When it comes to using open source software (OSS), licenses matter. Using OSS licensed under a non-business friendly license could compel you to release more of your source code to your competitors than you expected. There is, however, an underlying question you may ask. How did the OSS get there in the first place? Striking the right balance between giving a developer “freedom to choose” and “company dictated components” is essential for effective OSS use.
There is no doubt that OSS, when used responsibly, can accelerate your product creation and drive cost out of your products. This helps you compete. But how much freedom do you give your developers to introduce OSS without supervision? I use three models to describe the level of maturity you have regarding OSS introduction practices.
You can introduce OSS into your company by using one of several models. Let me briefly describe each.
Uncontrolled Introduction Model: This model permits anyone within your company to download OSS, decide which OSS to use, where to use it, and implement it without oversight.
Covert Introduction Model: Using this model, you have a structured approach for using OSS in some areas of your company. However, no governance, selection, or maintenance process exists to set the rules around using OSS. You know OSS is somewhere, but you do not know where and have little knowledge of how the OSS is maintained.
Managed OSS Introduction Model: This model describes a structured approach to introducing, tracking, managing, and governing the use of OSS within your company. You have a well-known policy supported by a well-established process for identifying, authorizing, tracking, and managing the use of OSS.
The risk of intellectual property loss decreases as you move from the uncontrolled model to the managed model. Yet, as you can imagine, the level of effort to select and manage OSS may increase if too many controls are put in place. The question to ask is, “What’s the right level of OSS management for my company?” The answer is different for each company and the introduction process varies based on your specific needs. Yet, the critical factor is that you have an introduction and management process that controls risk to the level your business leaders’ desire.
Creating an OSS introduction and management process is not an easy activity. It takes effort to create the right process that doesn’t slow down your development or incur additional legal expense. But you can do it! In my book, Open Source Software: Implementing a Successful OSS Management Practice, I guide you through the process to create a responsible introduction process, establish responsible management practices, and offer a number of suggestions to reduce your overall operational cost using OSS. Check it out on Amazon.
For hands-on assistance, SilverStream Consulting offers several services to help you create your OSS introduction and management practice and manage your products. Follow this link to find out more.
—Jeff Brown, SilverStream Consulting