(Proposed) Principles of Open Source for NRENs 

Add a preamble?

NRENs / RENs hereafter are to be referred to as ‘We’: 

  1. We believe that digital sovereignty cannot be achieved without a robust open-source infrastructure. 
  2. We will actively contribute to open source developer communities with code and financing especially where code is used by NRENs and their communities.
  3. We will foster co-creation in NREN communities to help build public services across organisational silos and boundaries, including support for capacity to create our own code.
  4. We will support open source projects with sustainable business plans outside of project funding.
  5. We will support sustainable infrastructure for services built on open source software
  6. We will support and promote open source alternatives to proprietary services. 
  7. We will position procurement activities to be welcoming to open source initiatives. 
  8. We will provide mechanisms to support the legal, licensing and IPR issues faced by open source projects.
  9. We will make sure the code we use and the code we share is free from vulnerabilities by applying continuous security testing.
  10. We support these actions around open source as part of a mixed ecosystem, selecting and working with both open and closed environments to best meet the needs of the NREN community. 


  • No labels

1 Comment

  1. Well done Nicole Harris !

    Some small suggestions. Under 2 is mentioned "contribute" and "finance" but I like to stress that regular maintenance is important for sustainability of a project. Also important to get security issues fixed when reported/detected.

    Item 7 is a bit vague to me, not clear what this would deliver

    Item 9 "continuous security testing" sounds  sexy but if you don't have people involved that review the output it won't help. In practice I would advice to have regular security audits done on open-source code, they are much more profound

    Item 9: publishing a SBOM (https://en.wikipedia.org/wiki/Software_supply_chain) helps making transparant which liberaries are used, it also shows version numbers so people can easily verify if outdated an insecure components are used.