SlideShare a Scribd company logo

2011 NASA Open Source Summit - Bob Sutor

NASA Open Government Initiative
NASA Open Government Initiative
1 of 13
Download to read offline
Bob Sutor – VP, Open Systems Strategy 29 March, 2011 Open Source Governance for your Organization © 2011 IBM Corporation
Before we get started ! Per my website: The content on this site is my own and does not necessarily represent my employer’s positions, strategies or opinions. ! http://www.sutor.com ! This discussion does not constitute legal advice. ! I’m not an attorney, and certainly not an intellectual property attorney, and you should consult one as necessary. 2 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
The key question Do you have proper legal controls and business processes in place to deal with open source software? 3 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
Your open source governance strategy ! Five years ago, it was not uncommon for that strategy to be defined as “you shall use no open source software.” ! You need to understand the legal risks and responsibilities for any software you use, and weigh those against the business value. ! Work out a plan that specifies what business and legal controls are in place to approve use of open source in your organization or in your products, and make sure you have a well defined escalation path. 4 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
What you need to know ! All projects to which your employees or organizational members contribute, the free and open source licenses being used, and the intellectual property commitments those contributions make upon your company or organization. ! All use of open source code within internal processes, product development, and services engagements. 5 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
What you need to know ! All open source code that goes into your hardware products, software products, web-delivered services, or are given to your customers as part of consulting and services engagements. ! The location of all open source code repositories used in development, with strict rules about what code with which licenses can be combined (or not). 6 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
What you then need to put in place ! Uniform cross-organizational rules and policies about the use of open source, with the ability to audit adherence. ! Tools to determine code provenance: from which original bodies of open source code did your current codebase derive? ! Balanced policies to weigh the business and legal benefits and risks in using open source code. 7 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
What you then need to put in place ! Education for all employees and contractors, with special sections appropriate for users, contributors, developers, and distributors of open source code. ! Clear processes defining when decisions about open source can be made locally and when they must be made centrally, with paths for escalating decisions going up both the executive and legal chains. ! An aggressive policy for contributing to the various open source communities from which you benefit in your company or organization. 8 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
The IBM experience ! Ten+ years contributing to and leading hundreds of open source projects in efforts such as Linux, Eclipse, and Apache. ! An internal governance process embodied within the Open Source Steering Committee (OSSC), with the set of rules now in their third generation in the last decade. ! The OSSC reviews all IBM external activities involving Open Source including – Starting a new OSS community/project – Contributing to an existing OSS community – Using OSS in IBM products or services – Distributing reference implementations or OSS modifications – Redistributing (OEM or Resell) vendor products containing OSS 9 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
Use of open source has grown ! We have seen proposals to the OSSC grow steadily. ! The proposals fall into 3 categories – Already evaluated and approved for use – Meets well-defined criteria and a centralized committee can handle – Complex or original scenarios that are best decided by top of the business ! The governance process continues to evolve – Scalability: handle increase in the number proposals – Delegation: allow business units to drive majority of decisions – Economy: don’t spend money on people and resources to answer questions to which you already know the answers. 10 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
Some lessons learned ! We were worried about code quality but we shouldn’t have been. ! We gained a better understanding of the open source domain – Copyright and patent complexities – License terms and conditions – Usual lack of warranty ! We learned to balanced open and proprietary. 11 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
Some lessons learned ! We gained a better understanding of the value of open source – How to leverage it in what we do – How and where to contribute – How to work well in open source communities ! We learned to manage the risks. ! We learned it is important to have clear business and strategic reasons for using open source 12 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
Final thoughts ! Develop your open source policy collaboratively among your business, technical, and legal experts, don’t dictate it. ! Education is key for employee and contractor compliance. ! Establish clear policy for what employees can and cannot do with open source in their spare time. ! Consider using code pedigree and scanning services from companies such as Black Duck, OpenLogic, and Palamida. ! Know where handling open source needs to be the same as closed source, and where it needs to be different. ! Plan to iterate on and refine your policy yearly for the first few years. 13 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation

Recommended

2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.milNASA Open Government Initiative
 
Palamida Open Source Compliance Solution
Palamida Open Source Compliance Solution Palamida Open Source Compliance Solution
Palamida Open Source Compliance Solution Engineering Software Lab
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impactRogue Wave Software
 
Webinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingWebinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingSynopsys Software Integrity Group
 
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...Black Duck by Synopsys
 
Webinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewWebinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewSynopsys Software Integrity Group
 
Guide to Open Source Compliance
Guide to Open Source ComplianceGuide to Open Source Compliance
Guide to Open Source ComplianceSamsung Open Source Group
 

Recommended

2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.milNASA Open Government Initiative
 
Palamida Open Source Compliance Solution
Palamida Open Source Compliance Solution Palamida Open Source Compliance Solution
Palamida Open Source Compliance Solution Engineering Software Lab
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impactRogue Wave Software
 
Webinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingWebinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingSynopsys Software Integrity Group
 
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...Black Duck by Synopsys
 
Webinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewWebinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewSynopsys Software Integrity Group
 
Guide to Open Source Compliance
Guide to Open Source ComplianceGuide to Open Source Compliance
Guide to Open Source ComplianceSamsung Open Source Group
 
Black duck Software's pitch
Black duck Software's pitchBlack duck Software's pitch
Black duck Software's pitchi7
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksSynopsys Software Integrity Group
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
Going Open: How to Make a Project Open Source
Going Open: How to Make a Project Open SourceGoing Open: How to Make a Project Open Source
Going Open: How to Make a Project Open SourceBlack Duck by Synopsys
 
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...Black Duck by Synopsys
 
Android for the Enterprise and OEMs
Android for the Enterprise and OEMsAndroid for the Enterprise and OEMs
Android for the Enterprise and OEMsBlack Duck by Synopsys
 
Buyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBuyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBlack Duck by Synopsys
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17Shane Coughlan
 
Open Source as an Element of Corporate Strategy
Open Source as an Element of Corporate StrategyOpen Source as an Element of Corporate Strategy
Open Source as an Element of Corporate StrategyBlack Duck by Synopsys
 
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?Jennifer O'Neill
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Denim Group
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFixDenim Group
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...Black Duck by Synopsys
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleSynopsys Software Integrity Group
 
Making the Strategic Shift to Open Source at Fujitsu Network Communication
Making the Strategic Shift to Open Source at Fujitsu Network CommunicationMaking the Strategic Shift to Open Source at Fujitsu Network Communication
Making the Strategic Shift to Open Source at Fujitsu Network CommunicationBlack Duck by Synopsys
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source WayBlack Duck by Synopsys
 
Fedora In The Enterprise
Fedora In The EnterpriseFedora In The Enterprise
Fedora In The Enterprisekanarip
 
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...Black Duck by Synopsys
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Black Duck by Synopsys
 
Introduction Radboud Work Environment
Introduction Radboud Work EnvironmentIntroduction Radboud Work Environment
Introduction Radboud Work EnvironmentLizette Engelen
 
Information Technology Supporting the Development of International Standards
Information Technology Supporting the Development of International StandardsInformation Technology Supporting the Development of International Standards
Information Technology Supporting the Development of International StandardsRobert Sutor
 

More Related Content

What's hot

Black duck Software's pitch
Black duck Software's pitchBlack duck Software's pitch
Black duck Software's pitchi7
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksSynopsys Software Integrity Group
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
Going Open: How to Make a Project Open Source
Going Open: How to Make a Project Open SourceGoing Open: How to Make a Project Open Source
Going Open: How to Make a Project Open SourceBlack Duck by Synopsys
 
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...Black Duck by Synopsys
 
Buyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBuyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBlack Duck by Synopsys
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17Shane Coughlan
 
Open Source as an Element of Corporate Strategy
Open Source as an Element of Corporate StrategyOpen Source as an Element of Corporate Strategy
Open Source as an Element of Corporate StrategyBlack Duck by Synopsys
 
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?Jennifer O'Neill
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Denim Group
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFixDenim Group
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...Black Duck by Synopsys
 
Making the Strategic Shift to Open Source at Fujitsu Network Communication
Making the Strategic Shift to Open Source at Fujitsu Network CommunicationMaking the Strategic Shift to Open Source at Fujitsu Network Communication
Making the Strategic Shift to Open Source at Fujitsu Network CommunicationBlack Duck by Synopsys
 
Fedora In The Enterprise
Fedora In The EnterpriseFedora In The Enterprise
Fedora In The Enterprisekanarip
 
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...Black Duck by Synopsys
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Black Duck by Synopsys
 

What's hot (20)

Black duck Software's pitch
Black duck Software's pitchBlack duck Software's pitch
Black duck Software's pitch
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suite
 
Going Open: How to Make a Project Open Source
Going Open: How to Make a Project Open SourceGoing Open: How to Make a Project Open Source
Going Open: How to Make a Project Open Source
 
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...
 
Android for the Enterprise and OEMs
Android for the Enterprise and OEMsAndroid for the Enterprise and OEMs
Android for the Enterprise and OEMs
 
Buyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBuyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech Contracts
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
 
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
OpenChain Webinar #10 - Joint Development Foundation - 2020-08-17
 
Open Source as an Element of Corporate Strategy
Open Source as an Element of Corporate StrategyOpen Source as an Element of Corporate Strategy
Open Source as an Element of Corporate Strategy
 
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFix
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
 
Making the Strategic Shift to Open Source at Fujitsu Network Communication
Making the Strategic Shift to Open Source at Fujitsu Network CommunicationMaking the Strategic Shift to Open Source at Fujitsu Network Communication
Making the Strategic Shift to Open Source at Fujitsu Network Communication
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source Way
 
Fedora In The Enterprise
Fedora In The EnterpriseFedora In The Enterprise
Fedora In The Enterprise
 
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
 

Viewers also liked

Introduction Radboud Work Environment
Introduction Radboud Work EnvironmentIntroduction Radboud Work Environment
Introduction Radboud Work EnvironmentLizette Engelen
 
Information Technology Supporting the Development of International Standards
Information Technology Supporting the Development of International StandardsInformation Technology Supporting the Development of International Standards
Information Technology Supporting the Development of International StandardsRobert Sutor
 
ApacheCon 2010 Keynote: Problems, Data, and Languages
ApacheCon 2010 Keynote: Problems, Data, and LanguagesApacheCon 2010 Keynote: Problems, Data, and Languages
ApacheCon 2010 Keynote: Problems, Data, and LanguagesRobert Sutor
 
Lotusphere 2012 - Harnessing the Power of Enterprise Mobility
Lotusphere 2012 - Harnessing the Power of Enterprise Mobility Lotusphere 2012 - Harnessing the Power of Enterprise Mobility
Lotusphere 2012 - Harnessing the Power of Enterprise Mobility Robert Sutor
 
IBM Standards Principles
IBM Standards PrinciplesIBM Standards Principles
IBM Standards PrinciplesRobert Sutor
 

Viewers also liked (6)

Introduction Radboud Work Environment
Introduction Radboud Work EnvironmentIntroduction Radboud Work Environment
Introduction Radboud Work Environment
 
Information Technology Supporting the Development of International Standards
Information Technology Supporting the Development of International StandardsInformation Technology Supporting the Development of International Standards
Information Technology Supporting the Development of International Standards
 
ApacheCon 2010 Keynote: Problems, Data, and Languages
ApacheCon 2010 Keynote: Problems, Data, and LanguagesApacheCon 2010 Keynote: Problems, Data, and Languages
ApacheCon 2010 Keynote: Problems, Data, and Languages
 
Lotusphere 2012 - Harnessing the Power of Enterprise Mobility
Lotusphere 2012 - Harnessing the Power of Enterprise Mobility Lotusphere 2012 - Harnessing the Power of Enterprise Mobility
Lotusphere 2012 - Harnessing the Power of Enterprise Mobility
 
IBM Standards Principles
IBM Standards PrinciplesIBM Standards Principles
IBM Standards Principles
 
Antidepresivos duales
Antidepresivos dualesAntidepresivos duales
Antidepresivos duales
 

Similar to 2011 NASA Open Source Summit - Bob Sutor

OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27Shane Coughlan
 
Breaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullBreaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullGreat Wide Open
 
Practical Trademark Law for FOSS Projects
Practical Trademark Law for FOSS ProjectsPractical Trademark Law for FOSS Projects
Practical Trademark Law for FOSS ProjectsShane Curcuru
 
Managing Community Open Source Brands
Managing Community Open Source BrandsManaging Community Open Source Brands
Managing Community Open Source BrandsShane Curcuru
 
Open soucre(cut shrt)
Open soucre(cut shrt)Open soucre(cut shrt)
Open soucre(cut shrt)Shivani Rai
 
Four Steps to Creating an Effective Open Source Policy
Four Steps to Creating an Effective Open Source PolicyFour Steps to Creating an Effective Open Source Policy
Four Steps to Creating an Effective Open Source PolicyBlack Duck by Synopsys
 
Intellectual Primer For Small Business oct 2011
Intellectual Primer For Small Business oct 2011Intellectual Primer For Small Business oct 2011
Intellectual Primer For Small Business oct 2011Cognition LLP
 
Four Steps to Creating an Effective Open Source Policy
Four Steps to Creating an Effective Open Source PolicyFour Steps to Creating an Effective Open Source Policy
Four Steps to Creating an Effective Open Source Policyiasaglobal
 
Open Source Governance at HP
Open Source Governance at HPOpen Source Governance at HP
Open Source Governance at HPBruno Cornec
 
Open Source BI (OSBI)
Open Source BI (OSBI)Open Source BI (OSBI)
Open Source BI (OSBI)Fru Louis
 
Open Source Governance v2.5
Open Source Governance v2.5Open Source Governance v2.5
Open Source Governance v2.5Inria
 
Fundamentals of Free and Open Source Software
Fundamentals of Free and Open Source SoftwareFundamentals of Free and Open Source Software
Fundamentals of Free and Open Source SoftwareRoss Gardler
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmRogue Wave Software
 
Open Source Contribution Policies That Don't Suck
Open Source Contribution Policies That Don't SuckOpen Source Contribution Policies That Don't Suck
Open Source Contribution Policies That Don't SuckTobie Langel
 
Open source softwares, 2011
Open source softwares, 2011Open source softwares, 2011
Open source softwares, 2011Florent Renucci
 
Ten Elements of Open Source Governance
Ten Elements of Open Source GovernanceTen Elements of Open Source Governance
Ten Elements of Open Source GovernanceRogue Wave Software
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Sonatype
 

Similar to 2011 NASA Open Source Summit - Bob Sutor (20)

OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
OpenChain Webinar 57 - The Open Source Initiative - 2023-11-27
 
Breaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational PullBreaking Free from Proprietary Gravitational Pull
Breaking Free from Proprietary Gravitational Pull
 
Practical Trademark Law for FOSS Projects
Practical Trademark Law for FOSS ProjectsPractical Trademark Law for FOSS Projects
Practical Trademark Law for FOSS Projects
 
Managing Community Open Source Brands
Managing Community Open Source BrandsManaging Community Open Source Brands
Managing Community Open Source Brands
 
Open soucre(cut shrt)
Open soucre(cut shrt)Open soucre(cut shrt)
Open soucre(cut shrt)
 
Four Steps to Creating an Effective Open Source Policy
Four Steps to Creating an Effective Open Source PolicyFour Steps to Creating an Effective Open Source Policy
Four Steps to Creating an Effective Open Source Policy
 
Intellectual Primer For Small Business oct 2011
Intellectual Primer For Small Business oct 2011Intellectual Primer For Small Business oct 2011
Intellectual Primer For Small Business oct 2011
 
Four Steps to Creating an Effective Open Source Policy
Four Steps to Creating an Effective Open Source PolicyFour Steps to Creating an Effective Open Source Policy
Four Steps to Creating an Effective Open Source Policy
 
Open Source Governance at HP
Open Source Governance at HPOpen Source Governance at HP
Open Source Governance at HP
 
Open Source BI (OSBI)
Open Source BI (OSBI)Open Source BI (OSBI)
Open Source BI (OSBI)
 
Open Source Governance v2.5
Open Source Governance v2.5Open Source Governance v2.5
Open Source Governance v2.5
 
Methods about Open Source Governance v2.5
Methods about Open Source Governance v2.5Methods about Open Source Governance v2.5
Methods about Open Source Governance v2.5
 
Osbi Sesame?
Osbi Sesame?Osbi Sesame?
Osbi Sesame?
 
Fundamentals of Free and Open Source Software
Fundamentals of Free and Open Source SoftwareFundamentals of Free and Open Source Software
Fundamentals of Free and Open Source Software
 
Why choose-liferay
Why choose-liferayWhy choose-liferay
Why choose-liferay
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calm
 
Open Source Contribution Policies That Don't Suck
Open Source Contribution Policies That Don't SuckOpen Source Contribution Policies That Don't Suck
Open Source Contribution Policies That Don't Suck
 
Open source softwares, 2011
Open source softwares, 2011Open source softwares, 2011
Open source softwares, 2011
 
Ten Elements of Open Source Governance
Ten Elements of Open Source GovernanceTen Elements of Open Source Governance
Ten Elements of Open Source Governance
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
 

More from NASA Open Government Initiative

More from NASA Open Government Initiative (9)

Nasa at i_co_p_aug2011 2
Nasa at i_co_p_aug2011 2Nasa at i_co_p_aug2011 2
Nasa at i_co_p_aug2011 2
 
2011 NASA Open Source Summit - Pascal Finette
2011 NASA Open Source Summit - Pascal Finette2011 NASA Open Source Summit - Pascal Finette
2011 NASA Open Source Summit - Pascal Finette
 
2011 NASA Open Source Summit - Chris DiBona
2011 NASA Open Source Summit - Chris DiBona2011 NASA Open Source Summit - Chris DiBona
2011 NASA Open Source Summit - Chris DiBona
 
2011 NASA Open Source Summit - Brian Stevens
2011 NASA Open Source Summit - Brian Stevens2011 NASA Open Source Summit - Brian Stevens
2011 NASA Open Source Summit - Brian Stevens
 
2011 NASA Open Source Summit - Terry Fong
2011 NASA Open Source Summit - Terry Fong2011 NASA Open Source Summit - Terry Fong
2011 NASA Open Source Summit - Terry Fong
 
2011 NASA Open Source Summit - Patrick Hogan
2011 NASA Open Source Summit - Patrick Hogan2011 NASA Open Source Summit - Patrick Hogan
2011 NASA Open Source Summit - Patrick Hogan
 
2011 NASA Open Source Summit - David Wheeler
2011 NASA Open Source Summit - David Wheeler2011 NASA Open Source Summit - David Wheeler
2011 NASA Open Source Summit - David Wheeler
 
2011 NASA Open Source Summit - Chris Mattmann
2011 NASA Open Source Summit - Chris Mattmann2011 NASA Open Source Summit - Chris Mattmann
2011 NASA Open Source Summit - Chris Mattmann
 
2011 NASA Open Source Summit - Chris Wanstrath
2011 NASA Open Source Summit - Chris Wanstrath2011 NASA Open Source Summit - Chris Wanstrath
2011 NASA Open Source Summit - Chris Wanstrath
 

2011 NASA Open Source Summit - Bob Sutor

  • 1. Bob Sutor – VP, Open Systems Strategy 29 March, 2011 Open Source Governance for your Organization © 2011 IBM Corporation
  • 2. Before we get started ! Per my website: The content on this site is my own and does not necessarily represent my employer’s positions, strategies or opinions. ! http://www.sutor.com ! This discussion does not constitute legal advice. ! I’m not an attorney, and certainly not an intellectual property attorney, and you should consult one as necessary. 2 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
  • 3. The key question Do you have proper legal controls and business processes in place to deal with open source software? 3 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
  • 4. Your open source governance strategy ! Five years ago, it was not uncommon for that strategy to be defined as “you shall use no open source software.” ! You need to understand the legal risks and responsibilities for any software you use, and weigh those against the business value. ! Work out a plan that specifies what business and legal controls are in place to approve use of open source in your organization or in your products, and make sure you have a well defined escalation path. 4 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
  • 5. What you need to know ! All projects to which your employees or organizational members contribute, the free and open source licenses being used, and the intellectual property commitments those contributions make upon your company or organization. ! All use of open source code within internal processes, product development, and services engagements. 5 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
  • 6. What you need to know ! All open source code that goes into your hardware products, software products, web-delivered services, or are given to your customers as part of consulting and services engagements. ! The location of all open source code repositories used in development, with strict rules about what code with which licenses can be combined (or not). 6 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
  • 7. What you then need to put in place ! Uniform cross-organizational rules and policies about the use of open source, with the ability to audit adherence. ! Tools to determine code provenance: from which original bodies of open source code did your current codebase derive? ! Balanced policies to weigh the business and legal benefits and risks in using open source code. 7 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
  • 8. What you then need to put in place ! Education for all employees and contractors, with special sections appropriate for users, contributors, developers, and distributors of open source code. ! Clear processes defining when decisions about open source can be made locally and when they must be made centrally, with paths for escalating decisions going up both the executive and legal chains. ! An aggressive policy for contributing to the various open source communities from which you benefit in your company or organization. 8 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
  • 9. The IBM experience ! Ten+ years contributing to and leading hundreds of open source projects in efforts such as Linux, Eclipse, and Apache. ! An internal governance process embodied within the Open Source Steering Committee (OSSC), with the set of rules now in their third generation in the last decade. ! The OSSC reviews all IBM external activities involving Open Source including – Starting a new OSS community/project – Contributing to an existing OSS community – Using OSS in IBM products or services – Distributing reference implementations or OSS modifications – Redistributing (OEM or Resell) vendor products containing OSS 9 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
  • 10. Use of open source has grown ! We have seen proposals to the OSSC grow steadily. ! The proposals fall into 3 categories – Already evaluated and approved for use – Meets well-defined criteria and a centralized committee can handle – Complex or original scenarios that are best decided by top of the business ! The governance process continues to evolve – Scalability: handle increase in the number proposals – Delegation: allow business units to drive majority of decisions – Economy: don’t spend money on people and resources to answer questions to which you already know the answers. 10 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
  • 11. Some lessons learned ! We were worried about code quality but we shouldn’t have been. ! We gained a better understanding of the open source domain – Copyright and patent complexities – License terms and conditions – Usual lack of warranty ! We learned to balanced open and proprietary. 11 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
  • 12. Some lessons learned ! We gained a better understanding of the value of open source – How to leverage it in what we do – How and where to contribute – How to work well in open source communities ! We learned to manage the risks. ! We learned it is important to have clear business and strategic reasons for using open source 12 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation
  • 13. Final thoughts ! Develop your open source policy collaboratively among your business, technical, and legal experts, don’t dictate it. ! Education is key for employee and contractor compliance. ! Establish clear policy for what employees can and cannot do with open source in their spare time. ! Consider using code pedigree and scanning services from companies such as Black Duck, OpenLogic, and Palamida. ! Know where handling open source needs to be the same as closed source, and where it needs to be different. ! Plan to iterate on and refine your policy yearly for the first few years. 13 29 March 2011 Bob Sutor - Open Source Governance for your Organization © 2011 IBM Corporation