Defining Certifications for Open Source

FOSSBazaar is no longer being updated. The information on this site is preserved for your convenience but may be out of date. Please visit Linux Foundation's Open Compliance Program for current information and activities.

chs's picture

My company has recently launched an Open Source Certification service and I wanted to discuss why we think it provides real benefits to our customers. The way we design this program allows the certification to be a watermark for organizations that have led or are leading Open Source projects both behind and beyond their firewall. Ultimately, this certification can be awarded to entities whose operations or business model fully integrates Open Source.

Awarding certifications to customers can be tricky. You can fall in the trap of dilution, which essentially amounts to diluting the value of your expertise and your trademark by granting certifications too easily. You can also miss the fine line by essentially forbidding your customers to certify at any level by treating them like experienced hackers or community leaders.

With that in mind we settled for two types of certification: One that is focused on Open Source projects' processes and another one that considers the global role of the customer's organization vis-a-vis Open Source. This last one, called "Aperta Enterprise Certification" revolves around projects' governance and the active participation of the customer inside Open Source or its effort to define a sustainable corporate strategy on Open Source.

What this certification is not, however, is an award for Open Source Advocacy. Rather, it attempts to check whether certain specific criteria identifying Open Source methods and processes have been followed and wether the customer has decided to determine a corporate strategy involving Open Source in a productive way.

So we have two distinct levels of certification and the way these two levels have been designed essentially amounts to the difference between a "simple" contributor and a "leader".

The first level covers the basics of project management: Setting up mailing lists, have a source code repository, choosing the license, etc. This certification also covers the rationality of the whole project: Who gets to do what, why and how. If a customer has not qualified for this certification level (even the entry certification level) then it is fair to assume that the project covered is not Open Source.

The second level starts by analyzing the whole set of software development projects the customer is involved in, and studies its general approach to Open Source. Most importantly, it also covers the customer's governance of Open Source projects and how well it has defined and executed its Open Source strategy. For instance, the customer's strategy will have to prove relevant in the context of the general corporate strategy of the customer, it will have to show that the engagement of the customer with the Open Source community is indeed effective, real and sustainable. It will also check whether this strategy receives a reasonable amount of support inside the organization and if the resources committed match the strategic requirements.

Last but not least, the Enterprise Certification's ultimate goal is to distinguish organizations who have embarked in an innovative and sustainable strategy on software development and I.T. There are many ways to engage with Open Source, but only a few can prove beneficial for an organization and its ecosystem at large.