Debricked’s participation and contributions to open source and software organizations

Author avatar
by Debricked Editorial Team
2020-10-29
5 min
Debricked’s participation and contributions to open source and software organizations

Collaboration is the backbone of Open Source. The more the merrier! As a company, we are not only trying to create a product that will help with securing open source, but also taking part in the development of new standards, best practices, and ideas within the vast arena that Open Source consists of today. 

Carl-Eric Mols, probably our one employee who is the most excited about the benefits of open source and collaboration, agreed to tell us a little more about how Debricked works with organizations such as the Linux Foundation and the ToDo Group. 

In this post, we will go through within which organizations Debricked is active in, and what we do and try to achieve through those.

Who is Carl-Eric? He is one of our more recent recruitments and what I like to call an open source strategy enthusiast. Read more about him and how he ended up at Debricked here

Debricked and the Linux Foundation

About a year ago, Debricked got the opportunity to become member of the Linux Foundation. Everyone who is active within Open Source knows what the Linux operating system has meant, and continues to mean today, for the world of Open Source software. 

Linux Foundation was founded in the year 2000 with the general aim to support open source communities and projects, though in the beginning with just the Linux OS itself. The idea was to provide training, financial support and intellectual resources, with the goal of improving the ecosystem. 

But as the governance model and way of collaboration was found to be an attractive one for other Open Source projects as well, the scope for the Linux Foundation has today expanded way beyond the original. Today the Linux Foundation is engaged in disparate technology areas such as cloud, AI/ML, software for energy systems, automotive, etc, to the extent that the Linux Foundation should really be renamed to the ‘Open Source Foundation’. 

At Debricked we use a lot of open source in our own product development, and we believe like most other people in the world of software, that open source is the only sane alternative when developing in a modern way. Therefore, supporting the possibility of good support for open source projects and communities is very important to us. That made the decision to join the Linux Foundation very easy.

As of now, Debricked is not that active within the Linux Foundation at large, but we have recently started becoming more active with the groupings formed under the Linux Foundation umbrella, such as the ToDo Group and the Open Source Security Foundation.

Debricked and the ToDo Group

In the infancy of the Linux Foundation engagement came very much from independent and freelancing developers who used their spare time to contribute to the development of Linux OS. Those days are however long gone, nowadays contributions are almost exclusively made by companies and their employees who see the benefits of sharing the development in an Open Source manner.

With that, it raised a need from companies to understand and share the best practices in governing Open Source engagements within the companies such as how to train employees in the implications of Open Source licenses, how processes for contributions should be handled while protecting Intellectual Property owned by the company, etc. or in other words, how to form Open Source Programs.

The ToDo Group was formed in 2014 by Linux Foundation members with precisely the purpose of sharing these best practices in managing and governing Open Source from an enterprise perspective. Some years further on a few ToDo Group members based in Europe decided that a European chapter should be created for facilitating the collaboration among European companies. 

Debricked’s Carl-Eric Mols is a participant of the ToDo Group Europe since its start in early 2018. As he has for many years been researching and developing a program for how enterprises can manage open source in an effective way, the move of him joining the ToDo Group Europe was a perfect match. 

“A lot of companies view open source as just free software. It is, but there’s much more to it. Although some companies do contribute back, it’s rarely done in an organized way or with a business strategy in mind. Therefore, it doesn’t lead to the intended impact, neither in improved productivity of engineering nor in extending the business opportunities.”

So, what makes Todo Group Europe different from its precursor? Carl-Eric puts it like this:

“The original grouping very much emerged from the software-intensive companies of the US West Coast which have slightly different prerequisites than the software-intensive industry in Europe who are mostly based on age-old industrial roots.

Europe doesn’t have a lot of digital tech giants, as the US does and nowadays China as well, but instead, we have what I like to call the ‘tech titans’, aka the large companies rooted in more traditional industries such as telecom and automotive, often under regulatory conditions.

Unlike what many might believe, these industrials are already largely software-intensive ventures and have largely introduced software practices such as Agile development. But they also need to advance and start to talk about the challenges when it comes to Open Source as well – because as it says, ‘If software is eating the world, then Open Source will chew it up (and swallow)’! (Adrian Bridgwater, Forbes)

Part of their work the ToDo Group Europe recently released a whitepaper, where Carl-Eric was one of the contributors. The whitepaper goes by the name “Why Open Source matters to your Enterprise”, and is an overview of what benefits, as well as downsides, businesses might face when using open source in their development. 

“Having the slightly different prerequisites for the European scene in mind, we made the choice to highlight two very European industry sectors where Open Source is making inroads right now: the Automotive industry and the emerging technologies for Smart Cities.

The Automotive industry is a great example of an age-old industry where you can observe a massive transformation toward software-intensive development and the sector where you can expect that Open Source will make the next big win.

Smart Cities on the contrary represent a brand new technology sector where Europe actually has the leading role in the world, where Open Source is present everywhere and is also backed by European Union initiatives.

We hope that with those two examples, one from an age-old industry and one brand new, we can inspire a wider adaptation of Open Source within the European industry”, Carl-Eric continues. 

Debricked and Swedsoft

Carl-Eric’s thoughts on what open source means to industrial companies can also be found within the Industrial Open Source Network, which is a chapter within the Swedish software interest organization Swedsoft. 

Swedsoft has a general goal to increase the impact that Swedish software has on the world, and the Industrial Open Source Network is a way of increasing the Swedish industry adoption of Open Source. The network is open for companies and academia who wish to learn more about best practices on open source governance through meetings, seminars and materials that IOSN provides.

On the latter, the basis for chapter’s knowledge transfer is the book  “Principles for Industrial Open Source”, which Carl-Eric authored together with research colleagues from the EU research project ITEA SCALARE. In all, IOSN is unofficially seen as the Swedish arm of the ToDo Group European Chapter.

Debricked are members of Swedsoft since the beginning of 2020 and are through Carl-Eric and IOSN trying to make an impact on the adoption of Open Source within the Swedish industry. 

Debricked and the Open Source Security Foundation

Lastly, we would like to say a few words about the latest organization Debricked has joined: the Open Source Security Foundation (OpenSSF). OpenSSF was founded as late as in August 2020 by a set of large companies with high open source adoption and maturity, with the purpose of increasing the security of open source. 

The idea is to build a community consisting of working groups, who will develop best practices for tooling, metrics and other aspects to consider when it comes to using open source securely.

Debricked happily supports and welcomes this initiative, which is why we decided to join OpenSSF as one of their very first members. We see ourselves to foremost get involved in the Vulnerability Disclosures, Security Tooling and the Security Best Practice working groups, all where we think have good portions of insights to share.

“Collaborating with other actors, companies and organizations is key if we want to improve processes regarding software development and open source. We are very excited to see how we can contribute!”, says Martin Hell, security specialist at Debricked.