Guest: Jesse Stockall (LinkedIn)
Company: Snow Software (Twitter)

While there used to be doubt and concern about consuming open source software, many companies are now embracing it. However, more education is needed about open source governance and best practices for using open source software. Organizations need to consider both the technological and cultural aspects to consuming open source and what being a good open source citizen means.

In this episode of TFiR: Let’s Talk, Swapnil Bhartiya sits down with Jesse Stockall, Chief Architect at Snow Software, to discuss the importance of open source governance and forming an open source governance committee. He discusses how organizations need to strike the right balance between self-hosted open source and cloud services and gives us an insight into Snow Software’s offerings.

Key highlights from this video interview are:

• Snow Software is a leader in software asset management, which, Stockall explains, is looking at the licenses organizations are using and ensuring they are not exposing themselves to too much risk. The company covers other areas such as cloud management and cost management, bringing these elements together with technology intelligence.
• There used to be some doubt and concern about using open source software, particularly driven by large vendors like Microsoft. Stockall discusses how this changed when Black Duck came in and the shift of open source governance towards supply chain attacks and vulnerabilities and the challenges of not having sufficient tooling and governance in place.
• Having a clear policy around open source is key as well as contributing it back to the community. As companies grow, they need a governance committee with representatives from legal, compliance, security, and engineering. Stockall discusses the importance of having the right representation in the governance committee and tooling in place.
• While an integral part of open source is the technological aspect, another is the cultural one. Stockall goes into depth about the open source governance model they have implemented internally in Snow Software, the role it is playing in building open source into their company culture, and the benefits it is bringing.
• Stockall believes that there is still some work to be done with open source education in organizations and how to consume it. Yet, he feels that this is an opportunity to learn and a sign of maturity. He explains the benefits of being able to enhance something while still retaining maintenance of the code.
• One of the key challenges Stockall has faced in companies he has worked at is convincing management to contribute the code changes back and the benefits it brings for the future. He explains how this helps organizations be good open source citizens.
• Stockall discusses the need to find the right balance between evaluating the skills you have in-house with where you would like to spend the company’s time when deciding whether to self-host or use a managed service, or cloud service.
• Snow Software’s biggest value proposition is visibility of your assets since if you can’t see your assets, you can’t secure them or properly manage them. The company collects data from their own agents from browser extensions, from Cloud APIs, gathering all the information together and cross-referencing it. Stockall explains how they then enhance it to provide insights on top of the raw data.
• Stockall tells us that they still have developers who like to write code and develop in Snow Software, but sometimes there are already open source or cloud offerings that enable you to move faster. He discusses the benefits of consuming from places like CNCF and offerings from hyperscale cloud providers.

The summary of the show is written by Emily Nicholls.