2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Spotify dances to the open source beat

GettyImages-dv718032.jpg?w=1200&strip=allSpotify dances to the open source beat>
Venture Beat – Paul Sawers
The music-streaming giant has open-sourced a number of its projects through the years, such as Backstage, which was recently accepted as an incubating project at the Cloud Native Computing Foundation (CNCF) after two years as an open source project. The company also recently joined the Open Source Security Foundation, opened a dedicated open source program office, and is now launching a fund to support independent open source projects. In short, Spotify is doubling down on its open source efforts.

Today, Backstage is used by dozens of companies, spanning retail, gaming, finance, transport, and more, including Netflix, American Airlines, IKEA, Splunk, HP, Expedia, and Peleton. But when all is said and done, what does Spotify get from open-sourcing Backstage. Well for starters, it gets a better version of Backstage for itself due to the community-driven nature of the project.

To support its ongoing efforts in the open source realm, Spotify has joined a long legion of companies to launch a dedicated open source program office (OSPO), designed to bring formality and order to all their open source efforts, align OSS project goals with key business objectives, manage license and compliance issues, and more.

Spotify has, in fact, had an OSPO of sorts for the better part of a decade already, but it constituted more of an informal group of employees who had other full-time roles at the company. Moving forward, the company now has a full-time OSPO lead in Per Ploug and is actively hiring for other roles.

Spotifyâs OSPO is positioned within the companyâs âplatform strategyâ unit â however, it will ultimately straddle multiple teams and departments given that open source software intersects with everyone from engineering and security, to legal, HR, and beyond.

A central component of any OSPO is security â ensuring that any open source element in the companyâs tech stack is safe is kept up-to-date with the latest version, and also compliant with the terms of the open source license. So, itâs perhaps timely that Spotify recently joined the Open Source Security Foundation (OpenSSF), a pan-industry initiative launched by the Linux Foundation nearly two years ago to bolster the software supply chain.

To further align itself with the open source realm, Spotify today lifted the lid on a new fund for âindependentâ (i.e., not Kubernetes) open source project maintainers. The Spotify FOSS Fund will start out at â¬100,000 ($109,000 USD), with the companyâs engineers selecting projects they feel are most deserving of the funds, and a separate committee making the final decision. The first tranche of chosen projects will be announced some time in May.
Link: https://venturebeat.com/2022/04/22/spotify-dances-to-the-beat-of-open-source/

Categories:

Tags: