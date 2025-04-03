The challenge: Obtaining companywide buy-in for open source usage policies

O-Soft executives took a proactive approach to addressing OSS governance challenges. They realized it was critical to gain a better understanding of the elements of the company’s software codebase. While they understood the value their developers gain from having access to open source components, they knew that using OSS is just the first piece of the logistical puzzle. They aimed to automate the management of open source code from its entry into the organization, throughout the development process, and across the supply chain. This would allow the company to gain systematic control over the successful integration of open source into the development and deployment of software.

Achieving this level of automation allows the company to avoid inadvertently shipping products containing unknown OSS code, along with avoiding the potential legal risk that comes with licensing violations. With this in mind, the division set out to develop a compliance policy to be implemented across the parent company, as well as within the division.

They began by establishing an OSS committee to research and develop the comprehensive open source compliance management policy. The committee was led by Olympus’ Quality & Environment Division and included representatives from its legal, intellectual property, IT, and research and development departments. Software developers from each business unit also participated in the effort to formulate the policy.

Hattori led the effort to improve compliance for OSS license use and reuse without making significant changes to the product teams’ individual software development processes. Risk levels differ by product, so the OSS committee developed separate OSS usage guidelines to be applied to each product.

One challenge the committee faced was ensuring that developers and other employees would comply with the new guidelines. They also had to determine how to integrate the corporate policy into the individual product groups’ development processes, select reliable tools and solutions for code scanning, and enable agile software development using OSS on an ongoing basis.

“It quickly became clear that policy compliance would need to be actively promoted across the organization,” explains Koji Asari, division manager and technical officer in O-Soft’s Technical Development Division.

“Even once we had an official policy in place, it was clear that we needed to bring all stakeholders on board with the importance of OSS license compliance in software development,” Asari says. “But not all of these stakeholders are software experts. Not all of them have a comprehensive understanding of OSS.” Developing stakeholder understanding of these issues “required a lot of energy and time,” he adds.