In the service portfolio analysis, a list of services usually offered by the OSPO is described and clustered in five different categories. Organizations can use the template provided to identify currently offered services and plan to-be services according to their customers’ profile and internal expertise. Initially, a limited number of services can be available at the organization’s level. We provide a downloadable template and a FigJam file as a collaboration tool to speed up the process of planning the OSPO offer.
Management
IP management strategy services
Defining legal IP strategy and policies
The goal is to support the definition of an IP management
strategy for the 3Os involving different functions/departments
in organisations.
Due diligence for open IP
Due diligence for the use of 3Os based on the collection and
analysis of the licensing models applicable to the organisation's
products/processes/services.
The Free and Open Source Software Analysis (FOSSA) Compliance
tool is useful to identify and manage open source licenses and
compliance obligations within a software project. This tool
provides automated scanning of software dependencies to ensure
that they comply with licensing requirements and policies.
Metrics and Reporting
OSPO provides tracking and reporting methodologies on open
source usage, contributions, and compliance metrics to measure
the impact of open source programs and inform decision-making.
Examples of services may include:
OSPO Governance
OSPO is involved in creating and enforcing policies and
procedures related to open source usage, contribution, and
compliance within the organization.
The governance framework established by an OSPO helps ensure
that open source projects are managed effectively, risks are
mitigated, and legal compliance is maintained. This can include
guidelines for code contributions, licensing requirements,
intellectual property management, and community engagement.
FOSSA provides template to create licensing policy according to
the type of code distribution.
Technology
Engineering and product development support services
Bill of materials (BoM) for open software/hardware/data
The good governance of open IP starts with the collection of
information of which are the actual IP assets in the
organisation.
The BOM provides a detailed overview of the components,
dependencies, licenses, and resources associated with the open
software project. It helps in ensuring compliance with licensing
terms, managing dependencies, addressing security
vulnerabilities, and facilitating collaboration among developers
and contributors.
FOSSA provides guides and tools for the correct use of SBOM.
Coordination with communities
Community contribution is strategic for the creation of new
projects. It is important that OSPOs could support knowledge
generators in understanding community processes and adapting
their approach. Moreover, OSPOs could contribute in supporting
awareness raising about the new projects and therefore in
soliciting participation in development activities.
One-on-one advising sessions for guidance on licensing
Collaboration on 3Os often starts from single knowledge
generators that are interested in collaboration on specific
projects. It is important to support these persons not only in
understanding and evaluating the licenses, but also in preparing
feasibility studies for management bodies.
Software disclosure procedures
Software disclosure is a relevant step in valorisation of research
results. This step should enable the knowledge generator to
provide indications on the possible future impact on the field
of research, on the societal value of the result, and on the
possible opportunities for funding, visibility and investment
that could be leveraged by adopting the 3Os licensing models for
the IP assets.
Mapping of relevant 3Os projects
OSPOs could map and monitor projects that could be relevant to
the organisation’s mission with the aim of identifying the most
promising ones. This could prepare the organisation to plan
strategically and contribute effectively to them.
Security
Security-related services
Cyber security of the 3Os
Security, quality and vulnerability monitoring of inbound IP is a
relevant issue for the security of products, particularly
software. OSPOs could monitor and submit requests for updates
of the 3Os projects based on software bills of materials,
tracking updates and major issues arising in the inbound IP, and
taking prompt action when security issues are highlighted.
Security Concerns
The OSPO can work closely with the security team to identify and
address security vulnerabilities in open source software used
within the organization. This may involve monitoring security
advisories, conducting security assessments, and implementing
security best practices.
Vulnerability Disclosures
The OSPO can establish processes for coordinating the disclosure
of security vulnerabilities in open source projects. This
includes working with upstream projects to report
vulnerabilities, coordinating with security researchers, and
ensuring timely patches and updates are applied to mitigate
risks.
FOSSA Security helps in identifying and fixing security
vulnerabilities in open source components used within a project.
This tool provides continuous monitoring and alerts for security
vulnerabilities, helping organizations to proactively address
potential risks.
Secure Coding Practices
The OSPO can promote secure coding practices by providing
training and resources to developers on writing secure code,
following security guidelines, and using secure development
tools. This can help prevent security vulnerabilities from being
introduced into software during the development process.
Environment
Communication and social engagement services
Communication and 3Os project collaboration
As previously said, projects released with 3Os licences that do
not benefit from community contributions and support are going
to reach only a fraction of their potential value for the overall
ecosystem and the organisation. This aspect has implications on
the overall quality of the project from maintenance, new
developments and security.
OSPOs could play an important role of facilitating communication
and collaboration by participating in sectorial events, community
meetings and creating communication strategies on social media
or events planning.
Community engagement
OSPOs could attract developers, other organisations or
individual experts by organising events and community meetings
in order to present 3Os projects, discuss future development
strategies and increase the level of engagement with the
community.
Liaising with external stakeholders and creating partnerships
Successful 3Os projects may be willing to establish partnerships
or consortia. OSPOs could support organisations in mapping and
identifying these partnerships and represent the organisation in
matching them with partner organisations.
Promoting industry engagement
Companies and relevant stakeholders that could support 3Os
projects may be incentivised to join the initiative in order to
reach different markets or sectors for the project. Activities
related to open innovation best practices - such as innovation
challenges or hackathons on 3Os for example - could be organised
or facilitated by OSPOs in order to engage the private sector in
different projects and start to get to know the communities.
Skills
Human resources services
Awareness and training on the 3Os
Training is a crucial point of the participation of organisations
in 3Os projects. Organisations need to have a common view of the
basic concepts behind the 3Os across organisations.
Basics of legal compliance in 3Os
Companies need to build capacity on best practices in 3Os
licensing. Training on the topic, similarly to traditional IP
management, should establish common ground for organisations and,
in particular, for innovative companies. Building knowledge
about the compliant use of 3Os, inbound and outbound licensing,
reuse of software, licence compatibility, and valorisation
strategies is an essential part of the training portfolio.
Definition of contribution teams
Because of different pace and business logic among companies and
communities, it may be difficult to establish a collaborative
environment if the division between company development
functions and employees that work on the 3Os is not clear in
terms of roles, budget, time management and ownership over
contributions. In this sense, OSPO could support the
identification of best practices to be implemented in the
organisation and suggest strategies to the management.
Open Hardware
Services related to open hardware projects
Open Hardware Projects
OSPO can link to or host Fab Labs to serve as hubs for open
hardware projects, where individuals can collaborate on
designing and prototyping open hardware products. The open and
collaborative nature of Fab Labs aligns well with the principles
of open hardware, allowing for the sharing of designs and
knowledge among community members.
Manufacturing Services
OSPO can create link with companies that offer manufacturing
services for open hardware products. They may specialize in
small-batch production, on-demand manufacturing, or provide
guidance on mass production.
Consulting and Design Services for Open Hardware
OSPO can provide consulting and design services for open
hardware projects. They can help with product design,
prototyping, and manufacturing.
Open Data
Services related to open data management and strategy
Data Management Training
OSPO can offer training programs and resources to help employees
understand best practices for managing and publishing open data.
This includes data cleaning, formatting, documentation, and
metadata creation to ensure that data sets are well-organized
and easily discoverable.
Data Publishing Platforms
OSPO can help setting up data publishing platforms or portals
where organizations can host and share their open data sets with
the public. This includes creating user-friendly interfaces,
search functionalities, and APIs to facilitate data discovery
and access.
Data Quality Assurance
OSPO can help implementing data quality assurance processes,
such as data validation, verification, and monitoring, to ensure
that open data sets are accurate, up-to-date, and reliable for
use in various applications and analyses.
Data Privacy and Security Compliance
OSPO helps ensuring that open data initiatives comply with data
privacy regulations and security standards. This includes
implementing data anonymization techniques, access controls, and
encryption measures to protect sensitive information while
promoting data openness.
Data Licensing Guidance
OSPO can provide guidance on data licensing options, such as
Creative Commons licenses or open data licenses, to enable
organizations to share data in a way that encourages reuse and
collaboration while protecting intellectual property rights.
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More