Ten Elements of Open Source Governance

Ten Key Elements of Open Source Governance in the Enterprise Webinar on June 17, 2009 Presented by Greg Olson, Senior Partner at Olliance Group and Kim Weins, Senior Vice President of Marketing at OpenLogic

Ten Elements of Enterprise OSS Governance
Open source strategy
Open source policy
Executive sponsorship
Buy-in from stakeholders
Funding
Take inventory
Provisioning
Requests and approvals
Auditing
Reporting

Poll Question #1
One a scale of 1-5, how open is your
company towards the use of open source
software (check one)?
1 - No usage of open source allowed - 0%
2 - Open source used only if no other solution exists - 29%
3 - Open source allowed when it is superior to other solutions - 12%
4 - Open source and proprietary solutions have equal footing - 41%
5 - Use of open source preferred when available - 18%
June 17, 2009 Webinar. Poll of 33 attendees, more than half of them from Fortune 500 Companies

Compelling benefits
Faster path to deployed implementations
Lower development and maintenance costs
But… adds complexity to software projects
Many more sources, licenses, compatibility issues
Self-service updating
The Open Source Revolution 90% Custom Development Commercial Software Package Commercial Software Package 90% Integration OSS OSS Com- mercial OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS Negotiated Procurement Download OSS Com- mercial

Open Source Strategy
Defines why the organization uses OSS and what it hopes to achieve
Expressed primarily in high-level business terms (not technical or legal)
Key values of developing one:
Develop management consensus on goals and objectives
Line of business management
Software development
Legal
A clear basis for developing the (more detailed) policy
A clear statement of rationale to guide future staff in future decisions

Open Source Policy
Specifies the rules for how the organization uses OSS
Typical elements
Legal Policy
What licenses are acceptable for what classes of application?
Acquisition Policy
What are criteria for OSS introduction? How documented?
Who approves and how managed?
Usage Policy
Where may what kind of OSS be used in what classes of applications?
Where may OSS be modified?
Support Policy
What are support requirements for what classes of applications?
Management Policy
How will OSS be tracked and managed?
Partner Policy
How to insure 3 rd party suppliers to adhere to the policy, too?
Contribution and Publishing Policy
What contributions will be published?
How may employees participate in communities?
How will this be managed?

Executive Sponsorship
Provides the support necessary to get through major challenges
Controversy
Trade-offs between benefit and risk
Changes to long-established procurement policies
Changes to long-established development processes
Strongly held beliefs
Budgetary issues
Some additional systems and/or services will be needed
Benefits are typically harder to measure than the costs
Driving the effort
Change that crosses several management disciplines tends to bog down
An executive driver is key to completing this evolution

Buy-In From Stakeholders
Ensures that those involved in the use open source will adhere to the processes
A policy not consistently followed is worse than no policy – a placebo hiding real risk to the business
Best ways to ensure buy-in
Executive leadership, especially in software development
Make sure all stakeholders understand the OSS Strategy
Involve the stakeholders in the policy and process development phases
Make sure the process yields quick approvals for mainstream activities
Involve the stakeholders in periodic reviews of Policy and Process

Poll Question #2
What techniques do you use to track open
source usage in your company (check all
that apply)?
1 - No formal inventory at all - 19%
2 - Self-reporting per project - 33%
3 - Self-reporting on a global scale - 8%
4 - Manual audits of self-reported inventories - 22%
5 - Automated code scanning tools - 17%
June 17, 2009 Webinar. Poll of 33 attendees, more than half of them from Fortune 500 Companies

Funding
Provides resources for any necessary consulting, software, or hardware solutions
The software may be free, but managing it well requires some investment
Consulting help to develop Strategy, Policy, Process
Code base assessment
Software scanning tools
OSS approval, tracking and management tools
Support and/or indemnification

Open Source Inventory
Why?
Get an understanding of what OSS you are using on servers and desktops or what OSS is in your applications
When?
Baseline: At the beginning of creating or implementing OSS policy and processes
Ongoing: On a regular basis --- quarterly, annually
What?
Don’t try to start with every machine everywhere
Start with a representative sample to get a sense of scope of the issue and work thru processes & procedures
Expand over time

Open Source Inventory
How?
Option 1: Self reporting via spreadsheets or surveys
Hard to do, manual
Inaccurate because people don’t know what they are using
Option 2: Scanning systems or applications
OSS Discovery is a free open source option
Scan servers, desktops or applications
Integrate to sw distribution, asset management or inventory tools
No source code required
Scans find 2-10x what self-reporting does
Start with a group or area, then expand

Try the OLEX Library (olex.openlogic.com)
Check out Wazi for comparisons
Other sources for research
Ohloh – Community data
Osalt – Open source alternatives
Ostatic – media site
Project home pages
OSS Provisioning: Research

OpenLogic Certification
42-point certification process
Examine
Community
Adoption
Legal
Support
Meet minimum bar for enterprise consideration
Your own certification
Key evaluation points – just like for proprietary software
Enterprise Architect recomendations
OSS Provisioning: Certification

OLEX (olex.openlogic.com)
Trusted source
Certified software
Vetted bits
General repositories
Soureforge.net, Google Code, java.net, freshmeat, etc
Make sure you have it from an official source
Watch out for unvetted mirrors
Watch out for unvetted Maven repositories
Internal repository
Maintain internal repository (OLEX EE, your own system, etc)
OSS Provisioning: Sourcing

What?
Using technology to enforce open source policies
Capabilities
Allow/prevent downloads per your policy
Track downloads
Require declaration of use at time of download
Require approvals before download
Operationalizing Open Source Policies

Why?
When the answer to “can I use this OSS?” is “It depends”
When?
Prior to download
Prior to use in development, in production or in release
Who is involved?
Requestor
Set of approvers (Managers, Legal, EA, OSRB)
Sequential or parallel
OSS Requests and Approvals

How?
Option 1: Manual processes
Email, spreadsheet
Quickly overwhelmed in all but smallest companies
Option 2: OLEX EE
Process automation
Automated workflow for approval
Auto approval and Auto denial rules
Comment tracking
Customized forms and workflows and notifications
Option 3: Homegrown system
Build and maintain yourself
OSS Requests and Approvals

Why?
Ensure compliance with policies
Ensure compliance with open source licenses
Protect internal IP (in cases of distribution)
When to audit?
At key phases in application lifecycle
Development/Build
Test
Staging
Push to production
On pre-determined audit schedules
Random spot checks
OSS Auditing

What to audit for?
OSS Projects used
OSS Licenses used
Optional: OSS plagiarism (if distributing software)
How?
Compare information from
Policies
Declarations of usage
Requests
Scans
Identify violations
Remediate
OSS Auditing

OSS Reporting
OSS Inventories and changes over time
OSS Downloads and Declarations
Request and Approval Status
Policy Compliance and Violations
Application “Bill of Materials” and Bill of Licenses

OLEX Enterprise Edition: A Complete SaaS Governance Platform Inventory
Policies
Approvals Track & Audit OpenLogic Certified Library

Contact Information
For more information, please visit:
www.openlogic.com
www.olliancegroup.com
Or contact us by email at:
[email_address]
[email_address]

Ten Elements of Open Source Governance

by OpenLogic on Jun 23, 2009

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 10

Statistics

Ten Elements of Open Source Governance — Presentation Transcript