Session: 2 for 1: Shifting Open Source Compliance Activities Left / The “Food Court Menu” of APIs: A GraphQL Introduction

Josh Clements – Shifting Open Source Compliance Activities Left

There are as many models for OSPOs as there are companies, and given the dynamic nature of the environment, it’s bound to get messy. And the OSPO is on your side! Most folks won’t sign up for such a role if they don’t have their heart on the side of Open Source and the developers that consume and deliver it. In this talk, I’ll highlight responsibilities of development teams and Open Source program managers when consuming open source in a commercial environment. Moving as much as possible “to the left” in a project’s development and communicating early and often can reduce friction when your project requests an outgoing license.

Attendee Takeaways:

  • Key responsibilities:
    • OSPO/legal:
      • define a manageable compliance process that suits your organization’s culture and business goals;
      • clearly communicate it to developers and project managers;
      • support development teams throughout the process.
    • Development teams:
      • know what’s in your software;
      • understand the compliance process and why it’s there;
      • discuss dependencies before they’re integrated (if possible).
    • Communicate early and often.
    • Tools are still maturing; manage your expectations.
    • Standardize inputs, outputs, and terminology. Automate processes as much as possible.
    • Evaluate your risk tolerance and tailor your processes accordingly.
    • Think about the value of a given product (not just $$$).
    • Consider the exposure: criticality of project (health, finance, safety), trust/brand, etc.
    • Lots of methods… find what makes sense and use it.
    • It’s hard to find talented analysts and legal personnel… treat them right; they’re here to help.

Lucy Shen – The “Food Court Menu” of APIs: A GraphQL Introduction

What is GraphQL, anyway?” If you’ve been meaning to look into GraphQL for a while now but never quite got around to it, I got you. In this short talk, I will use a simple “food court” metaphor to cover basic GraphQL concepts that has been effective even with my nontechnical co-workers. We’ll compare GraphQL against REST and discuss some common challenges such as schema composition and how to decide on the best API protocol for your use case. You’ll walk away from this short talk with basic GraphQL knowledge, a list of resources for further learning, and a handy little metaphor for explaining GraphQL to your colleagues.

This session will be recorded

Presenters:

Josh Clements
Lucy Shen's headshot

Lucy Shen