Establishing an OSPO is 'the next big evolution of the tech workplace'

Outside venue stage of GitHub Universe 2022

One of the core trends for the future of software development will be the growing establishment of open source programme offices (OSPOs), according to GitHub.

OSPOs will be responsible for nurturing the relationship between organisations and open source communities as reliance grows on the tools developed by often-unpaid, passionate programmers.

Establishing an OSPO was one of the three key trends in the software industry identified by GitHub in its annual Octoverse report published at its yearly Universe conference taking place this week.

By the open source platform’s estimates, around 30% of Fortune 100 companies already have a robust OSPO working in their ranks. The figure is growing and is expected to be a significant area of growth over the next five years.

The responsibilities of an OSPO are numerous, one of which relates to compliance with open source licenses and also the responsible consumption of open source technology more generally.

“I used to work at Microsoft and my line was always: "You can't expect the community to respect your licence if you don't respect theirs"," said Martin Woodward, VP developer relations at GitHub to IT Pro.

“So you need to, as an organisation, especially if you're in a bank or insurance company, you need to make sure you've your compliance is tight, and so that's why OSPOs are increasingly important.”

OSPOs will also help foster a mutually beneficial relationship between the organisation consuming an open source library and the open source community that maintains it.

Organisations’ and private sector companies’ reliance on open source is growing, said Woodward, and if a large consumer such as a big organisation doesn’t contribute back to the community, the value of the open source code diminishes.

This is because when code is taken from a library by an organisation which then uses it and develops on top of it, but doesn’t contribute back to the project itself, then the organisation diverges from what the community is doing, making it more difficult to ingest the latest code from the open source community.

The final main responsibility of OSPOs will be to also promote innersource methodologies within in-house software development teams.


Data governance and privacy for data leaders

Create your ideal governance and privacy solution


Innersource refers to the practice of adopting open source-style ways of working on projects that aren’t inherently open source. Innersource workflows are deployed to break down silos within an organisation and promote wider collaboration between different teams.

Woodward’s main advice to businesses looking to establish an OSPO was to first find someone who is passionate about open source development, which he said shouldn’t be a difficult task.

“If you go talk to any bank, or any IT company in the UK, there are people who want to do this at the [individual contributor] level and they just need somebody to organise, somebody to build a community, and they can make it be a grassroots thing,” said Woodward.

He went on to say that cultural change relating to open source within an organisation will start to develop when top-down permission is granted to those who want to kickstart a bottom-up revolution.

The role of commercially-backed open source projects is also contributing to the growth of the open source community more generally, GitHub said.

The company’s Octoverse report revealed that commercially-backed projects such as Microsoft’s VSCode integrated developer environment (IDE) are playing a significant role in attracting developers to open source contributions.

GitHub’s data showed that 50% of first-time open source contributors did so on commercially-backed projects.

Woodward said that this only works when these large companies have their engineers “working in the open”. In doing so, open source contributors are more likely to contribute to feel part of a wider community, an important incentive to try open source development for the first time.

“By doing that, what we see is the communities that grow around them are typically ten times the investment of people that [the large companies] put in, but it only works if they actually have their engineers working in the open,” he said.

The rising development for infrastructure as code (IaC) practices across GitHub was also identified as a key growth area for the coming years, thanks to HashiCorp Configuration Language (HCL) showing the fastest growth for a programming language in the past year.

IaC refers to the management of physical infrastructure through coded configuration files, rather than through manual methods such as setting up and placing servers by hand.

HCL is the language used for Hashicorp’s Terraform tool which has become increasingly popular for developing IaC practices.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.