That’s a bold statement – “I don’t have OSS in my product!”  The reality is that you probably do and just don’t realize it.  A study conducted by Black Duck concluded that 33% of commercial software is composed of more than 50% OSS and the average number of OSS components found in commercial software is more than 100 components!  Open source software (OSS) has been around since the early 1990’s.  It takes the form of both software code and compiled libraries.  This means that code snippets can be licensed under an OSS license.  While you may be running COBOL and Assembler on the mainframe, you are not immune.  Yes, while the majority of OSS is available for more modern languages, there are still enough of us who have maintained COBOL and Assembler systems to know that OSS exists, even for these platforms.  Want proof?  Do a quick Internet search for “open source cobol xml parser” and you’ll see more than you might expect.  In fact, for the mainframe to interact with some of the open systems platforms, it has had to adapt.  IBM wrote some of the components from scratch, but did they write them all?

But let’s say that you are not running COBOL – rather you have built a system on Java or Microsoft .NET (or pick any other language).  How many developers have you had working on your product?  Were they ever under tight timelines?  Does the following scenario sound remotely familiar?

1. A developer, under a tight timeline, comes across some code.

2. It looks like it will do the job, so they copy it and insert it into your product.

3. After a little testing, it looks good; the timeline is met – the developer is a hero.

4. The developer moves on to the next project and forgets about the code snippet.

Are you still confident that you have no OSS in your product?  Did you realize that even code snippets found in forums and on wikis are covered by a license?  How do you find these?

The answer is to have a formal OSS introduction process using tools that can automate the OSS scanning activity, which searches for OSS in source code and binary files.  The software introduction process makes the activity of selecting software a transparent event and involves others.  This helps you select the right software and add it to your inventory.  The scanning tools keep everyone honest and the process as transparent as possible.

SilverStream Consulting is one such company that can help you take your first steps in managing OSS or help you mature your existing OSS management practice.

—Jeff Brown, SilverStream Consulting