About
SK Telecom’s Open Source Governance and Activities
SK Telecom’s Open Source Governance
SK Telecom has established a world-class open source management system. To maximize the technical benefits of open source while effectively managing risks related to licenses, security, and intellectual property, SK Telecom operates a systematic governance structure with two pillars: OSRB (decision-making organization) and OSPO (operations organization).
This governance approach transcends mere regulatory compliance and instead pursues a balanced approach where developers can freely utilize open source while the company manages its risks effectively. Through clear policies, transparent processes, and professional support, SK Telecom fosters a symbiotic relationship between corporate development culture and the global open source community.
OSRB (Open Source Review Board)
OSRB (Open Source Review Board) is the highest decision-making body in SK Telecom’s open source governance. Comprising leaders from the technology, legal, infrastructure, and security divisions, OSRB establishes corporate open source policies and makes critical risk-related decisions.
OSRB convenes monthly to review monthly open source compliance status and holds quarterly strategic meetings to discuss mid-to-long-term open source policy directions. When necessary, emergency meetings are called to promptly address security issues, legal disputes, and policy violations.
Learn more about OSRB →
OSPO (Open Source Program Office)
OSPO (Open Source Program Office) is the dedicated organization responsible for executing SK Telecom’s open source policies and supporting developers. While OSRB handles decision-making, OSPO operationalizes those policies, collaborates with development teams, and provides necessary guidance and support.
OSPO serves as a bridge between developers and the legal team, swiftly resolving various open source-related issues that arise during development. Additionally, OSPO establishes and executes corporate open source strategies while building and maintaining relationships with the global open source community.
Learn more about OSPO →
Characteristics of SK Telecom’s Open Source Governance
Transparency and Consistency
SK Telecom’s open source governance is founded on transparent policies and consistent processes. Every open source adoption, contribution, and release decision follows clear criteria and processes, with all decisions and their rationales documented. This ensures developers understand what is and isn’t possible and why.
Developer-Centric Support
The ultimate goal of governance is to support developers. OSPO provides guidance enabling developers to freely leverage open source, conducts prior reviews to prevent legal issues, and offers necessary training and consultation. Through this support, developers can maximize open source value while managing company risks.
International Standards Compliance
SK Telecom’s governance is built on the OpenChain international standard. This means following international best practices in open source compliance, officially certified through ISO/IEC 5230 certification. This standards compliance enhances internal trust and facilitates cooperation with global business partners.
Continuous Improvement
SK Telecom operates its open source governance not as a static system but as a continuously improving process. Policies are refined, processes streamlined, and automation tools developed based on developer feedback, community evolution, and technological advances. Through this approach, SK Telecom’s open source management capability continuously improves.
ISO/IEC 5230 (OpenChain) Certification Achievement
SK Telecom obtained ISO/IEC 5230, the OpenChain international standard by Linux Foundation, in 2021. This certification signifies:
- Establishment of clear open source policies
- Definition of systematic review and approval processes
- Continuous developer training and capability enhancement
- Transparent documentation and tracking of all decisions and activities
Through this systematic governance, SK Telecom strengthens internal confidence, enhances collaboration with the global community, and effectively manages legal risks.
Open Source Inquiries
All open source-related inquiries regarding SK Telecom’s products and services can be directed to OSPO:
Email: opensource@sktelecom.com
Depending on your inquiry:
- Open Source Adoption: External open source license review, security assessment, compliance verification
- Open Source Contribution: CLA/DCO review, legal risk assessment, contribution approval
- Open Source Release: Project evaluation, license selection, release preparation support
- Policy Consultation: Open source policy, guidance, and process-related consultation
- Technical Support: Automation tool usage, compliance management, and other technical support
OSPO responds within 2-3 business days.
Collaboration via GitHub
All of SK Telecom’s open source projects are managed through our GitHub Organization:
GitHub Organization: https://github.com/sktelecom
You can collaborate with us through GitHub in the following ways:
- Issues: Report bugs, request features, ask questions
- Discussions: Community discussions and idea sharing
- Pull Requests: Contribute code and suggest improvements
- Releases: Check latest versions and download
Related Pages
Governance Details
Developer Guides
External Standards and Communities
SK Telecom’s Open Source Vision
SK Telecom recognizes open source not merely as a development tool, but as a core value for corporate innovation and social contribution. We provide an environment where developers can freely participate and contribute to the global open source community, while simultaneously operating a balanced governance that effectively manages corporate risks.
Through this approach, SK Telecom accelerates technological innovation, strengthens collaboration with the global community, and ultimately pursues societal advancement through open source and sustainable corporate growth.
1 - OSPO
SK Telecom Open Source Program Office
What is OSPO?
OSPO (Open Source Program Office) is the dedicated organization responsible for managing open source within a company. Various departments including technology, legal, and infrastructure collaborate to establish open source policies, execute them, and manage community relationships.
SK Telecom’s OSPO serves as a bridge connecting developers and the legal team while pursuing two core missions. First, it supports developers in maximizing the benefits of open source. Second, it effectively manages legal risks related to licenses and security stemming from open source usage. Through this approach, SK Telecom ensures that open source adoption becomes a strategic and responsible decision rather than merely a technical choice.
Key Roles of SK Telecom’s OSPO
1. Strategic Planning
OSPO’s first responsibility is establishing corporate open source strategy. This goes beyond simply creating policies—it involves strategically managing the company’s entire open source utilization and continuously improving it. OSPO establishes and regularly refines the company’s open source policies, analyzes development teams’ open source usage patterns, and creates future plans. Additionally, OSPO provides mid-to-long-term open source roadmaps, enabling the organization to systematically leverage open source.
2. Education and Guidance
OSPO’s second responsibility is providing open source education and guidance to developers and the broader organization. For developers to properly use and contribute to open source, they must understand licenses, compliance, security, and related topics. OSPO delivers regular open source training for developers, establishes clear policies and guidance on usage, contribution, and release, and ensures all developers consistently manage open source. Additionally, OSPO provides compliance checklists and templates to simplify the review process.
OSPO’s third responsibility is managing relationships with the open source community. This encompasses bidirectional activities. On one hand, OSPO encourages and supports developers’ contributions to external open source projects, enabling the company to contribute to the global open source community. On the other hand, OSPO publicly releases technologies developed internally as open source to give back to the community, manages those projects, and activates collaboration with external contributors.
4. Policy Execution
OSPO’s fourth responsibility is implementing and managing established policies. OSPO systematically reviews license compliance when development teams use open source, and evaluates security vulnerabilities and intellectual property issues. Additionally, OSPO develops and operates automation tools like ONOT to streamline repetitive compliance tasks and enhance efficiency.
SK Telecom’s Open Source Decision-Making Structure
SK Telecom’s open source governance comprises a collaborative structure between OSPO (operations) and OSRB (decision-making). OSPO receives open source adoption, contribution, and release requests from development teams, conducts initial reviews, and presents them to OSRB (Open Source Review Board).
OSRB is the decision-making organization comprising leaders from technology, legal, infrastructure, and security divisions. Based on OSPO’s review results, OSRB conducts final deliberation from license, security, and intellectual property perspectives, then makes approval or rejection decisions. This two-stage review structure ensures both OSPO’s efficient operations and OSRB’s careful decision-making.
Learn more about OSRB →
Guidance and Support Provided by OSPO
Using Open Source
When the company decides to adopt external open source, OSPO provides systematic usage guidance. The first step is license identification and review—accurately identifying the open source license and verifying alignment with corporate policy. The second step is license compatibility validation—confirming there are no compatibility issues with other licenses currently in use.
The third step is security vulnerability checking—determining whether the open source has known security vulnerabilities and, if so, whether they’ve been resolved or mitigation strategies exist. Finally, approval and documentation records the entire review process and obtains final approval, preparing for future audits or legal disputes.
View Open Source Usage Guide →
Contributing to Open Source
When developers wish to contribute to external open source projects, OSPO supports the contribution process. The first step is target project review—pre-evaluating the project’s license, community activity status, legal risks, and other factors. The second step is CLA/DCO review and signing—reviewing Contributor License Agreements or Developer Certificates of Origin that many open source projects require.
The third step is code contribution and collaboration—ensuring the developer’s code contribution complies with the project’s license and policies. Finally, license specification and documentation clarifies the contributed code’s license and verifies that the company’s intellectual property is protected.
View Open Source Contribution Guide →
Releasing Open Source
When the company decides to release internally developed technology as open source, OSPO supports the release process step-by-step. The first step is project review and pre-approval—confirming that the code to be released doesn’t contain the company’s core intellectual property and poses no security risks. The second step is license selection—SK Telecom typically selects the Apache 2.0 license to maintain a corporate-friendly yet open licensing policy.
The third step is code cleanup and documentation—removing unnecessary internal information before release and creating sufficient documentation so external developers can easily understand and use the project. Finally, public release and community management officially launches the project on GitHub, activates interaction with external contributors, and fosters a healthy open source community long-term.
View Open Source Release Guide →
All inquiries regarding SK Telecom OSPO and open source management can be sent to opensource@sktelecom.com. Support is available for various topics including open source usage, contribution, and release consultation, policy inquiries, and technical support.
Online Channels
SK Telecom’s open source projects can be found on GitHub at https://github.com/sktelecom. Through each project’s Issues section, you can provide feedback including bug reports, feature requests, and general questions. SK Telecom’s development team monitors and responds to these inquiries.
View detailed contact information →
2 - OSRB
SK Telecom Open Source Review Board
What is OSRB?
OSRB (Open Source Review Board) is a decision-making body comprising leaders from relevant departments such as technology, legal, infrastructure, security, and intellectual property to manage open source within the enterprise.
While OSPO (Open Source Program Office) handles open source operations and provides guidance, OSRB is the governance organization responsible for major policy decisions and risk management. OSRB establishes clear open source policies and, when new open source is adopted or released, systematically reviews potential risks related to licenses, security, and intellectual property before making decisions.
Core Roles of OSRB
1. Policy Establishment and Process Definition
OSRB’s first responsibility is establishing clear open source management policies and processes for the enterprise. This includes establishing basic policies for usage, contribution, and release; defining license policies and compatibility guidelines; and establishing security and intellectual property policies. Additionally, OSRB defines open source review and approval processes, security vulnerability response processes, and license compliance processes.
Furthermore, OSRB clearly defines the roles of OSPO, development teams, legal teams, security teams, and other organizations, and establishes R&R (Roles & Responsibilities) that distribute decision-making authority and responsibilities. Through this, OSRB creates a foundation for consistent open source management across the entire organization.
2. Risk Review and Approval
OSRB’s second responsibility is reviewing open source-related risks from multiple angles and granting final approval. In license review, OSRB examines the license type when new open source is adopted, determines compatibility with other licenses the enterprise uses, and evaluates license risk levels.
In security review, OSRB pre-examines open source components for security vulnerabilities, establishes response measures for discovered vulnerabilities, and determines compliance with security standards.
In intellectual property (IPR) review, OSRB deliberates on patent, trademark, and copyright issues; reviews measures to protect the enterprise’s intellectual property; and assesses legal risks. Through these three types of review, OSRB makes decisions that minimize enterprise risks.
3. Issue Management and Response
OSRB’s third responsibility is managing issues arising during open source management and responding to them promptly. When open source management issues occur within the enterprise, OSRB analyzes the problems, discusses solutions, and establishes rapid response measures.
When license-related disputes or other legal issues arise, OSRB collaborates with the legal team to handle disputes, receives legal counsel, and establishes appropriate response measures. When necessary, OSRB coordinates consultation with external experts.
For critical issues, OSRB reports key information to executives, solicits executive feedback on risk mitigation measures, and finalizes enterprise-wide response plans.
SK Telecom’s OSRB Composition
Organizational Structure and Roles
SK Telecom’s OSRB is chaired by the IPR Team (Intellectual Property Rights) and operated with participation from Infrastructure Architecture Teams, Capability Innovation Teams, IT Security Teams, and other divisions.
The IPR Team serves as OSRB chair while reviewing open source licenses, protecting the enterprise’s intellectual property, and verifying legal compliance. The Infrastructure Architecture Team evaluates open source related to cloud infrastructure and development environments and reviews deployment and operations risks.
The Capability Innovation Team is responsible for open source training and developer capability development, supports open source culture, and checks policy consistency. The IT Security Team reviews security vulnerabilities in open source components, verifies compliance with security standards, and checks information security policy adherence.
Through this multi-organizational collaboration, SK Telecom maintains a system for reviewing and managing open source from all perspectives including technology, legal, infrastructure, and security.
Regular Meetings and Decision-Making
OSRB holds monthly meetings to report on monthly open source review status, discuss major issues and risks, and review policy and process improvement measures.
In regular meetings, OSRB discusses long-term open source strategy, evaluates community relationships and contribution levels, and checks enterprise-wide compliance status.
When necessary, emergency meetings are convened to promptly deliberate on security issues, legal disputes, and policy violations.
All inquiries regarding SK Telecom’s OSRB and open source management can be directed to opensource@sktelecom.com. We respond within 2-3 business days.
For more detailed information, please refer to the following links:
3 - Contact
SK Telecom OSPO Contact and Inquiry
All open source-related inquiries and requests regarding SK Telecom’s products and services can be directed to OSPO (Open Source Program Office). OSPO is the dedicated organization responsible for enterprise open source management, responding to inquiries on various topics including license review, security assessment, policy consultation, and technical support.
SK Telecom OSPO Email Address: opensource@sktelecom.com
You can inquire about various topics via email:
- Open Source Adoption: You can request license review, security assessment, and compliance verification when planning to adopt external open source in your products.
- Open Source Contribution: You can request CLA/DCO review, legal risk assessment, and contribution approval when contributing to external open source projects.
- Open Source Release: You can consult on project evaluation, license selection, and release preparation when planning to publicly release technology developed at SK Telecom as open source.
- Policy and Guidance: You can consult on open source policies, usage/contribution/release guidance, license understanding, and compliance processes.
- Technical Support: You can consult on technical issues such as open source management tool usage, automation methods, and security vulnerability response.
Response Time: We respond within 2-3 business days.
Online Channels
GitHub
All of SK Telecom’s open source projects are managed through our GitHub Organization.
GitHub Organization: https://github.com/sktelecom
You can engage in the following activities in each project’s repository:
- Issues: Report bugs, request features, ask questions, and make suggestions. SK Telecom’s development team regularly monitors and responds.
- Discussions: Engage in general discussions, share ideas, and participate in community conversations.
- Pull Requests: Contribute code, fix bugs, and suggest improvements to directly participate in projects.
Security Issue Reporting
If you discover a security vulnerability in an open source project, we recommend not reporting it as a public issue. Instead, please email the security contact specified in the project’s README or SECURITY.md file directly. This prevents vulnerabilities from being exploited before patches are distributed to other users.
When reporting security issues, please include:
- Detailed description of the vulnerability
- Reproduction method (PoC, Proof of Concept)
- Impact assessment
- Proposed solution (if available)
Before You Inquire
FAQ and Guidance Documents
Reviewing the following documents first can help you find answers to most common questions:
Common Questions
Q: Can we use a specific open source?
Q: We want to publicly release code our team developed as open source.
Q: We want to contribute code to an external open source project.
Q: What is a license?
Q: What open source projects has SK Telecom released?
Internal Governance Organizations
SK Telecom’s open source governance is operated through collaboration between OSPO and OSRB:
For more detailed governance information, please refer to the About page.