Dec 10

Gartner released an interesting survey last month.  Surveying 300 enterprises, they found that 85% use open source within their organization today and the remaining 15% expect to use open source within the next 12 months.  That’s the good news.

The bad news?  69% of those same enterprises had no formal open source policy. This opens up huge liabilities.

As the author, Laurie Wurster, say, “Just because something is free, doesn’t mean it has no cost.”  “Companies must have a policy for procuring OSS, deciding which applications will be supported by OSS, and identifying the intellectual property risk or supportability risk associated with using OSS. Once a policy is in place, then there must be a governance process to enforce it.”

So there it is.  Actually, here it is, a link to the press release about the study from Gartner.

Open source is undeniably here to stay, within the most conservative enterprises.  But, all enterprises should adopt policies, about what open source is acceptable and what open source is not.

From Source Auditor’s viewpoint, the policies should outline the following at a minimum:

  • The licenses which contain obligations which the enterprise finds acceptable to fulfill
  • The license which contain obligations the enterprise does not find acceptable
  • The process for reviewing new candidate open source packages the enterprise wishes to adopt, both directly, or embedded inside commercial products
  • The process to review existing software products already in use in the enterprise (to decide if that software contains open source and if that open source contains licenses which are acceptable or not)

This, of course implies, the enterprise not only adopts and enforces a policy, but the enterprise creates a review board that can review new and existing software.  All existing and new software should be audited, an an inventory created of all embedded open source.

If all of this seems like a lot of effort for something that is “free”, that’s where we refer back to Gartner’s comment.  Open Source may be royalty free, but it certainly has costs.  The costs are no different, then the costs of insuring that any commercial royalty bearing software that you use, is in compliance with the license that came with it.  As recent court cases have shown, the license obligations in open source are legally enforceable, and violating them is the same as copyright infringement.


leave a reply