Let's focus on "what", which I at least find the most difficult. Many questions arise: How can we pick code that our present organisation has spent time and money on and just give it out? What is actually interesting for others to see or use?
2 min read
By Eivind Bergstøl
December 9, 2019
Where I now work as a consultant, Digipost, we try to find OSS opportunities and we want to open source as much as possible. Digipost is what it says on the tin: Digital mail. And organisations that send messages in Digipost can also send HTML documents. But accepting HTML documents and storing them for the rest of the receivers life in a secure fashion is not easy. There are all kinds of security issues. Because of that, Digipost is very strict with regards to structure and content of HTML files.
We use, of course, OSS to deal with this. More specifically owasp-java-html-sanitizer. This is a sanitizer that accept a PolicyFactory instance. This instance has all the rules that you specify to the sanitizer. These rules are quite verbose. And communicating these rules to a developer or designer that has no insight into all the quirks is very difficult.
So we decided to open source it. And here it is: digipost-html-validator
Now everyone can see our validation and sanitation policies!
There are several good aspects of this kind of sharing:
You don't need to open source your whole code base. Just find a piece of code that has a clear purpose and does not contain your precious business logic or secrets. And do it.