Technology Portfolio Management (TPM) Best Practices

Overview

Organizations whose employees use open source software frequently have employees who wish to contribute back to the open source projects they depend on — fixing bugs, adding features, improving documentation, or participating in the governance of the projects they use. Open source contribution is valuable to the ecosystem, to the organization’s standing in the developer community, and potentially to the organization’s recruiting and retention of technically sophisticated talent. It also creates governance obligations that, if not managed through a clear contribution policy, can produce legal, IP, and competitive risks the organization did not intend to accept.

Best Practice

Establish a formal open source contribution policy that defines: the conditions under which employees are authorized to contribute to open source projects — including whether contributions may be made on company time, using company resources, or only on personal time; the categories of code that employees are never authorized to contribute to open source projects, including any code that embodies proprietary algorithms, trade secrets, or competitively sensitive implementations; the review and approval process that applies before any contribution is submitted, ensuring that IP ownership, license compatibility, and competitive implications have been assessed; and the process for contributing to open source projects as an organization rather than as individual employees, which may produce different IP and license implications. Make the contribution policy easily accessible to all technical employees and include it in onboarding processes for engineering and technical roles.

Benefit(s)

A clear open source contribution policy enables the organization to support and benefit from employee participation in the open source ecosystem while managing the legal, IP, and competitive risks that unmanaged contribution creates. Engineers who want to contribute to the projects they depend on have a clear, accessible path to do so appropriately rather than facing ambiguity that either chills legitimate contribution or enables inappropriate contribution. The organization builds a positive reputation in the open source community through principled, well-governed contribution rather than through unmanaged, inconsistent engagement that may include inadvertent IP disclosures.