Appendix
Categories:
Appendix 1. Roster of Responsible Personnel
| No | Role | Responsibility | Required competencies | Owning organization | Owner |
|---|---|---|---|---|---|
| 1 | Open Source Program Manager (OSPM) | Holds overall responsibility for the company’s open source program. | Understanding of the software development process Understanding of copyright and patents Expert knowledge of open source license compliance Communication skills | Open Source Management Team | [Name] |
| 2 | Legal | Assesses legal risks related to open source licenses and provides legal counsel. | Understanding of the open source ecosystem Expert knowledge of software copyright Expert knowledge of open source licenses Ability to assess legal risk | Legal Team | [Name] |
| 3 | IT | Operates and automates open source analysis tools. | Understanding of the open source license compliance process Understanding of open source analysis tools Expert knowledge of IT infrastructure Understanding of automation and CI/CD pipelines | IT Team | [Name] |
| 4 | Security | Operates open source security vulnerability analysis tools. | Understanding of DevSecOps Understanding of open source security vulnerability analysis tools Expert knowledge of known vulnerabilities and newly discovered vulnerabilities Ability to assess and manage risk | Security Team | [Name] |
| 5 | Development Culture | Supports in-house developers in actively using open source. | Understanding of the software development process Basic knowledge of open source license compliance Ability to design education and training Experience participating in open source communities | Development Team | [Name] |
| 6 | Quality | Verifies open source license obligations when distributing Supplied Software. | Understanding of the software development process Basic knowledge of open source license compliance Understanding of the open source policy Basic knowledge of open source licenses | Quality Assurance Team | [Name] |
| 7 | OSRB (Open Source Review Board) | Establishes and improves policies and processes for open source management. | Expert knowledge of open source policies and processes Experience operating a review board | OSRB | [Name] |
| 8 | OSPO (Open Source Program Office) | Supports contributions to external open source projects and the release of in-house projects as open source. | Experience participating in open source communities Ability to manage open source projects | OSPO | [Name] |