Open Source Software – Shape your digital future

Open Source Management Benchmarking & Optimisation

Some Open Source Compliance Management System experience a massive backlog of curation, clearing, and approval activities, caused by inefficient processes and lack of resources. Solving these problems PwC consults you on your already established Management System regarding the optimisation of workflows, introducing risk-based approvals, use case driven reuse, lean processes, and tailored tooling.

• Onsite capturing of your current maturity in all OSS compliance processes, tooling, and your current degree of automation
• Risk-based approval strategy defined for certain use cases or distribution channels to free up your resources and focus manual efforts on sensitive use cases (e.g. via easy flowcharts for internal use for R&D only)
• Ease up existing process flows through standardisation of form and necessary information, exemplary through the creation of document templates for processes and their inputs (e.g. OSS self-assessment and usability check)
• Creation of guidance documents for (legal) OSS license requirements (e.g. OSS License Charts, license compatibility chart)
• Selection and implementation of Software Composition Analysis (SCA) tooling for code scanning regarding compliance and security as well as Software Asset Management (SAM) tools for the optimal solution to administer your software in use

Open Source Security Optimisation

Open Source Software usage exposes you to security risks as every other software does. Knowing which Open Source Software components are used and build into, and distributed with your device or solution is key for identification of related security risks. Security risk may range from quality flaws in the code and CVEs, to business continuity risk of OSS projects, or infiltration for components with unclear provenance.

• Assessment of your status quo in managing Open Source Security and report on identified weaknesses
• Benchmarking against The Linux Foundation’s OpenChain Security Assurance Specification
• Design and implementation of instructions, policies, safeguards, responsibilities, and processes for your Open Source Security Management
• Establishment of Security Toolchains to securely use inbound Open Source Software, e.g. via automated CVE scanning tools

Open Source Strategy and Enablement

Not using Open Source Software or using it unmanaged not only cuts off from tremendous benefits of OSS but also imposes risks, which can be mitigated with a clear OSS strategy and management system. To bring your Open Source Software interaction on track, PwC provides all the necessary help for developing a solid strategy to build upon.

• Identification and analysis of company-specific OSS opportunities, challenges, and status quo of OSS usage
• Identification of the resulting application-specific OSS risks and definition of risk appetite
• Definition of strategic OSS focus areas (e.g. specific business areas, application scenarios (Use, Contribute, Create), strategically relevant OSS communities, development alliances, Inner Source)

Open Source Program Implementation

Having an Open Source Strategy and Policy does not unfold its maximum potential if it is poorly implemented. Benefit from the experience of PwC experts to successfully implement an Open Source Program starting from zero to a fully functional cross-division Management System including all necessary processes and tools.

• Definition of all necessary policy aspects regarding exemplary: releasing code, accepting and committing contributions, internal consumption of inbound, and compliance, license and obligation management
• Establishment of all necessary Open Source Processes e.g. inbound software usage, contribution to existing projects or the release of new projects
• Phased rollout over one department at a time including selection of candidates / business units for pilot introduction
• Allocation of roles to your personnel according to their competencies for a sustainable management system, if applicable definition of necessary competencies for your recruiting

Inner Source

Inner Source, the application of Open Source software methodologies and culture within an organisation, leads to the unleashing of the great potential of cross-organisational collaboration, reuse, interdisciplinary excellence, quality, commitment, and motivation. PwC helps to analyse, plan, develop and rollout your individual strategy towards Inner Source. But it’s not that simple. Who owns the source-code cross-entity developers contribute? What about transfer pricing, security, and corporate espionage?

• Analysis of stakeholders, organisational structures, legal boundaries, benefits and challenges for Inner Source, and drafting of an Inner Source Strategy 
• Planning all necessary processes and infrastructure to enable Inner Source benefits (e.g. internal code and artifact repository, issue tracker)
• Developing all necessary governance around the internal code repository (e.g. policy and rules, terms of usage, code of conduct)
• Definition of all necessary roles and competences to handle Inner Source project management, if necessary, provision of complete training material
• Onboarding your personnel on the new Inner Source Strategy (e.g. training and guidance on new processes incl. CI/CD practices)