SlideShare a Scribd company logo
Open Source Compliance at Twitter
  Philosophy, Governance and Best Practices
            Chris Aniszczyk (@cra)

     Open Compliance Summit Asia 2012
Agenda

     Introduction and Brief History
         Open Source at Twitter
         Philosophy and Culture
    War Stories and Lessons Learned
             Best Practices
               Conclusion
                  Q&A
What is Twitter?
 “Instantly connect people
everywhere to what is most
   meaningful to them...”
2006: A simple idea...
2008: Growing Pains
2009... Crazy Growth
BTW, Japan holds TPS Record!
BTW, Japan holds TPS Record!

  Miyazaki
  25,088 TPS
2010+: Build a company!
Now: Growth Continues...

140M+ Active Users
400M+ Tweets per Day
33+ Languages Supported
1300+ Employees Worldwide
50% Employees are Engineers
100+ Open Source Projects
1M+ LOC Open Source Code / Year
Open Source at Twitter
  We run and depend on it
Twitter Runs on Open Source
Engineers ran the asylum...
Code dumping happens...
Open Source Office
  "The Open Source Office directs all open source efforts
(compliance, data and standards) at Twitter and supports
   all initiatives related to our engineering outreach and
     contributions to the broader software community."
Created Open Source Office in 2011
Open Source Review Process
  Simple, Comfortable and Audit-able
    Tools built on “JIRA Workflows”
Where? Default to GitHub




                   Also see http://twitter.github.com
Licensing Guidelines: Outbound
 We prefer liberal licenses for adoption

    Default to APLv2 in most cases

   Prefer MIT license in front-end JS

 Compatible with respective community

      Clojure? EPL, NodeJS? MIT
Licensing Guidelines: Inbound
      OSI Certified Licenses Only

 List of Approved and Banned Licenses

         Motto: Trust but Verify

  Extra Scrutiny at Distribution Points

  Less Scrutiny Elsewhere... (NOTICE)
Development Guidelines
                           Documentation
         README, LICENSE, CHANGELOG, ROADMAP, NOTICE, CONTRIBUTING
                                       Example code



                           Communication
            There should be a mailing list, twitter account or a discussion forum




     Frequent Releases and Versioning
  Releases should be frequent and follow semantic versioning guidelines (http://semver.org)



                               Deployment
    Releases should be easily consumable (e.g., available on maven central or rubygems)
Philosophy and Culture
“Default to open, think about what
 to keep closed that defines your
          secret sauce...”
Open Source Philosophy
Why?
7 reasons we do it
Community Feedback
More usage translates into more bug reports and
feature improvements. This translates into more
stable code and helps prevent costly issues
          appearing in production.
Attract Talent
Smart engineers like to hang out with other smart
engineers. Quality code will attract other smart
engineers to move your company missions
                    forward.
Better Hiring
What better way to find candidates than the ones
  who contribute to your open source projects?
Consider this the best technical interview you
 can give a potential candidate. Plus it’s fun to
     look at their code in advance to review!
Retain Talent
Great engineers like working in the open and
 showing off their work. Sure, this may make
them attractive to other companies but these are
    the people you want anyway, trust me!
Reduce Duplication
When you open source code, there’s a chance that
someone on the inside or outside will let you
 know it’s been done in some way already.
         Embrace the new knowledge.
Modularization
 When open sourcing internal code (especially if it
was part of a larger code base), you tend to break
   it apart into smaller reusable and more
               maintainable pieces.
The Right Thing To Do
   These days, it’s very difficult to build anything
without benefiting from open source code in some
   fashion. Find ways to pay it forward as a
   “rising tide lifts all boats” in the industry.
War Stories
Some stories and lessons learned
  from the open source office
Story 1: Bootstrap
    The legacy of GPLv2
       License: APLv2
github.com/twitter/bootstrap
Open Source Compliance at Twitter
Lesson Learned?
  Liberal license helped spur adoption

Drupal, Wordpess, Jooma: GPLv2 legacy

 We made a mistake not choosing MIT

Now we’re migrating to MIT... it’s a PITA
Lesson Learned?
Be diligent about communities who
may adopt your code even if using
   liberal open source licenses
Story 2: Twemcache
      The fun of forking...
        License: BSD
github.com/twitter/twemcache
Lesson Learned?
 Avoid forking if possible. If not,
reach out to existing communities
before moving forward and making
        an announcement.
Story 3: Clutch.IO
M&A and open sourcing...
     License: APLv2
  github.com/clutchio
Lesson Learned?
   Open sourcing code from an
    acquisition could be a win,
especially if you’re going to shut a
service down or do nothing with it.
Best Practices
What works for us...
Define Secret Sauce
 Don’t open source anything that represents a core
  business value. Define your secret sauce so
there’s a shared understanding that can guide
  company decisions. Embed this secret sauce
         within your culture and company.
Compliance in Eng
When’s the last time you heard engineers have fun
working with lawyers? Treat open compliance as
an engineering problem and have it live in the
 engineering organization with a well trained
 staff. Educate everyone. Balance risk and speed.
Facilitate Contributions
 Make it easy for engineers to contribute to
 outside projects with minimal bureaucracy.
Setup simple guidelines and only be involved if legal
           issues come up (e.g., CLA)
Transparency
Make decisions around open sourcing code as
  transparent and accessible as possible.
 Awareness is great, you can also catch
       mistakes and duplication.
Blessed Repositories
    Have central repositories (e.g., Maven or
      RubyGems) for approved open source
libraries. On top of making life better for engineers,
     this makes it easier to scan for compliance.
Collaborate
   Join organizations such as FOSSology, Open
Invention Network (OIN) or SPDX. Work together
 with companies and individuals to tackle the
            problem of compliance.
Measure Everything
 Establish metrics and measure yourself
against them. Otherwise, how can you know
 what’s going on and how can you improve?
Conclusion
             Twitter ♥ Open Source
  Open compliance is important. Establish a
efficient open compliance process that balances
 speed, risk and efficiency. Use or build tools to
        help make it easy and transparent.
Q&A
Thank you for listening!
        @cra
  zx@twitter.com

More Related Content

What's hot (20)

PDF
In graph we trust: Microservices, GraphQL and security challenges
Mohammed A. Imran
 
PPTX
Guide to open source
Javier Perez
 
PPTX
Open source
Ah Fawad Saiq
 
PPTX
Introduction to Open Source, Apache and Apache Way
Srinath Perera
 
PDF
The Open Source... Behind the Tweets
Chris Aniszczyk
 
PPT
opensource_powerpoint_review
webuploader
 
PPTX
#ATAGTR2018 Presentation " Security Testing for RESTful APIs" By Anuradha Raman
Agile Testing Alliance
 
PDF
How to contribute back to Open Source
Wojciech Koszek
 
PDF
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon
 
PPTX
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer Levi
DevSecCon
 
PDF
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Leon Stigter
 
PPTX
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
DevSecCon
 
PDF
Scale14x Patterns and Practices for Open Source Project Success
Stephen Walli
 
PDF
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Abdessamad TEMMAR
 
PDF
How to Contribute to Pinax
jtauber
 
PPTX
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon
 
PPT
OSGi Versioning & Testing
Chris Aniszczyk
 
PDF
Mastering Android Development Tools
TechWell
 
PPTX
Let's Git Together! - Hacktoberfest 2020
EqraKhattak
 
PPTX
Best practice recommendations for utilizing open source software (from a lega...
Rogue Wave Software
 
In graph we trust: Microservices, GraphQL and security challenges
Mohammed A. Imran
 
Guide to open source
Javier Perez
 
Open source
Ah Fawad Saiq
 
Introduction to Open Source, Apache and Apache Way
Srinath Perera
 
The Open Source... Behind the Tweets
Chris Aniszczyk
 
opensource_powerpoint_review
webuploader
 
#ATAGTR2018 Presentation " Security Testing for RESTful APIs" By Anuradha Raman
Agile Testing Alliance
 
How to contribute back to Open Source
Wojciech Koszek
 
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi Douglen
DevSecCon
 
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer Levi
DevSecCon
 
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Leon Stigter
 
DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff
DevSecCon
 
Scale14x Patterns and Practices for Open Source Project Success
Stephen Walli
 
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Abdessamad TEMMAR
 
How to Contribute to Pinax
jtauber
 
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya Janca
DevSecCon
 
OSGi Versioning & Testing
Chris Aniszczyk
 
Mastering Android Development Tools
TechWell
 
Let's Git Together! - Hacktoberfest 2020
EqraKhattak
 
Best practice recommendations for utilizing open source software (from a lega...
Rogue Wave Software
 

Similar to Open Source Compliance at Twitter (20)

PPTX
Oscon 2016: open source lessons from the todo group
Ben VanEvery
 
PDF
Building software: the lessons from open source
Arnaud Porterie
 
PDF
Open Source: What is It?
DuraSpace
 
PDF
Leading An Open Source Project As A Startup
Mailjet
 
PDF
Leading an open source project as a startup
Nicolas Garnier
 
PDF
Discover the Power of Open Source Project Collaboration
YashikaSharma391629
 
PDF
Open Source Building Career and Competency
Krishna-Kumar
 
PPTX
Why Open Source is Important
Sudheesh Singanamalla
 
PDF
Open Source
Kartik Subbarao
 
PPT
Asf icfoss-mentoring
Luciano Resende
 
PDF
Communities for code - What can engineering leaders learn from Open Source co...
Brett Porter
 
PPTX
Building-a-Career-in-Open-Source-Development
Ozias Rondon
 
PDF
Hitchhikers Guide to Participating in Open Source - Long Version
Elena Williams
 
PPT
Open Source Issues and Trends
Nicole Baratta
 
PPTX
The Role of In-House & External Counsel in Managing Open Source Software
Flexera
 
PPT
Open source software by Tushar Joshi
Tushar Joshi
 
PDF
OPS_Unit-2--Open Source Demystifying.pdf
SonaShaiju1
 
PPTX
Open Source Project Management
Semen Arslan
 
PDF
Open Source in Real Life
Kenneth Geisshirt
 
KEY
Open Source From The Trenches: How to Get Involved with Open Source and be Su...
Chris Aniszczyk
 
Oscon 2016: open source lessons from the todo group
Ben VanEvery
 
Building software: the lessons from open source
Arnaud Porterie
 
Open Source: What is It?
DuraSpace
 
Leading An Open Source Project As A Startup
Mailjet
 
Leading an open source project as a startup
Nicolas Garnier
 
Discover the Power of Open Source Project Collaboration
YashikaSharma391629
 
Open Source Building Career and Competency
Krishna-Kumar
 
Why Open Source is Important
Sudheesh Singanamalla
 
Open Source
Kartik Subbarao
 
Asf icfoss-mentoring
Luciano Resende
 
Communities for code - What can engineering leaders learn from Open Source co...
Brett Porter
 
Building-a-Career-in-Open-Source-Development
Ozias Rondon
 
Hitchhikers Guide to Participating in Open Source - Long Version
Elena Williams
 
Open Source Issues and Trends
Nicole Baratta
 
The Role of In-House & External Counsel in Managing Open Source Software
Flexera
 
Open source software by Tushar Joshi
Tushar Joshi
 
OPS_Unit-2--Open Source Demystifying.pdf
SonaShaiju1
 
Open Source Project Management
Semen Arslan
 
Open Source in Real Life
Kenneth Geisshirt
 
Open Source From The Trenches: How to Get Involved with Open Source and be Su...
Chris Aniszczyk
 
Ad

More from Chris Aniszczyk (20)

PDF
Bringing an open source project to the Linux Foundation
Chris Aniszczyk
 
PDF
Starting an Open Source Program Office (OSPO)
Chris Aniszczyk
 
PDF
Open Container Initiative Update
Chris Aniszczyk
 
PDF
Cloud Native Landscape (CNCF and OCI)
Chris Aniszczyk
 
PDF
Rise of Open Source Programs
Chris Aniszczyk
 
PDF
The Open Container Initiative (OCI) at 12 months
Chris Aniszczyk
 
PDF
Getting Students Involved in Open Source
Chris Aniszczyk
 
PDF
Apache Mesos at Twitter (Texas LinuxFest 2014)
Chris Aniszczyk
 
PDF
Evolution of The Twitter Stack
Chris Aniszczyk
 
PDF
Effective Development With Eclipse Mylyn, Git, Gerrit and Hudson
Chris Aniszczyk
 
PPT
Effective Git with Eclipse
Chris Aniszczyk
 
ODP
Evolution of Version Control In Open Source
Chris Aniszczyk
 
ODP
ESE 2010: Using Git in Eclipse
Chris Aniszczyk
 
KEY
SWTBot Tutorial
Chris Aniszczyk
 
KEY
Helios in Action: Git at Eclipse
Chris Aniszczyk
 
KEY
Introduction to EclipseRT (JAX 2010)
Chris Aniszczyk
 
KEY
EclipseRT, Equinox and OSGi
Chris Aniszczyk
 
PPT
Understanding and Using Git at Eclipse
Chris Aniszczyk
 
PPT
OSGi Best and Worst Practices
Chris Aniszczyk
 
KEY
Crowdsourcing and Singlesourcing Documentation
Chris Aniszczyk
 
Bringing an open source project to the Linux Foundation
Chris Aniszczyk
 
Starting an Open Source Program Office (OSPO)
Chris Aniszczyk
 
Open Container Initiative Update
Chris Aniszczyk
 
Cloud Native Landscape (CNCF and OCI)
Chris Aniszczyk
 
Rise of Open Source Programs
Chris Aniszczyk
 
The Open Container Initiative (OCI) at 12 months
Chris Aniszczyk
 
Getting Students Involved in Open Source
Chris Aniszczyk
 
Apache Mesos at Twitter (Texas LinuxFest 2014)
Chris Aniszczyk
 
Evolution of The Twitter Stack
Chris Aniszczyk
 
Effective Development With Eclipse Mylyn, Git, Gerrit and Hudson
Chris Aniszczyk
 
Effective Git with Eclipse
Chris Aniszczyk
 
Evolution of Version Control In Open Source
Chris Aniszczyk
 
ESE 2010: Using Git in Eclipse
Chris Aniszczyk
 
SWTBot Tutorial
Chris Aniszczyk
 
Helios in Action: Git at Eclipse
Chris Aniszczyk
 
Introduction to EclipseRT (JAX 2010)
Chris Aniszczyk
 
EclipseRT, Equinox and OSGi
Chris Aniszczyk
 
Understanding and Using Git at Eclipse
Chris Aniszczyk
 
OSGi Best and Worst Practices
Chris Aniszczyk
 
Crowdsourcing and Singlesourcing Documentation
Chris Aniszczyk
 
Ad

Recently uploaded (20)

PDF
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
PPTX
Farrell_Programming Logic and Design slides_10e_ch02_PowerPoint.pptx
bashnahara11
 
PDF
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
PDF
RAT Builders - How to Catch Them All [DeepSec 2024]
malmoeb
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PDF
TrustArc Webinar - Navigating Data Privacy in LATAM: Laws, Trends, and Compli...
TrustArc
 
PPTX
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PPTX
Agile Chennai 18-19 July 2025 | Workshop - Enhancing Agile Collaboration with...
AgileNetwork
 
PPTX
Agentic AI in Healthcare Driving the Next Wave of Digital Transformation
danielle hunter
 
PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PPTX
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
PDF
Market Insight : ETH Dominance Returns
CIFDAQ
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PDF
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
PDF
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
PDF
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
Farrell_Programming Logic and Design slides_10e_ch02_PowerPoint.pptx
bashnahara11
 
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
RAT Builders - How to Catch Them All [DeepSec 2024]
malmoeb
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
TrustArc Webinar - Navigating Data Privacy in LATAM: Laws, Trends, and Compli...
TrustArc
 
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
Agile Chennai 18-19 July 2025 | Workshop - Enhancing Agile Collaboration with...
AgileNetwork
 
Agentic AI in Healthcare Driving the Next Wave of Digital Transformation
danielle hunter
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
Market Insight : ETH Dominance Returns
CIFDAQ
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 

Open Source Compliance at Twitter

  • 1. Open Source Compliance at Twitter Philosophy, Governance and Best Practices Chris Aniszczyk (@cra) Open Compliance Summit Asia 2012
  • 2. Agenda Introduction and Brief History Open Source at Twitter Philosophy and Culture War Stories and Lessons Learned Best Practices Conclusion Q&A
  • 3. What is Twitter? “Instantly connect people everywhere to what is most meaningful to them...”
  • 4. 2006: A simple idea...
  • 7. BTW, Japan holds TPS Record!
  • 8. BTW, Japan holds TPS Record! Miyazaki 25,088 TPS
  • 9. 2010+: Build a company!
  • 10. Now: Growth Continues... 140M+ Active Users 400M+ Tweets per Day 33+ Languages Supported 1300+ Employees Worldwide 50% Employees are Engineers 100+ Open Source Projects 1M+ LOC Open Source Code / Year
  • 11. Open Source at Twitter We run and depend on it
  • 12. Twitter Runs on Open Source
  • 13. Engineers ran the asylum...
  • 15. Open Source Office "The Open Source Office directs all open source efforts (compliance, data and standards) at Twitter and supports all initiatives related to our engineering outreach and contributions to the broader software community."
  • 16. Created Open Source Office in 2011
  • 17. Open Source Review Process Simple, Comfortable and Audit-able Tools built on “JIRA Workflows”
  • 18. Where? Default to GitHub Also see http://twitter.github.com
  • 19. Licensing Guidelines: Outbound We prefer liberal licenses for adoption Default to APLv2 in most cases Prefer MIT license in front-end JS Compatible with respective community Clojure? EPL, NodeJS? MIT
  • 20. Licensing Guidelines: Inbound OSI Certified Licenses Only List of Approved and Banned Licenses Motto: Trust but Verify Extra Scrutiny at Distribution Points Less Scrutiny Elsewhere... (NOTICE)
  • 21. Development Guidelines Documentation README, LICENSE, CHANGELOG, ROADMAP, NOTICE, CONTRIBUTING Example code Communication There should be a mailing list, twitter account or a discussion forum Frequent Releases and Versioning Releases should be frequent and follow semantic versioning guidelines (http://semver.org) Deployment Releases should be easily consumable (e.g., available on maven central or rubygems)
  • 22. Philosophy and Culture “Default to open, think about what to keep closed that defines your secret sauce...”
  • 25. Community Feedback More usage translates into more bug reports and feature improvements. This translates into more stable code and helps prevent costly issues appearing in production.
  • 26. Attract Talent Smart engineers like to hang out with other smart engineers. Quality code will attract other smart engineers to move your company missions forward.
  • 27. Better Hiring What better way to find candidates than the ones who contribute to your open source projects? Consider this the best technical interview you can give a potential candidate. Plus it’s fun to look at their code in advance to review!
  • 28. Retain Talent Great engineers like working in the open and showing off their work. Sure, this may make them attractive to other companies but these are the people you want anyway, trust me!
  • 29. Reduce Duplication When you open source code, there’s a chance that someone on the inside or outside will let you know it’s been done in some way already. Embrace the new knowledge.
  • 30. Modularization When open sourcing internal code (especially if it was part of a larger code base), you tend to break it apart into smaller reusable and more maintainable pieces.
  • 31. The Right Thing To Do These days, it’s very difficult to build anything without benefiting from open source code in some fashion. Find ways to pay it forward as a “rising tide lifts all boats” in the industry.
  • 32. War Stories Some stories and lessons learned from the open source office
  • 33. Story 1: Bootstrap The legacy of GPLv2 License: APLv2 github.com/twitter/bootstrap
  • 35. Lesson Learned? Liberal license helped spur adoption Drupal, Wordpess, Jooma: GPLv2 legacy We made a mistake not choosing MIT Now we’re migrating to MIT... it’s a PITA
  • 36. Lesson Learned? Be diligent about communities who may adopt your code even if using liberal open source licenses
  • 37. Story 2: Twemcache The fun of forking... License: BSD github.com/twitter/twemcache
  • 38. Lesson Learned? Avoid forking if possible. If not, reach out to existing communities before moving forward and making an announcement.
  • 39. Story 3: Clutch.IO M&A and open sourcing... License: APLv2 github.com/clutchio
  • 40. Lesson Learned? Open sourcing code from an acquisition could be a win, especially if you’re going to shut a service down or do nothing with it.
  • 42. Define Secret Sauce Don’t open source anything that represents a core business value. Define your secret sauce so there’s a shared understanding that can guide company decisions. Embed this secret sauce within your culture and company.
  • 43. Compliance in Eng When’s the last time you heard engineers have fun working with lawyers? Treat open compliance as an engineering problem and have it live in the engineering organization with a well trained staff. Educate everyone. Balance risk and speed.
  • 44. Facilitate Contributions Make it easy for engineers to contribute to outside projects with minimal bureaucracy. Setup simple guidelines and only be involved if legal issues come up (e.g., CLA)
  • 45. Transparency Make decisions around open sourcing code as transparent and accessible as possible. Awareness is great, you can also catch mistakes and duplication.
  • 46. Blessed Repositories Have central repositories (e.g., Maven or RubyGems) for approved open source libraries. On top of making life better for engineers, this makes it easier to scan for compliance.
  • 47. Collaborate Join organizations such as FOSSology, Open Invention Network (OIN) or SPDX. Work together with companies and individuals to tackle the problem of compliance.
  • 48. Measure Everything Establish metrics and measure yourself against them. Otherwise, how can you know what’s going on and how can you improve?
  • 49. Conclusion Twitter ♥ Open Source Open compliance is important. Establish a efficient open compliance process that balances speed, risk and efficiency. Use or build tools to help make it easy and transparent.

Editor's Notes