This week at OSSummit NA, the TODO Group hosted a lively “Ask Anything” session with members of the Steering Committee: Brittany Istenes (FINOS), Natali Vlatko (Cisco), Georg Kunz (Ericsson), Ashley Wolf (GitHub), Stephen Augustus (Bloomberg), and Annania Melaku (F5).
Insights Shared and Community Questions
The panel opened the session, surfacing valuable trends, challenges, and practical approaches, including insights drawn from our current state of practice:
- OSPOs are diversifying: As of 2025, Open Source Program Offices are no longer monolithic; they’re evolving into embedded, specialized units tailored to business domains such as AI, security, developer experience, and legal compliance
- Beyond responsible open source usage, OSPOs provide governance as guidance, enabling developers to safely adopt and contribute to open source while ensuring compliance and alignment with business goals
- Security is a central pillar: OSPOs play a critical role in software supply chain integrity for effective SBOM management. They’re developing workflows that integrate vulnerability management, license compliance, and upstream engagement
- Embedded OSPOs in AI/ML teams are emerging as specialist arms, focusing on model transparency, open datasets, and framework governance.
Key Questions from the Community
The session also offer space to tackle questions from OSPO practitioners and curious newcomers, including:
- How do you encourage company support once you discover a project is widely used internally?
- What financial responsibilities do OSPOs have when it comes to supporting their open source dependencies?
- Do engineers lead open source adoption, or is it strategically aligned with company services?
- How can someone join the TODO Group? Is there a Slack? A mentorship program?
Getting Involved
The TODO Group is open to all. Whether you’re building your open source management strategy or scaling open source practices within your organization, the TODO community is here to support you. You can start engaging with peers today by joining our public slack and exploring our upcoming TODO meetings in our public calendar.
If your organization is a Linux Foundation member, it can also join TODO as a general member as part of its LF membership. If you are part of a public institution, academia, or a foundation, your organization can join the LF and TODO as an associate member at no cost.