The open source movement, which began as an effort to ensure programmers had the freedom to modify and redistribute source code to support and learn from each other, is now a catalyst of innovation and business success. It’s in every corner of the tech stack, from computing and storage to powering web, mobile, generative AI, and blockchain experiences. For example, 68 percent of survey respondents report that open source is a “very important” or “mission critical” enabler of digital transformation initiatives, according to Forrester.
In the financial services industry, 78 percent of companies in a recent survey report increased value from open source, according to the Fintech Open Source Foundation (FINOS).
“Open source is critical,” says Tim Klever, vice president of developer experience at American Express, where it’s an integral part of mobile, web, cloud, database, and machine learning applications. “We use it anywhere, everywhere, all the time, and every day, safely and responsibly. In every layer, open source is there.”
Stronger, Faster, Less Expensive
The open source ethos is one of collaboration and continuous improvement. Code is freely shared, studied, and modified. That approach may have panicked an earlier generation of business builders who kept proprietary programs in a vice grip. But many now see the ability to pull in field-tested software for specific needs as a path to flexibility, cost savings, and quicker innovation.
Open source has proven to be an efficient vehicle that’s able to rapidly respond to new business opportunities—such as the enthusiasm around artificial intelligence—by often producing faster, cleaner, and more solid code in short order. A strong user community can provide support and solutions to common issues that lead to quicker bug identification and feature enhancements.
A thriving open source program office (OSPO)—a hub where open source is managed, grown, and supported inside a company—also attracts tech talent. Many believe the ongoing tech talent shortage is the most significant barrier to the adoption of emerging technologies. “Developers are an essential but limited resource,” Klever said. “With our OSPO, we are building a place where developers want to be.”
Building an Open Source Program Office
Because of this rising popularity, many organizations want to create an OSPO. According to research from the Linux Foundation, 66 percent of organizations have an OSPO, a 32 percent increase over 2022. Moreover, 72 percent of companies that are planning an OSPO or open source software initiative plan to implement it within the next 12 months.
While the need to create an OSPO is clear, how companies should do it is not.
The experience at American Express provides valuable lessons. What started as a small summer project seven years ago has grown into a flourishing community of open source users and developers—the company now has more than 500 developers who regularly contribute code to the larger open source community, and in aggregate average six submissions a day.
Along the way, American Express identified five key ways to responsibly grow open source work and usage.
1. Start With a Purpose
Amex began organizing its open source activities in 2017, led by a small group of passionate developers. Over the next year, they formulated a simple goal to rally people. The emphasis was on making “socially responsible” contributions, which are contributions to third-party projects that can be used internally, but also provide value to the open source community as a whole. They defined these social contributions and set up parameters on where and how each developer would contribute. A well-defined and attainable goal of achieving one socially responsible contribution per year enabled the company to build mutually beneficial relationships with open source communities. “It’s a way of both showing off our talent, as well as giving back,” said Klever. In 2023, Amex developers made 2,288 socially responsible contributions to 520 open source projects, up from 1,252 contributions to 471 projects the previous year.
2. Create a Great Developer Experience
Build the infrastructure and atmosphere to support an inclusive developer community where it’s easy, productive, and safe to consume and contribute. “Create an experience that’s enjoyable,” Klever said. Videos, in-person presentations, internal developer conferences, and an online toolbox, for instance, show how easy it can be to contribute. The OSPO also culled data from GitHub APIs to quickly display projects that have good first issues for new developers to contribute to, such as documentation or enhancements. An internal website provides easily viewable visual representations of where developers are focusing their energy. American Express also runs “open source days,” giving developers a break from their regular workday to contribute to open source.
3. Contribute Securely and Responsibly
Open source spans many facets of an organization, so it’s important to build internal alignment. The OSPO within American Express unites the internal developer community with security and legal representatives. Together, they hammer out policies and procedures around the safe use and management of open source projects and appropriate interaction with open source communities. Legal oversight seeks to protect the company’s intellectual property and manages obligations imposed by open source licenses. Security team members take steps to help ensure that open source integration doesn’t expose the company to exploitable vulnerabilities. Automated scanning tools are leveraged to proactively block vulnerable components and code with license violations, while open source contributions are also manually scanned for internal or sensitive information. A software bill of materials (SBOM) is generated for open source components during a build to allow further visibility and mitigation of software supply chain security risks.
4. Build a Supportive Culture
Celebrate high-five wins to create a culture of shared experience and momentum. American Express gamified the OSPO with an internal website that features a leaderboard detailing contributions, including the top 25 contributors. The chief information officer and the chief technology officer give shout-outs to standout performers, and the OSPO regularly tags and recognizes contributors and their teams on an internal blog. An internal annual report further showcases the work of open source contributors. In addition, the company supports a technical career path that elevates open source specialists and other distinguished engineers who work in strategic areas. The OSPO’s most popular ritual is rewarding developers with a series of custom coins for making socially responsible contributions. In 2020, they started minting and distributing coins, which developers love and proudly display. In 2023, they created streak coins for recognizing socially responsible contributions for developers who contribute for three, five, and seven consecutive years—and the leading developer is on a 12-year streak.
5. Engage the Wider Open Source Community
As open source efforts matured in the company, American Express joined various industry organizations. Today it supports community pillars such as the Linux Foundation, the Hyperledger Foundation, the OpenJS Foundation, the Cloud Native Computing Foundation, and FINOS. These memberships help the Amex OSPO stay on the cutting edge of the technology. They also give developers opportunities to take on leadership roles and steer the community in a positive direction. As another way of supporting the community, Amex funds top projects that align with its strategic objectives by sponsoring developers who maintain code repositories.
Creating an Ecosystem of Innovation
Open source technology has made the world a better and more productive place. A well-run OSPO offers organizations an on-ramp to capture the open source advantage, providing a fast-track to business innovation, while also nurturing the wider community. “The companies that quickly turn developer creativity into business success are going to be the companies that win,” said Klever.
This content was paid for by American Express and produced in collaboration with WIRED Brand Lab.
