OSRB
What is OSRB?
OSRB (Open Source Review Board) is a decision-making body comprising leaders from relevant departments such as technology, legal, infrastructure, security, and intellectual property to manage open source within the enterprise.
While OSPO (Open Source Program Office) handles open source operations and provides guidance, OSRB is the governance organization responsible for major policy decisions and risk management. OSRB establishes clear open source policies and, when new open source is adopted or released, systematically reviews potential risks related to licenses, security, and intellectual property before making decisions.
Core Roles of OSRB
1. Policy Establishment and Process Definition
OSRB’s first responsibility is establishing clear open source management policies and processes for the enterprise. This includes establishing basic policies for usage, contribution, and release; defining license policies and compatibility guidelines; and establishing security and intellectual property policies. Additionally, OSRB defines open source review and approval processes, security vulnerability response processes, and license compliance processes.
Furthermore, OSRB clearly defines the roles of OSPO, development teams, legal teams, security teams, and other organizations, and establishes R&R (Roles & Responsibilities) that distribute decision-making authority and responsibilities. Through this, OSRB creates a foundation for consistent open source management across the entire organization.
2. Risk Review and Approval
OSRB’s second responsibility is reviewing open source-related risks from multiple angles and granting final approval. In license review, OSRB examines the license type when new open source is adopted, determines compatibility with other licenses the enterprise uses, and evaluates license risk levels.
In security review, OSRB pre-examines open source components for security vulnerabilities, establishes response measures for discovered vulnerabilities, and determines compliance with security standards.
In intellectual property (IPR) review, OSRB deliberates on patent, trademark, and copyright issues; reviews measures to protect the enterprise’s intellectual property; and assesses legal risks. Through these three types of review, OSRB makes decisions that minimize enterprise risks.
3. Issue Management and Response
OSRB’s third responsibility is managing issues arising during open source management and responding to them promptly. When open source management issues occur within the enterprise, OSRB analyzes the problems, discusses solutions, and establishes rapid response measures.
When license-related disputes or other legal issues arise, OSRB collaborates with the legal team to handle disputes, receives legal counsel, and establishes appropriate response measures. When necessary, OSRB coordinates consultation with external experts.
For critical issues, OSRB reports key information to executives, solicits executive feedback on risk mitigation measures, and finalizes enterprise-wide response plans.
SK Telecom’s OSRB Composition
Organizational Structure and Roles
SK Telecom’s OSRB is chaired by the IPR Team (Intellectual Property Rights) and operated with participation from Infrastructure Architecture Teams, Capability Innovation Teams, IT Security Teams, and other divisions.
The IPR Team serves as OSRB chair while reviewing open source licenses, protecting the enterprise’s intellectual property, and verifying legal compliance. The Infrastructure Architecture Team evaluates open source related to cloud infrastructure and development environments and reviews deployment and operations risks.
The Capability Innovation Team is responsible for open source training and developer capability development, supports open source culture, and checks policy consistency. The IT Security Team reviews security vulnerabilities in open source components, verifies compliance with security standards, and checks information security policy adherence.
Through this multi-organizational collaboration, SK Telecom maintains a system for reviewing and managing open source from all perspectives including technology, legal, infrastructure, and security.
Regular Meetings and Decision-Making
OSRB holds monthly meetings to report on monthly open source review status, discuss major issues and risks, and review policy and process improvement measures.
In regular meetings, OSRB discusses long-term open source strategy, evaluates community relationships and contribution levels, and checks enterprise-wide compliance status.
When necessary, emergency meetings are convened to promptly deliberate on security issues, legal disputes, and policy violations.
Contact and Communication
All inquiries regarding SK Telecom’s OSRB and open source management can be directed to opensource@sktelecom.com. We respond within 2-3 business days.
For more detailed information, please refer to the following links:
- OSPO (Open Source Program Office) - Responsible for open source operations and guidance
- Contact - Additional contact information
- Compliance - Open source license notices and compliance information
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.