• Like
Ten Elements of Open Source Governance
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Ten Elements of Open Source Governance

  • 2,549 views
Published

OpenLogic and Olliance Group prepared these slides discussing ten elements that are essential to creating and maintaining an effective enterprise open source governance program. …

OpenLogic and Olliance Group prepared these slides discussing ten elements that are essential to creating and maintaining an effective enterprise open source governance program.

Topics covered include:
- Defining and implementing open source policies
- Securing organizational support
- Taking inventory of open source usage
- Managing open source usage requests and approvals
- Auditing and reporting to ensure ongoing compliance

Published in Technology , News & Politics
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
2,549
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
93
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Ten Key Elements of Open Source Governance in the Enterprise Webinar on June 17, 2009 Presented by Greg Olson, Senior Partner at Olliance Group and Kim Weins, Senior Vice President of Marketing at OpenLogic
  • 2. Ten Elements of Enterprise OSS Governance
    • Open source strategy
    • Open source policy
    • Executive sponsorship
    • Buy-in from stakeholders
    • Funding
    • Take inventory
    • Provisioning
    • Requests and approvals
    • Auditing
    • Reporting
  • 3. Poll Question #1
    • One a scale of 1-5, how open is your
    • company towards the use of open source
    • software (check one)?
    • 1 - No usage of open source allowed - 0%
    • 2 - Open source used only if no other solution exists - 29%
    • 3 - Open source allowed when it is superior to other solutions - 12%
    • 4 - Open source and proprietary solutions have equal footing - 41%
    • 5 - Use of open source preferred when available - 18%
    June 17, 2009 Webinar. Poll of 33 attendees, more than half of them from Fortune 500 Companies
  • 4.
    • Compelling benefits
      • Faster path to deployed implementations
      • Lower development and maintenance costs
    • But… adds complexity to software projects
      • Many more sources, licenses, compatibility issues
      • Self-service updating
    The Open Source Revolution 90% Custom Development Commercial Software Package Commercial Software Package 90% Integration OSS OSS Com- mercial OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS OSS Negotiated Procurement Download OSS Com- mercial
  • 5. Open Source Strategy
    • Defines why the organization uses OSS and what it hopes to achieve
    • Expressed primarily in high-level business terms (not technical or legal)
    • Key values of developing one:
      • Develop management consensus on goals and objectives
        • Line of business management
        • Software development
        • Legal
      • A clear basis for developing the (more detailed) policy
      • A clear statement of rationale to guide future staff in future decisions
  • 6. Open Source Policy
    • Specifies the rules for how the organization uses OSS
    • Typical elements
      • Legal Policy
        • What licenses are acceptable for what classes of application?
      • Acquisition Policy
        • What are criteria for OSS introduction? How documented?
        • Who approves and how managed?
      • Usage Policy
        • Where may what kind of OSS be used in what classes of applications?
        • Where may OSS be modified?
      • Support Policy
        • What are support requirements for what classes of applications?
      • Management Policy
        • How will OSS be tracked and managed?
      • Partner Policy
        • How to insure 3 rd party suppliers to adhere to the policy, too?
      • Contribution and Publishing Policy
        • What contributions will be published?
        • How may employees participate in communities?
        • How will this be managed?
  • 7. Executive Sponsorship
    • Provides the support necessary to get through major challenges
      • Controversy
        • Trade-offs between benefit and risk
        • Changes to long-established procurement policies
        • Changes to long-established development processes
        • Strongly held beliefs
      • Budgetary issues
        • Some additional systems and/or services will be needed
        • Benefits are typically harder to measure than the costs
      • Driving the effort
        • Change that crosses several management disciplines tends to bog down
        • An executive driver is key to completing this evolution
  • 8. Buy-In From Stakeholders
    • Ensures that those involved in the use open source will adhere to the processes
      • A policy not consistently followed is worse than no policy – a placebo hiding real risk to the business
    • Best ways to ensure buy-in
      • Executive leadership, especially in software development
      • Make sure all stakeholders understand the OSS Strategy
      • Involve the stakeholders in the policy and process development phases
      • Make sure the process yields quick approvals for mainstream activities
      • Involve the stakeholders in periodic reviews of Policy and Process
  • 9. Poll Question #2
    • What techniques do you use to track open
    • source usage in your company (check all
    • that apply)?
    • 1 - No formal inventory at all - 19%
    • 2 - Self-reporting per project - 33%
    • 3 - Self-reporting on a global scale - 8%
    • 4 - Manual audits of self-reported inventories - 22%
    • 5 - Automated code scanning tools - 17%
    June 17, 2009 Webinar. Poll of 33 attendees, more than half of them from Fortune 500 Companies
  • 10. Funding
    • Provides resources for any necessary consulting, software, or hardware solutions
    • The software may be free, but managing it well requires some investment
      • Consulting help to develop Strategy, Policy, Process
      • Code base assessment
      • Software scanning tools
      • OSS approval, tracking and management tools
      • Support and/or indemnification
  • 11. Open Source Inventory
    • Why?
      • Get an understanding of what OSS you are using on servers and desktops or what OSS is in your applications
    • When?
      • Baseline: At the beginning of creating or implementing OSS policy and processes
      • Ongoing: On a regular basis --- quarterly, annually
    • What?
      • Don’t try to start with every machine everywhere
      • Start with a representative sample to get a sense of scope of the issue and work thru processes & procedures
      • Expand over time
  • 12. Open Source Inventory
    • How?
      • Option 1: Self reporting via spreadsheets or surveys
        • Hard to do, manual
        • Inaccurate because people don’t know what they are using
      • Option 2: Scanning systems or applications
        • OSS Discovery is a free open source option
        • Scan servers, desktops or applications
        • Integrate to sw distribution, asset management or inventory tools
        • No source code required
        • Scans find 2-10x what self-reporting does
        • Start with a group or area, then expand
  • 13.
    • Try the OLEX Library (olex.openlogic.com)
      • Check out Wazi for comparisons
    • Other sources for research
      • Ohloh – Community data
      • Osalt – Open source alternatives
      • Ostatic – media site
      • Project home pages
    OSS Provisioning: Research
  • 14.
    • OpenLogic Certification
      • 42-point certification process
      • Examine
        • Community
        • Adoption
        • Legal
        • Support
      • Meet minimum bar for enterprise consideration
    • Your own certification
      • Key evaluation points – just like for proprietary software
      • Enterprise Architect recomendations
    OSS Provisioning: Certification
  • 15.
    • OLEX (olex.openlogic.com)
      • Trusted source
      • Certified software
      • Vetted bits
    • General repositories
      • Soureforge.net, Google Code, java.net, freshmeat, etc
      • Make sure you have it from an official source
      • Watch out for unvetted mirrors
      • Watch out for unvetted Maven repositories
    • Internal repository
      • Maintain internal repository (OLEX EE, your own system, etc)
    OSS Provisioning: Sourcing
  • 16.
    • What?
      • Using technology to enforce open source policies
    • Capabilities
      • Allow/prevent downloads per your policy
      • Track downloads
      • Require declaration of use at time of download
      • Require approvals before download
    Operationalizing Open Source Policies
  • 17.
    • Why?
      • When the answer to “can I use this OSS?” is “It depends”
    • When?
      • Prior to download
      • Prior to use in development, in production or in release
    • Who is involved?
      • Requestor
      • Set of approvers (Managers, Legal, EA, OSRB)
        • Sequential or parallel
    OSS Requests and Approvals
  • 18.
    • How?
      • Option 1: Manual processes
        • Email, spreadsheet
        • Quickly overwhelmed in all but smallest companies
      • Option 2: OLEX EE
        • Process automation
        • Automated workflow for approval
        • Auto approval and Auto denial rules
        • Comment tracking
        • Customized forms and workflows and notifications
      • Option 3: Homegrown system
        • Build and maintain yourself
    OSS Requests and Approvals
  • 19.
    • Why?
      • Ensure compliance with policies
      • Ensure compliance with open source licenses
      • Protect internal IP (in cases of distribution)
    • When to audit?
      • At key phases in application lifecycle
        • Development/Build
        • Test
        • Staging
        • Push to production
      • On pre-determined audit schedules
      • Random spot checks
    OSS Auditing
  • 20.
    • What to audit for?
      • OSS Projects used
      • OSS Licenses used
      • Optional: OSS plagiarism (if distributing software)
    • How?
      • Compare information from
        • Policies
        • Declarations of usage
        • Requests
        • Scans
      • Identify violations
      • Remediate
    OSS Auditing
  • 21. OSS Reporting
    • OSS Inventories and changes over time
    • OSS Downloads and Declarations
    • Request and Approval Status
    • Policy Compliance and Violations
    • Application “Bill of Materials” and Bill of Licenses
  • 22. OLEX Enterprise Edition: A Complete SaaS Governance Platform Inventory
    • Policies
    Approvals Track & Audit OpenLogic Certified Library
  • 23. Contact Information
    • For more information, please visit:
    • www.openlogic.com
    • www.olliancegroup.com
    • Or contact us by email at:
    • [email_address]
    • [email_address]