Welcome to our series of interviews with the people behind the OpenChain Project. While open source is mostly about software, and governance is mostly about licenses, it is also the story of thousands of individuals collaborating. We hope these interviews will inform and inspire our readers, and encourage more people to participate in open source and OpenChain.
Our ninth interview is with Indira Bhatt
You have been involved with technology for a while and you now have a leadership position in open source. Can you tell us a little about how you joined your company, why you are involved in technology development, and how you first discovered open source?
I first worked with open source as a developer on research projects (instrumenting the Linux Kernel). After stints across the tech industry as a developer I joined Palamida, whose business was open source compliance. I worked on open source management for Mergers and Acquisitions working with business, product, legal, and engineering. I then went on to set up open source compliance teams for various fortune 500 companies and consulting firms. I realized that both large and small companies are actively working on open source management and that encouraged me to start my own consulting practice.
Your involvement in open source is very interesting. Software is behind most of our technology and open source is behind most of our software. However, in relative terms there are few coordinators, managers or lawyers with significant experience of this approach to technology. How did you become a decision-maker in your company’s use of open source?
I have a background in technology and experience with open source compliance tooling and processes. My job is more to help with the management and categorization of open source used to build software. The decision makers in most cases are legal teams that review licensing requirements.
OpenChain is all about open source compliance in the supply chain. Our industry standard builds trust and our reference material helps companies build processes to meet the standard. Approaching this discussion for the first time can be a little intimidating. Most people are modest about their understanding of licenses or choosing the “best” approach to solve a business challenge. It may be a strong word to use, but often a certain sense of fear makes people hesitate. How did you learn to approach this issue with a positive and open mind?
A decade ago, the typical standard first question in an M&A used to be – do you use open source? The key question these days is – do you know of all the licenses that you might be distributing? I often like breaking things down to their most basic elements. By doing this, I find it provides opportunity to move forward. For example, if company A has a suite of products but doesn’t know how to go about ensuring the licenses they are using are in compliance, where should they start? Compliance across products can be a big unknown and it can be unclear if the primary focus should be the process, tooling, or people. Fortunately though, there are standards such as OpenChain which provide a good framework to begin answering these questions.
One thing the OpenChain Project is concerned with is diversity. Our project is developing a long-term industry standard and our strategic perspective is measured in many years or even decades. To access the potential in our community we need to make sure gender or personal choices never make people feel unwelcome or excluded. In some markets like China and Korea around half of the people we work with are female. In other markets, such as Japan and the United States, the percentage of women is far less. Have you faced challenges because of gender and how did you overcome them?
I have zero tolerance for situations where there is disrespect, which I have encountered because of my gender. I try to be super picky about who I work with and ensure that it is a good environment for me. In particular, my past experiences inform the kind of organization I work with. Diverse, modern and open source organizations are a win!
I am so lucky to live and work in the Bay Area where there is continuous improvement on this front.
The next question is directly related to the last one. Because the OpenChain Project is concerned with diversity we must acknowledge that every part of our project needs to continually improve. Our social structures, our meeting formats, our processes to create or improve material. Everything needs to be considered to find any challenge to making people welcome and empowered. Can you assist us in this process with some suggestions for improvement?
OpenChain meetings are really something special. I think they’re so well run and give everyone the opportunity to speak in a kind and respectful space. How about an experiment? The next time we need an opinion or feedback we anonymize responses (similar to writing ideas on paper and throwing them in a jar). Maybe this is a way to empower people to share their opinions more freely. It would also give equal weight to everyone’s suggestions regardless of who they are.
All around the developing world age is a topic. Our populations are getting older and the social distance between young and old people seems to be growing. People in their early twenties seem to have very little in common with people in their forties or fifties. Of course this is understandable and of course it has always existed between generations. However, in the context of open source, our population is aging too, with the average age of participants around 30~55. Maybe we have more older people than young people. Do you have any suggestions for how we can make young people interested and welcome in projects like OpenChain?
Would a university outreach program be a good idea?
There is a big difference between tactical activities that solve day-to-day problems and strategic activities that solve bigger challenges. OpenChain is basically focused on strategy. This means our participants think about the future and it means we also have to think about how many tactical actions can serve a strategic mission. People often ask how to do this and they often mention that it is hard to think strategically when many business metrics are based on quarterly activities. Do you have any suggestions based on your own experience?
I like to balance business value and legal risk.
This involves forensics to list out all the code being shipped (often billions of lines), ranking products by business value, shipping method, and licensing risk. Once I have this figured out I focus on ensuring that high-value/high-risk products are compliant. This establishes day-to-day processes that are in line with longer term strategic goals that hopefully then percolate across the business.
We have asked many serious questions in this interview. Each of your answers is extremely valuable for our current and our future community. OpenChain is all about sharing knowledge and helping everyone do better. However, we are not only a dry, factual community. We also have many positive social relationships and there is a hope or a goal that OpenChain can be fun too. We are all together collaborating to solve interesting challenges. Do you have any tips for how people can come into a project like OpenChain and find the experience rewarding personally as well as in a business sense?
In the future (post ISO), I think if we break down the audience it could have a more rewarding experience for all parties involved – for developers, for lawyers, and for stakeholders.
Finally, you have been so kind to answer these questions in English. However, the future of open source and OpenChain is not in English, but instead in communication from Mandarin to Hindi to German. The future is making sure people in each nation can work together freely. We already hold the local work group meetings in the local language but is there a way we can reduce language barriers even more?
I think OpenChain is already doing this really well. Everyone understands that this is a global effort. Partnering more and more with local companies that are devoted to using open source to gain specific regional insights could help us with ideas to reduce language barriers even more. I’d also love to see an OpenChain video from representatives from all over the world and in different languages.
Thank you Indira for your time and thoughts!
