Corporate open source maturity may be better evaluated by considering the actions of individuals and small groups statistically rather than evaluating the stated corporate strategy
It’s easy to forget that corporations (and indeed large non-profits) are not a person, but are rather a vehicle for the collective expression of the vision of many individuals, as well as the outworking of the processes and systems they devise to embody their vision. Things happen not because a faceless corporation somehow chooses to act in a certain way from a point in time, but because of the persuasive decisions of actual people, acting within their belief systems and directing the work of others.
Every good – and bad – decision ultimately goes back to an individual somewhere, and corporate effects are in many ways emergent. So fitting a maturity model to a corporation may not be the best way to predict its future outcomes. That is a trailing indicator driven by the behaviours of the individuals within the company.
Given it’s belief and motivation systems in play, perhaps research on the psychology of human belief systems (which works beyond just the religious since capitalism, for example, is also a belief system) can inform us, particularly James Fowler in his book Stages of Faith from 1981. They imply there is an underlying progression at work, arising inherently from how people function and interact. Fowler suggests each person has reached one of a series of characteristic states in the progression of the belief system in each major area of their life — religion, family, employment, romance and so on. The stage they have reached will predict how they act collectively, how far they will go individually in spite of the people around them, how much they will nurture others, in that domain of their self-hood.
They will likely operate at different levels of maturity in different areas of their life. This is not a bad thing, and one of the risks of using a “maturity model” even for the individuals is the temptation to treat the later stages as “better”. When we do this, instead of valuing and supporting people in the earlier stages, we treat them as “in need of growth”. Ironically, that’s the worst way to encourage it.
Reach and Spread
The work Fowler did in 1981 suggests to me that real engagement of companies with the belief systems comprising their business will be diverse, and that’s actually a good thing. In any collective group, there will be a maturity reach and spread. The “reach” is the furthest stage the most pioneering individual of any influence has been able to take a team. The “spread” will be the range of stages the collective grouping is willing to tolerate existing within itself (there may – will – be isolated earlier and later stages too).
That’s why I expect large corporations to be inconsistent in their approach to open source and for the approach to converge only over an extended period. I get very suspicious of attempts to make open source engagement appear immediately uniform across such a wide spread of activities in a company. Without reach there would be no change; without spread, change would be quickly snuffed out. Every organisation shows this characteristic. Even at Sun, when the software development groups were deeply engaged at an advanced stage of maturity with a direct mandate from the CEO, I still found myself sometimes with staff who were at earlier stages.
This is as one would expect from Fowler’s work, since every individual will reflect a different stage of the evolution of their belief system. So for the collective effect, it is probably smarter to consider a reach and spread of the maturities in the corporation as evidenced by observable behaviours than to trust corporate PR or the creation of an OSPO. It is then clear that changing the “behaviour of a corporation” is a matter of its leadership driving statistical change, and that individual incidents are data to feed a reach-and-spread insight into a stochastic outcome. Whatever else it does, an OSPO needs to cultivate an internal community and not just police compliance and messaging.