Managing open source software (OSS) is not an easy task.  Everyone wants to take advantage of what OSS has to offer, but it may feel like you are standing in the way of a hurricane when you try to manage it.  The fact that OSS is easily accessible doesn’t help.  A developer can do a quick Internet search, download a piece of OSS, give it a quick try, and if it works, move on to their next task.  Sometimes they let others know (especially if it was a really cool piece of software), but other times it happens silently.  A solid management practice surrounding OSS introduction helps take OSS introduction from a covert activity to a visible event.  This is essential for responsible OSS management in your products.

Creating the right OSS management practice for your organization can be time consuming.  When I talk about creating such a practice, I like to think about the process in 8 steps:

1. Select the introduction model that is right for your organization.  I list the different introduction models in another article that you can find here.

2. Assemble and empower the OSS governance team.  The governance team turns your OSS policy into an actionable process and helps your company make solid OSS decisions.

3. Define the methodology and process.  Once you have a governance team defined, they create the initial OSS introduction methodology to support the OSS policy.  This involves reviewing the software development process and inserting the right controls and procedures.  This enables developers to make better decisions on what makes a good OSS candidate.  It also establishes the foundation for capturing critical characteristics about OSS, so you can rapidly respond to security vulnerabilities and legal challenges.

4. Assemble and empower the operating team.  The governance team cannot do it alone.  They need an operating arm to manage the tools and reporting efforts.  Development teams also need help to work through the process and choose OSS wisely.

5. Select the necessary tools to support the process.  Initially, manual activities can stand in for tools, but manual processes will quickly be overwhelmed and result in more effort rather than less.  Tools help you automate many of the OSS discovery and reporting processes.  Tools also may give you a solid foundation to support your workflow for OSS license review and software tracking.

6. Build your initial OSS inventory.  Here is where you begin to assess your current level of risk from using OSS and recognize where it exists in your organization.  What OSS is being used in your products?  What OSS licenses are involved?  Do any of the software components have security vulnerabilities?  What decisions should you make and what actions should you take?

7. Build your education program.  Education is one of the most underappreciated activities in rolling out any new process.  Your employee’s want everything to be intuitive and easy, but that’s not reality.  The education surrounding OSS also needs to go beyond your development community – your executives likely need some education.  That includes the CEO, COO, and even your Sales and Marketing executive.  OSS can touch many different areas of your company, so give everyone the right education.

8. Implement the process with executive support.  Naturally you need deploy the process and manage it into the future.

These are the eight basic steps.  I describe them in greater detail in my book, Open Source Software: Implementing a Successful OSS Management Practice.  This book steps you through the process to create a responsible introduction method and offers a number of suggestions on ways to reduce your overall operational cost using OSS.  Check it out on Amazon.

For hands-on assistance, SilverStream Consulting offers several services to help you create your OSS introduction practice and manage your products.  Check them out here.

—Jeff Brown, SilverStream Consulting