Creating An OSPO

[robmoffat]

No description provided.

[robmoffat]

@pcheong-lbg we should make sure we link to some definitions of the term OSPO from the TODOGroup (maybe quote them too). Also, sometimes it's called other things (https://osr.finos.org/docs/bok/OSMM/Level-2)

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: robmoffat / name: Rob Moffat (6fded0e, 2af7efb, 5062280, 88664e2, d016f5c, ba22fd9, 97f3cb0, 8fadf9d, 693bbec, 78a04a8, ecb72ad, a11251c, 847ea30, e00fc6f, 93d6b5c, efa09ab, 6ca36f4, 88f2f5f, a65b2c0, 9c449c7, 01d2671, f540202, 5c35bc5, 3dce471, d904bee, 7c56918, 1e5d511, 586a851, f95ceda, 00a958a, a4bf32b, 15bba2c, 4ee38e4, 8d414fd, 64eed44)
• ✅ login: pcheong-lbg / name: Pooi Cheong (f35c26b, 9fe741d, a5d9e7c, 4b6cd19, 76d71f3, 7eafb3c)

[robmoffat]

Hi @pcheong-lbg,

Did you have a chance to check @TheJuanAndOnly99 's link above?

thanks,
Rob

[robmoffat]

Hey @pcheong-lbg ,

Are you ready to get this reviewed? It would be nice to have it in the body of knowledge as there are a few bits of work coming through that build on top of this.

(nb, it doesn't stop you or @aronya-roy-lbg raising a further PR for anything else you want to add)

cheers,
Rob

[robmoffat]

Implements:

• Metrics in Open Source Software development #110

[psmulovics]

• where should an OSPO live - companies might not want it to be rooted in CISO/security, rather under CTO. "You do not want your OSPO to be associated with security issues" - @BrittanyIstenes
• creating an ospo - urgency - level or representation is important as a competitive item, e.g. other fintech is already having an OSPO and operating on a higher level

[robmoffat]

@vickiychung added your content into this:

https://deploy-preview-119--open-source-readiness.netlify.app/docs/bok/Activities/Level-3/Culture

Also expanded greatly on the metrics, breaking into different categories:

https://deploy-preview-119--open-source-readiness.netlify.app/docs/bok/Measurements/Introduction

@aronya-roy-lbg would love to know if you have anything to add?

But otherwise this feels good enough to publish for me.

[psmulovics]

• where should an OSPO live - companies might not want it to be rooted in CISO/security, rather under CTO. "You do not want your OSPO to be associated with security issues" - @BrittanyIstenes
• creating an ospo - urgency - level or representation is important as a competitive item, e.g. other fintech is already having an OSPO and operating on a higher level

Were these two items taken into consideration now, @robmoffat ? If they are, I haven't found them yet :D

[robmoffat]

no sorry, I've not addressed those yet :(. sorry

[robmoffat]

addressed now

[robmoffat]

@psmulovics can you take a look and see if you're happy with the changes here?

[psmulovics]

@psmulovics can you take a look and see if you're happy with the changes here?

Perfectly, thank you!