Blog
"We don't use any Open Source," said no IT professional ever.
By: Jonas Öberg, Head of Scania Open Source Program and Group Manager at Product Development IT.
At Scania, we have (as all companies) made extensive use of Open Source technologies for our in-house system but I feel that we've been missing out on Open Source in our products. That's all about to change, as the automotive sector at large warms up to Open Source technologies, fervently encouraged by our suppliers, eager to usher us into the future.
In my work at Scania, I manage a small team of software developers working with product information sharing between brands in the TRATON family. That's a bit like herding cats, I tell them, but it's a job I very much enjoy. But I also have a secret identity! It's not much of a secret, but when the day is drawing to a close, I wield the cape (oh how I wish there could actually be a cape!) of Open Source Officer, to help us think strategically about Open Source and developing our management system for Open Source.
Fears and opportunities with Open Source
One of the fears of any software developer is that someone, somewhere, will need to approve their use of Open Source technologies. We know how impractical this is in a modern development environment, where the use of a single Open Source package can result in pulling in hundreds of unknown dependencies, and where the Open Source packages used in your average system can number in the thousands.
A goal of Scania's Open Source work therefore has been to find ways to allow our developers to work effectively with Open Source whilst having a controlled intake and use of Open Source where we need it--for compliance, security or safety. One of the ways in which we do this is by asking our developers to not pay too much attention to the license texts. That may sound odd, so let's dig into the reasons behind it.
To understand the background, it's also important to keep in mind that one of Scania's core values is Responsibility. This means that we recognize that we have a responsibility towards society and the environment and always strive to do the right things in the right way. It also means that we honour legal and compliance standards, but also importantly that we act responsibly and build trust.
When the first Open Source licenses where drafted, especially the copyleft GNU General Public License, they were created to try to bring back a certain behaviour that was felt as having been lost in the computing industry. A behaviour of cooperation, sharing, and addressing problems together, as a community. The licenses were created to be the legal expression of such a behaviour.
Open Source at Scania
In our work with Open Source at Scania, we spend a lot of time on the behaviour, rather than the exact license text. We know that what is expected of Scania as a company in the Open Source community is a certain behaviour. The license still carry weight, of course, but we have seen that if we follow the expected behaviour from a company in the community, then we are also compliant with Open Source licenses. We act responsibly, and build trust.
I think this is a good way of thinking about Open Source and goes hand in hand with another core value: Respect. Cooperating, sharing, and addressing problems together, is what we do as a company. Everyone contributes to our work, and everyone grows and learns over time. This is respect for the individual and their skills, and it feels to me very connected to Open Source.
One of the principal ways in which we activate this behaviour is through our process for Open Source, which is as much a training tool as it is a compliance process. Actually, it's not much of a compliance process at all. It's a process that leads up to a compliance process. Let me explain: we have so many different areas of Scania where Open Source comes into play that having one process for all types of development would be very impractical. I don’t think that one size fit all.
Final Words and the Way of Working going forward
So what we've done instead is that we've created a way in which developer groups work through a defined process, in which they identify what is important for them to consider in their area of development. Based on that, they then implement, in their development workflow, the parts that actually matter for their work. It creates a tailored compliance process for that particular area. This brings in the level of flexibility needed to cater to different areas of software development at Scania, while at the same time providing the security and safety we need to manage our Open Source responsibilities. To manage our Open Source relationships. To live up to the expected behaviour. To build trust and respect.
We are on a change journey that I think will not be over for a very long time. I know that Open Source makes a difference for Scania, and I believe that over time, Scania will also make a difference for Open Source.
Things you should have on your radar:
- OpenChain Project – the international standard for Open Source compliance programs.
- OSPO Alliance – an open experience-sharing platform for OSPOs.
- STEW 2023 – The Software Technology Exchange Workshop, happening the 15th of November 2023.
