2022 Community Roadmap

[vmbrasseur]

Continuing the discussion from today's call.

What would the community like to accomplish this year? Some of the ideas that came up during the call:

• Defining industry personas and what OS maturity means to each one of them
• Drafting talking points about the OSMM from the perspective addressing these personas
• Finding points of collaboration with other communities like TODO Group, CHAOSS, OpenSSF, etc

Additional ideas are in the notes from the call.

All of the ideas we come up with should take into account the unique constraints of FSIs (regulatory landscape, etc) and also security.

What resources would be useful for you and your company to have? What resources do you wish had existed when you started working with FOSS in your FSI? How can we as the SIG help other orgs improve their open source readiness?

Please share your ideas!

[gravax]

How about:

• Identify and list events for FINOS to present its activities in

[Julia-Ritter]

@mcleo-d For visibility 👍

[mindthegab]

At high level, I think the group should be an engine to identify shared, financial services specific, challenges to open source participation from financial institutions, prioritize them and then foster the creation of projects that address them.

If I think at the SIG responsibilities within the broader Open Source Readiness Initiatives (FINOS' bread and butter), here's my input (with contributor hat on, and ED hat off) - hope this helps:

• Prioritizing common areas of challenge for financial institutions in progressing through the OS maturity model
  • Through prioritization of a backlog (e.g. github issues) at SIG meetings
  • Processing output of the OSMM survey responses FINOS receives
  • Through real-life findings FINOS can feed in (e.g. Member XX cannot use DCOs, Member YY can’t access github, etc)
• Explore and develop regulators role in the Open Source maturity of the industry, in conjunction with the Reg SIG
  • Between this discussion on the list and this github discussion I would think that consolidating a shared list of common regulatory requirements folks are concerned about - and then mapping to existing solutions (or start open sources project to address them) could be a key item in the SIG roadmap this year.
• Support the definition and evolutionj of a truly industry-wide OSMM
  • Provide / solicit ongoing Feedback and validation of OSMM ahead of FINOS OSMM launch
  • Participate and amply FINOS OSMM launch
  • Promote participants and adjacent communities to take the survey
  • Propose training / certifications to strengthen the value proposition of OSMM for all constituents
• Promote the importance of OSR in FSI and create proven-to-be-successful solutions
  • Produce case studies of how FSIs are successfully moving through the OSR journey
  • Source speakers and content for FINOS OSR Marketing (e.g. meetups, blogs, papers, OSSF)
  • Spin off projects to address common areas of challenge as prioritized by the SIG (see point above)
• Define and own relationship with peer (e.g.Reg SIG, Innersource SIG, DevOps SIG) and upstream initiatives (e.g. TODO group, OpenSSF)

[mcleo-d]

@psmulovics, @vmbrasseur, @mindthegab and OSR SIG,

To help accelerate upon this idea, I have expanded the OSR labels in GitHub to include the categories listed below.

These are now available to help with the triaging of the ideas, issues and feedback that are posted by the group.

During the next OSR SIG meeting on 2nd March 2022 (#24), I suggest we review the current OSR Issue backlog to see if there are open issues that can be categorised in this way.

Test the water! 💧

[mcleo-d]

@psmulovics, @vmbrasseur, @mindthegab and OSR SIG,

To help with the prioritisation and tracking of work, the Open Source Readiness SIG kanban board has been created ... https://github.com/orgs/finos/projects/28

I have added the issues that are currently in the OSR GitHub Issues, ready for them to be prioritised, categorised and assigned with the SIG on #24.

[mcleo-d]

@psmulovics, @vmbrasseur, @mindthegab and OSR SIG,

I have updated the next OSR SIG #24 meeting to cover everything outlined in this thread ...

James.

[mcleo-d]

In order to accelerate the collection of OSR materials, I think the OSR information architecture should be categorised to describe the WHAT and the HOW, with the WHAT following the dimensions and elements of the WIP OSMM and illustrated below.

Strategy

• Goals, Objectives, Resources
• Corporate Alignment
• Community and Ecosystem engagement
• Operations
• Culture

Management

• Life-cycle Management
• Risk Management
• Compliance and Assurance Management
• Security Management

Usage

• Consumption
• Contribution
• Publication
• InnerSource

Depending on the release schedule of the OSMM, this tool can be used to measure a FS firm's individual progression into Open Source Readiness, with the survey filled out on a regular cadence to measure progression.

The OSMM can also be used to highlight and fill gaps in the knowledge base provided by the OSR SIG.

The HOW is up to the OSR SIG to highlight and for materials to be added to the OSR Docs Folder as markdown. These materials can then be presented through the OSR Microsite or other channels.

The DO'ing is then how FS firms use the OSR resources and how that shifts the needle back through the OSMM.

In order to accelerate the approach, I suggest creating an initial set of Awesome Lists as demonstrated by the FINOS InnerSource SIG that point to existing TODO and Linux Foundation training materials.

• https://github.com/finos/InnerSource/blob/master/docs/resources.md

Let me know your thoughts, as using Awesome Lists as the initial concept, has a low barrier to entry and can point the OSR SIG to training materials and resources fast.

[robmoffat]

DLP (Data Leakage Prevention) : This is a key requirement for banks. I thiink it's something that the git-proxy project tries to address, however this doesn't seem like it's under active development anymore. I think this should be somewhere on the roadmap.

[robmoffat]

Can the roadmap be more specific in the ordering of things. i.e. step 1, step 2, step 3. (with dates?)

In particular, I would like to see when the Open Source Readiness survey that Wipro was working on would be ready, or adopted.

I think we should be aiming (eventually) on a set of best-practices for running an OSPO, which is content that could be held somewhere on the microsite but maybe isn't totally roadmap-related

[mcleo-d]

from @psmulovics - #29 (comment)

I share the sentiment mentioned during the call too of not really feeling this roadmap-y, more like manifesto, goal, etc kind of document - which is fine, we need that too; but when comes to roadmap I more think of something like:

[mcleo-d]

from @robmoffat - #29 (comment)

Here is my starter-for-10 as to what the roadmap might contain. Obviously, up for discussion.

1. Interviews with OSPOs: Period where we discuss OSR with OSPOs at various financial institutions in order to gauge their concerns and establish what practices they each employ.
2. Interviews with Project Owners in Financial Institutions: We should elicit feedback from the project owners to establish what the main problems they face are, and what the best practices are
3. Enhance the Microsite: With anonymised summaries of the above - best practices, key challenges, process know-how etc.
4. Feedback: perhaps not a milestone, should happen as we go, but getting the contributors involved in reviewing what has been produced
5. Questionnaire: Building an FinTech-specific Open-Source readiness questionnaire based on all the above
6. Publicise
7. Provide Accreditation
8. Publish Training Materials

... just off the top of my head. Interested to see what everyone else thinks on this