© Black Duck 2012It’s No Myth:Compliance Is Good BusinessLinux Collaboration Summit, 16 April 2013Phil Odence, VP Business...
2 © Black Duck 2013Black Duck’s Perspective• Known for services; primarily a software company• Not an open source company ...
3 © Black Duck 2013AgendaGoal: To provide a bird’s eye view of opensource/FOSS usage and compliance in companies• Evolving...
4 © Black Duck 2013First of all…“Software is Eating the World.”Marc Andreessen (Netscape Founder)August ’11, Wall Street J...
5 © Black Duck 2013…with the plate is heapingSource: Ohloh/Black Duck KnowledgeBase2.7 billion filesNearly 1M de-duplicate...
6 © Black Duck 2013OSS Adoption: Jeff Hammond circa early 2009@black_duck_sw
7 © Black Duck 2013Olliance Consulting* Management Maturity FrameworkDeveloper driven Business strategy drivenAd Hoc UseBu...
8 © Black Duck 2013Industry OSS Adoption ala Geoff MooreInnovators MajorityOpenSourceAdoption@black_duck_sw
9 © Black Duck 2013Jeff Hammond circa late 2010• OSS goal to means• 80% developers used• Reduced management gap• Don’t ask...
10 © Black Duck 2013The Chasm is the Stuff of MythClosedsource is theevil empireYou are a bunchof wookiesIf anyone knowswe...
11 © Black Duck 2012Why open source?Myth: You only love us causewe’re free (as in beer)
12 © Black Duck 2013Faster, Better, CheaperJeffrey Hammond, ForresterOpen source is a „silver bullet‟ that allows simultan...
13 © Black Duck 2013A bunch of good reasons…“Open source is ubiquitous, it’s unavoidable….having a policy against opensour...
14 © Black Duck 201330%80%AverageBest inclassCompany Benefit: Less is More@black_duck_sw
15 © Black Duck 2013Real World Example“Over 80% of the software in our handsets is open source”Carl-Eric Mols, Head of OSS...
16 © Black Duck 2013Another:Large Commercial UK Bank Trading ApplicationDelivered a newtrading app but onlyhad to do 28% o...
17 © Black Duck 2013…and then there’s customer acceptance• DoD CIO Letter…• To effectively achieve its missions, theDepart...
18 © Black Duck 2013So…• The myth:• It’s all about the “free beer”• The reality:• It’s about:• Flexibility• Innovation• Co...
19 © Black Duck 2012Why Comply?Myth: Companies don’t give a hoot(’cept maybe when they get sued)
20 © Black Duck 2013Software today is Multi-SourceTHE ENTERPRISE – TOOLS, PROCESSESYour Software ApplicationInternallyDeve...
21 © Black Duck 2013The Fundamental Challenge“How ya gonna keep ’em down on the farm…?”@black_duck_sw
22 © Black Duck 2013Management challenges aren’t just legal• Key Benefits• Flexibility• Modify, mix, reusecode• Innovation...
23 © Black Duck 2013Managing Open Source = Proper SW Dev Mgmt• “There are plenty of other reasons beyond licensingthat I w...
24 © Black Duck 2013And, if they want to get bought someday…2009 2010 2011 2012M&A AuditsUS Tech DealsOSS Compliance have ...
25 © Black Duck 2013Free’s not all that freeRisk(allsorts)ComplianceProductivityPhil‟s (other) iron triangleNo compliance ...
26 © Black Duck 2013So…• The myth:• Companies don’t care• And only pay attention toextreme measures• The reality:• Legal f...
27 © Black Duck 2012Who complies?Myth: OK, but most companies don’t complyAnd, they may talk the talk, but…
28 © Black Duck 2013Companies invest heavily in compliance@black_duck_sw
29 © Black Duck 2013In the form of sophisticated governance processes@black_duck_sw
30 © Black Duck 2013…best practices, training, transformation@black_duck_sw
31 © Black Duck 2013..,dedicated review boards and programsOpen Source Program Office• Responsible for all open source act...
32 © Black Duck 2013….correct and corresponding code infrastructure“The Internet of objects would encode50 to 100 trillion...
33 © Black Duck 2013OK, but do they waddle the waddle?@black_duck_sw
34 © Black Duck 2013Giving back is a “higher order skill”EngineeringdrivenBusiness strategy drivenAd Hoc UseBuilt-inCompli...
35 © Black Duck 2013Companies certainly rock the Kernel• 75% Kernel developers are paid• 800 companies have contributed ov...
36 © Black Duck 2013FinancialServicesAutomotiveMobileAerospacePolarsysHealthcareCommunity and Co-opetitionMozillaEclipseOp...
37 © Black Duck 2013Automotive may boast the most logosFord contributes AppLink code to GENIVI AllianceGENIVILicense Revie...
38 © Black Duck 2013And … I’m just sayin’Microsoft is into open…@black_duck_sw
39 © Black Duck 2013Close to our hearts@black_duck_sw
40 © Black Duck 2013So…• The myth:• Companies don’t comply• And even if they do theydon’t participate• The reality:• Some ...
41 © Black Duck 2012Looking Forward andConclusions
42 © Black Duck 2013Conclusion• The Companies/FOSS has evolved• Corporate usage has crossed the chasm• Companies have good...
43 © Black Duck 2013There may remain a philosophical schism, but...Software is allabout deliveringshareholdervalueSoftware...
44 © Black Duck 2013Check out where it’s going• Key trend toward internal OSS methods – 80%• Open source will make up >50%...
Upcoming SlideShare
Loading in …5
×

It’s No Myth: Compliance Is Good Business

1,234 views

Published on

Linux Collaboration Summit presentation by Black Duck's VP of Business Development, Phil Odence.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,234
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • JQuery, OpenStack
  • Geoff Moore
  • THIRTY MINUTES
  • 20 MINUTES
  • 10 MINUTES
  • Linux top 20, CodePlex, Azure: Drupal,Hadoop, LInux VMs,
  • PsychologicalEgosim, Idealizm
  • It’s No Myth: Compliance Is Good Business

    1. 1. © Black Duck 2012It’s No Myth:Compliance Is Good BusinessLinux Collaboration Summit, 16 April 2013Phil Odence, VP Business DevelopmentBlack Duck@black_duck_sw
    2. 2. 2 © Black Duck 2013Black Duck’s Perspective• Known for services; primarily a software company• Not an open source company per se• Very involved, but most products under commerciallicenses• Serving (primarily) commercial companies• Software, Systems, Enterprise IT Organizations• Helping companies manage their use of opensource@black_duck_sw
    3. 3. 3 © Black Duck 2013AgendaGoal: To provide a bird’s eye view of opensource/FOSS usage and compliance in companies• Evolving Relationship Between Commercial Companiesand FOSS• Why open source?• Why comply?• Are they really?• What’s next?@black_duck_sw
    4. 4. 4 © Black Duck 2013First of all…“Software is Eating the World.”Marc Andreessen (Netscape Founder)August ’11, Wall Street JournalAnd there’s a growingappetite for open source…@black_duck_sw
    5. 5. 5 © Black Duck 2013…with the plate is heapingSource: Ohloh/Black Duck KnowledgeBase2.7 billion filesNearly 1M de-duplicated projects10+ million staff years of development5000+ sites2,200+ unique software licenses-500,000.001,000,000.001,500,000.002,000,000.002,500,000.002006 2008 2010 2012 2014FOSS ProjectsProjectedGamesUI@black_duck_sw
    6. 6. 6 © Black Duck 2013OSS Adoption: Jeff Hammond circa early 2009@black_duck_sw
    7. 7. 7 © Black Duck 2013Olliance Consulting* Management Maturity FrameworkDeveloper driven Business strategy drivenAd Hoc UseBuilt-inComplianceInformalGuidelinesStrategic OSSUse, Community LeadershipExplicitPolicy, Tracking& AudtingProcessAutomation, CommunityParticipationOpenSourceAdoption*now a division of Black Duck@black_duck_sw
    8. 8. 8 © Black Duck 2013Industry OSS Adoption ala Geoff MooreInnovators MajorityOpenSourceAdoption@black_duck_sw
    9. 9. 9 © Black Duck 2013Jeff Hammond circa late 2010• OSS goal to means• 80% developers used• Reduced management gap• Don’t ask/tell to strategic• Waned concern aboutmission critical apps@black_duck_sw
    10. 10. 10 © Black Duck 2013The Chasm is the Stuff of MythClosedsource is theevil empireYou are a bunchof wookiesIf anyone knowswe are using opensource we’ll haveto give up all ourcodeThey justwant a freerideThere’s no way to makemoney if I give away mysoftware.No one caresabout licensesunless they aregetting sued Those guysdon’t get it.• Chasm: Greek χάος means emptiness, vastvoid, abyss. Same as for “chaos”• Out of which grew the Chaoskamph myths• Explaining the clash between order andchaos in the world‟s creation• paraphrasing Wikipdia@black_duck_sw
    11. 11. 11 © Black Duck 2012Why open source?Myth: You only love us causewe’re free (as in beer)
    12. 12. 12 © Black Duck 2013Faster, Better, CheaperJeffrey Hammond, ForresterOpen source is a „silver bullet‟ that allows simultaneousimprovement along all three dimensions of the software„iron triangle‟ of cost, schedule, features.CostFeaturesSchedule@black_duck_sw
    13. 13. 13 © Black Duck 2013A bunch of good reasons…“Open source is ubiquitous, it’s unavoidable….having a policy against opensource is impractical and places you at a competitive disadvantage”• Key Benefits• Flexibility• Modify, mix, reuse code• Innovation• Leverage FOSS and community• Cost Optimization• Reduce or eliminate acquisition costsSource: Mark Driver, Gartner GroupIt’s only #3@black_duck_sw
    14. 14. 14 © Black Duck 201330%80%AverageBest inclassCompany Benefit: Less is More@black_duck_sw
    15. 15. 15 © Black Duck 2013Real World Example“Over 80% of the software in our handsets is open source”Carl-Eric Mols, Head of OSS, Sony Mobile Communications@black_duck_sw
    16. 16. 16 © Black Duck 2013Another:Large Commercial UK Bank Trading ApplicationDelivered a newtrading app but onlyhad to do 28% of thework!@black_duck_sw
    17. 17. 17 © Black Duck 2013…and then there’s customer acceptance• DoD CIO Letter…• To effectively achieve its missions, theDepartment of Defense must develop andupdate its software-based capabilities fasterthan ever, to anticipate new threats andrespond to continuously changingrequirements. The use of Open SourceSoftware (OSS) can provide advantages inthis regard.• Unfortunately, there have beenmisconceptions and misinterpretations of theexisting laws, policies and regulations thatdeal with software and apply to OSS, thathave hampered effective DoD use anddevelopment of OSS• I have asked the Director, Enterprise Services& Integration, to work with your staffs andidentify other barriers to the effective use ofopen source software within theDepartment, so we can continue to increasethe benefits from the use of OSSFOSS@black_duck_sw
    18. 18. 18 © Black Duck 2013So…• The myth:• It’s all about the “free beer”• The reality:• It’s about:• Flexibility• Innovation• Co-opetition and Community• Recruiting• Support from customers• And, yes, Cost@black_duck_sw
    19. 19. 19 © Black Duck 2012Why Comply?Myth: Companies don’t give a hoot(’cept maybe when they get sued)
    20. 20. 20 © Black Duck 2013Software today is Multi-SourceTHE ENTERPRISE – TOOLS, PROCESSESYour Software ApplicationInternallyDevelopedCodeCommercial3rd-Party CodeOutsourced CodeDevelopmentOSS CommunitiesGlobal 2000 organizations increasingly leverage code from a vastarray of sources — including internally built, opensource, outsourced, commercially built, and customizedapplications.- Melinda Ballou, IDC (sponsored by Black Duck@black_duck_sw
    21. 21. 21 © Black Duck 2013The Fundamental Challenge“How ya gonna keep ’em down on the farm…?”@black_duck_sw
    22. 22. 22 © Black Duck 2013Management challenges aren’t just legal• Key Benefits• Flexibility• Modify, mix, reusecode• Innovation• Leverage FOSSand community• Cost Optimization• Reduce oreliminateacquisition costs• Challenges• Technical Failure• Operationalexposure• Needs to beaudited, managed• Security Risks• Business exposure• IP Risks• Legal exposure“Open source is ubiquitous, it’s unavoidable….having a policy against opensource is impractical and places you at a competitive disadvantage”Source: Mark Driver, Gartner GroupIt’s only #3@black_duck_sw
    23. 23. 23 © Black Duck 2013Managing Open Source = Proper SW Dev Mgmt• “There are plenty of other reasons beyond licensingthat I want to understand what’s in our code”• CIO, Large Financial Services Firm• Security• Quality• Supportability• Community• Sarbanes Oxley Act Section 404 says you gottaknow what software you got and who owns it• Fortune 500 tech companies- material risk in 10Ks@black_duck_sw
    24. 24. 24 © Black Duck 2013And, if they want to get bought someday…2009 2010 2011 2012M&A AuditsUS Tech DealsOSS Compliance have become routine question in tech M&ASource: Black Duck / 451 Group@black_duck_sw
    25. 25. 25 © Black Duck 2013Free’s not all that freeRisk(allsorts)ComplianceProductivityPhil‟s (other) iron triangleNo compliance meansproductive but riskyOverly heavy compliancereduces risk, but maysquash productivity@black_duck_sw
    26. 26. 26 © Black Duck 2013So…• The myth:• Companies don’t care• And only pay attention toextreme measures• The reality:• Legal fear is a motivator• But companies’ overall riskmanagement agendas alignreasonably with open sourcegovernance• It’s just not all that simple@black_duck_sw
    27. 27. 27 © Black Duck 2012Who complies?Myth: OK, but most companies don’t complyAnd, they may talk the talk, but…
    28. 28. 28 © Black Duck 2013Companies invest heavily in compliance@black_duck_sw
    29. 29. 29 © Black Duck 2013In the form of sophisticated governance processes@black_duck_sw
    30. 30. 30 © Black Duck 2013…best practices, training, transformation@black_duck_sw
    31. 31. 31 © Black Duck 2013..,dedicated review boards and programsOpen Source Program Office• Responsible for all open source activities and strategy across thecompany• Provides continuous training and consulting to HP product andproject teams• Encourages contribution to the open source community• Sponsors numerous open source foundations (e.g. ASF, LinuxFoundation, OpenStack) and events• Typically review 10 to 20 proposals per week from teams wantingto use and/or contribute to open source• Develops in-house tools to support the review and tracking of opensource across the company• Promptly handle any compliance inquiries that come to ourattentionhttp://opensource.hp.com@black_duck_sw
    32. 32. 32 © Black Duck 2013….correct and corresponding code infrastructure“The Internet of objects would encode50 to 100 trillion objects, and be able tofollow the movement of those objects.Human beings surrounded by 1000 to5000 trackable objects”@black_duck_sw
    33. 33. 33 © Black Duck 2013OK, but do they waddle the waddle?@black_duck_sw
    34. 34. 34 © Black Duck 2013Giving back is a “higher order skill”EngineeringdrivenBusiness strategy drivenAd Hoc UseBuilt-inComplianceInformalGuidelinesStrategic OSSUse, Community LeadershipOpenSourceAdoption*now a division of Black Duck@black_duck_swExplicitPolicy, Tracking& AudtingProcessAutomation, CommunityParticipation
    35. 35. 35 © Black Duck 2013Companies certainly rock the Kernel• 75% Kernel developers are paid• 800 companies have contributed over time; 200active as of 2012• Red Hat, Intel, Novell, IBM, TexasInstruments, Broadcom, Nokia, Samsung, Oracleand Google• Jon Corbet’s 2012 annualreport@black_duck_sw
    36. 36. 36 © Black Duck 2013FinancialServicesAutomotiveMobileAerospacePolarsysHealthcareCommunity and Co-opetitionMozillaEclipseOpenstackTheFoundationThe Apache FoundationNetworking@black_duck_sw
    37. 37. 37 © Black Duck 2013Automotive may boast the most logosFord contributes AppLink code to GENIVI AllianceGENIVILicense ReviewTeam@black_duck_sw
    38. 38. 38 © Black Duck 2013And … I’m just sayin’Microsoft is into open…@black_duck_sw
    39. 39. 39 © Black Duck 2013Close to our hearts@black_duck_sw
    40. 40. 40 © Black Duck 2013So…• The myth:• Companies don’t comply• And even if they do theydon’t participate• The reality:• Some don’t• Many do• The world’s best companiesinvest heavily• And, more and more theyare walking the walk@black_duck_sw
    41. 41. 41 © Black Duck 2012Looking Forward andConclusions
    42. 42. 42 © Black Duck 2013Conclusion• The Companies/FOSS has evolved• Corporate usage has crossed the chasm• Companies have good business reasons tomanage/comply• The best companies do comply• And are finding good business reasons to give back@black_duck_sw
    43. 43. 43 © Black Duck 2013There may remain a philosophical schism, but...Software is allabout deliveringshareholdervalueSoftware isall about“free”Rather than question motivation, focus on results@black_duck_sw
    44. 44. 44 © Black Duck 2013Check out where it’s going• Key trend toward internal OSS methods – 80%• Open source will make up >50% deployed code –62%• “Lower Cost” – drops to #7 in importance• Attracting talent – #1 reason to engage• Company’s co-epetition will increase – 57%• 2013 Future of Open SourceSurvey Results show newtrends in OSS• First ever webinar results panelis now available to view on-demand!• #FutureOSS@black_duck_sw

    ×