Skip to main content

Level 3: Contribution

At this level, an organization has established proactive practices for managing open source software. The organization has a comprehensive policy in place for managing open source software, and it is consistently applied across the organization. The organization has a comprehensive inventory of open source software in use and manages it effectively. The organisation will begin to contribute to existing open source projects that it finds strategically useful. That is, becoming part of the open source community.

Cultural Embedding of Open Source

According to The TODO Group arganisations will:

create such internal mechanisms as ambassadors who promote usage of approved OSS products, educational programs on good OSS hygiene, and technical training or tuition reimbursement for skill building and certification in OSS. With these initiatives, an organization can grow its use of OSS and amplify its message that OSS is not only important but desirable and preferable to proprietary software products.


At this level, individual employees may be contributing to the open source ecosystem as part of their job:

... organizations begin incentivizing their developers to work on OSS projects critical to their operations, to the degree that developers become highly active contributors or primary maintainers. To technology organizations, employing a contributor to a prominent OSS project is a valuable investment: most of their contributors to, say, the Linux kernel—the core component of the Linux operating system and the critical inter- face between computer hardware and software—are full-time employees (FTEs) whose job is to write code for Linux.

Further Reading

  1. The OW2 Open Source Good Governance Initiative refers to this level as the "Culture Goal", and talks about how individuals within the organisation will need to understand GitHub or other open-source repositories in order to begin contributing to open source projects:

    This Goal is concerned with developing an OSS culture that will help implementing best practices. It's about being part of the open source community, sharing experience. And being recognized. An individual perspective.

  2. The TODO Group's maturity model refers to this level as "Evangelizing OSS Use and Ecosystem Participation".

OSMM Level 3 Expected Activities

Making The Case For Contribution

Organisational change can be very hard to achieve since organisations are naturally protective of themselves and the status quo. Setting up an OSPO and beginning an open source journey will seem like a risky and dangerous proposition for many parts of an organisation.

Ensuring Open Source Compliance For Contribution

Contributing to an open source project from within a regulated firm is likely to contravene one or more policies. Staff who contribute to open source as part of their jobs are likely to be in breach of their terms of employment or likely to get disciplined. For this reason, in order to enable open source contribution, new policy needs to be written which creates space within the compliance landscape.

Open Source Contribution Training

It is generally preferable if an Open Source Contribution Policy can be enforced via tooling (so called policy as code). However, often policy will refer to behaviours and expectations of staff which cannot be controlled through systems. In these cases, training courses will be needed to help promote desired behaviours.

Surveillance Processes

This article looks at the best practices around surveillance (of communications) to enable open source contribution.

Publication Processes

This article looks at the best practices around publication (of code) to enable open source contribution.

Fostering Community Engagement

Within the Open Source Ecosystem, millions of projects exist and some of the projects are duplicate efforts. The open source community is vast and sometimes very hard to reach.

Building an Open Source Culture

Historically, employees in banks have faced challenges contributing to open source due to factors such as stringent regulatory environments, the sensitive nature of financial data, concerns over intellectual property rights, lack of internal policies or guidelines related to open source contributions, and a traditional banking culture that may not fully embrace the open, collaborative ethos of open source development.

Managing Open Source Talent

Managing talent in financial institutions is crucial because the quality, motivation, and expertise of their workforce directly influence the institutions' ability to innovate, maintain a competitive edge, comply with regulatory requirements, and ultimately drive financial performance and growth.