistent with the original and most well-known maturity model, CMMI.
The Five Levels
Measuring Levels
Each level of the Open Source Maturity Model corresponds to a different set of activities. And, each activity is associated with a single maturity level.
This means it is possible for an organization to be making progress on multiple levels at the same time: they might be performing all of the activities at Level 1 and Level 2 and some of the activities of each of levels 3 to 5.
Only by completing all the activities at a given level and the levels below can an organization be regarded to be operating at that level. (Unless there is some convincing reason for omitting to perform a given activity.)
FINOS OSMM Survey
The FINOS OSMM Survey can be answered in different ways: as an individual, a function or the whole ation. The survey aims to:
- Establish which activities the respondent is performing.
- Provide a maturity level corresponding to these activities.
- Give suggestions to the respondent about which activities need further work to move to a higher maturity level.
NB: The FINOS OSMM Survey is currently in beta. Feedback on this would be greatly appreciated.