OSS Governance

Open Source Governance in the Enterprise Bruno Cornec & Fouad Bendris Open Source & Linux Technology Architect HP/Intel Solution Center © 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to ch

Open Source Governance in the Enterprise Agenda • Introduction • Open Source in the Enterprise • What is Open Source Governance? −Concepts −Best practices • HP's Open Source Governance initiative −FOSSBazaar −FOSSology −HP Health Check services 2 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Introducting myself • Software engineering since 1988 −Mostly Configuration Management Systems (CMS), Build systems, quality tools, on multiple commercial Unix systems • Discover Open Source & Linux (OSL) & first contributions in 1993 • Full time on OSL since 1995, first as HP reseller then @HP • Currently… −Technology Architect on OSL for the HP/Intel Solution Center −OSL HP Ambassador −EMEA OSL HP Profession Lead −Solutions Linux Conference board member −MondoRescue, Dploy.org, Project-Builder.org project leader −LinuxCOE, mrepo, tellico contributor −Mandriva, Fedora distribution packager 3 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise “Open Source” is three things Licenses Community Methodology Almost 60 licenses today Communal, shared Any collection of Some require that code development developers with a changes be returned to Various projects each common interest the community at large with their own Historically made up of These are called subculture free agents copyleft or reciprocal Governance models vary Increasingly funded by They are not viral widely, some autocratic, large companies sharing This requirement is what others consensus based development costs makes the methodology Very few roadmaps, but Governments and work some projects are academia also Other licenses are starting to publish them contributing at an similar to the public Influence and control is increasing pace domain and have few achieved by being requirements integrated & involved Copyrights are still a Individuals are largely in core foundational control, not companies element of all open source licenses •You can use all three as a competitive advantage You •The business model shifts to subscriptions and support The •The more you get involved, the more you can influence/control The 4 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Free & Open Source Software (FOSS) Licenses no-charge software source code available binary-only source with limitations FOSS Adobe Reader many java Sun libraries copyleft no impact on SCSL other code freeware Microsoft shared source shareware GNU GPL W3C IBM BSD GNU LGPL Mozilla Apache MIT Reference URL: http://www.gnu.org/licenses/licenses.en.html 5 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Free & Open Source Licenses Key Points  Redistribution is permitted without a need to pay fees for distributed copies.  Source code is available and may be modified.  Modified versions may be distributed with permission for others to do all the above. FOSS goals are: Knowledge sharing Modification to adapt Learn by looking inside A FOSS is like a car whose hood is open 6 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Open Source Governance Concepts 7 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise What is IT Governance? Specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT. (Weill & Ross, “IT Governance”) IT Governance is the organizational capacity exercised by the board, executive management and IT management to control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT. (Van Grembergen, 2002) IT Governance is the effective management of all IT assets, functions & processes in support of the enterprise’s business objectives. 8 18 November 2009 HP Proprietary FOSS Governance / Bruno Cornec / HP 12

Open Source Governance in the Enterprise Scope of IT Governance • IT operating principles • Project/Program methodology − Changes brought by extensive FOSS usage − FOSS program office addition impact, FOSS on operational principles (buy, build, review in the development process reuse, ...) • Human capital • IT project portfolio − Employee participation, performance plan • Enterprise Architecture impact, employment contract impact • IT application portfolio • Software Development Life Cycle − Impact of mixing stacks using FOSS, − Interaction with FOSS communities, its viability evaluation of the technical fit first. • IT procurement • IT finance • IT sourcing • IT infrastructure / operations − Impact of FOSS on In/Out sourcing − FOSS deployment and management impacts • CRM / SRM Open Source will effect many areas within an organization’s IT governance structure depending upon the organization’s business model 9 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Open Source Governance: Why now? • Compelling FOSS value proposition leading to increased pervasiveness. • FOSS usage & contributions often unclear, under the radar. 80% of IT environments WW (Gartner) include or will include open source SW, but less than 10% are conscious of the risks incurred. • Increasing worldwide requirements for compliance – Distribution & acquisitions issues. • Current IT policies and processes not designed for open source: −Usage must be reviewed in context. −Legal exposure from ~60 OSI “approved” licenses (HP tracks 200+). −License violations can have different consequences than traditional software. Best practices and streamlined processes required to reap benefits and mitigate risks => Eliminate (perceived) risk of using Open Source. 10 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Why FOSS is any different than Commercial Software? To use commercial software in your development process, you must go through…. Procurement! 11 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Accepting and Managing Open Source • The question is not if an enterprise should use FOSS, but rather when, how, where, and with whom. • FOSS is unavoidable, it's even already there. • Questions that need to be answered: −How is FOSS chosen and acquired? −Where does it come from? −How and where is it used? −How is it supported? −What version should I be running? −Is it LSB compliant? −What are the license obligations? −How is it deployed, managed, updated and secured? −How is it tracked (how is the project tracked)? 12 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise “The goal of all of this is to reduce a barrier to adoption of FOSS by enterprises. When you can understand it and you can manage it, the FUD factor goes away.” Christine Martino, as quoted in Matt Asay’s CNET blog on 2008-01-27 13 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise What is Open Source Governance? Open source governance is a framework of policies, processes and tools that helps an organization effectively manage all of its interactions with open source software resulting in optimal use and reduced risk. Image source: http://www.niehs.nih.gov/kids/illusion/illusions7.htm 14 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Depends on who you ask ... • What OSS is contained in this product I just purchased from my ISV partner? (Procurement) • What are the license obligations for using this OSS in our company's products? (Legal) • Which of these open source LDAP servers will best suit my IT infrastructure? (IT Department) • Is this open source xml parser really going to save me 20% of my engineer's time? (Engineering manager) • So, you work on our flagship management software product, but you also want to contribute to nagios? (IP Department) • Will statically linking this OSS library to my application cause me any problems? (S/W developer) 15 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Open Source Governance Best practices 16 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise HP’s interaction with FOSS • Internal Usage −OpenLDAP, Jabber (XMPP), bind (DNS), postfix (SMTP), sympa, mediawiki, etc… • Incorporated in our Software Products −OpenView, Insight Manager, SSSTK, PSP, … many software products including kernel modules • Ship Open Source Distributions −Red Hat, Suse, Debian, etc… • Embedded in our hardware products −Printers, televisions, storage devices, etc… • Active participants in the communities −Contributors in dozens of projects (including Linux, Debian, Samba, bind, sympa, ...) −Maintainers in several projects (including Debian, LinuxCOE, MondoRescue, cciss, ...) http://opensource.hp.com/opensource_projects.html 17 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Open Source Governance Maturity Model Level HP today Open source librarian and quality assurance 5 “Golden” repository of software and metadata 4 3 Automated tools and workflow 2 Policy and processes 1 Training and awareness Most customers 18 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise HP Open Source Governance IP Best Practices (HP internally-developed) Tools • Defined and communicated corporate-  Agents: wide policies (training, awareness &  License analysis knowledge base)  Source code reuse • Open Source Program Office Central place where all open source activities  Linux kernel taint are understood for consistent communication analysis inside/outside the company. Reponsible of http://opensource.hp.com and HP's promotion.  LSB compliance • Open Source Review Board (conceptual) Core Governance process evolving throughout  Code repository (in years, controlled by a virtual team of Open Source experts. development) Control FOSS used, delivered, shipped, new  Meta data (in FOSS products, employee contributions, ... development) • Open Source Policy Manual  OSRB portal / proposal • Legal FOSS expertise tracking system 19 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise HP Open Source Program Office Fast track OSRB OSRB check for Add’l info Proposals: Approved. (New & OSRB OSRB OSRB Reject Attorney Go Go Go Submitter Resubmit) Pre- IP Final On-hold Review Review Review Review Request for Add’l info Feedback: Go/No Go, Add’l Info Automated Communications Manual Activities 20 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise HP's Open Source Governance initiative New community initiatives Major IP contributions New HP services 21 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise HP FOSS Governance Initiative Major HP's intellectual property contribution: • An international open source community program launched focussed on FOSS governance including − FOSSBazaar: a Web based community to develop, share and provide information and industry best practices to take advantage of FOSS benefits, Founded by HP along with partners: Coverity, Google, Linux Foundation, Novell, Olliance Group, OpenLogic and SourceForge − FOSSology: a Web based community to develop an architectural framework and tools to analyze FOSS, founded by HP. IT Mgmt Service SIs/VARs −An ecosystem Providers • Centered on FOSSBazaar ISVs & Academia • Partners/Corp and academia developers, best IHVs practices and tools Gov/Pub Corp Sector Developers • HP C&I and Partners Services • HP SW BTO solutions −Bridging Developing and supporting the utilization of open • The FOSS and the Business Communities standards 22 23 18 November 2009 7 mars 2008 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Why is HP investing in FOSSBazaar and FOSSology? • Our FSI customers have asked HP to open source our governance tools. • Demonstrate HP’s leadership and strong commitment to the Open Source movement. −Small projects and/or vendors have begun to address some of this need in a piece-meal fashion. • This initiative is not in competition with any other organization or individual: −Anyone can join FOSSBazaar and access the documentation and tools, download, modify, and use what is provided. −Any contributor can join FOSSology. −Competition is for products (Open Logic, Palamida, Black Duck, Krugle) and services. • Enable C&I FOSS governance service revenue. • Leverage the power of many to speed-up the adoption of FOSS. 23 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise FOSSBazaar • A workgroup of the Linux Foundation For FOSS users & experts in • HP’s FOSS Governance Fundamentals document businesses, institutions & • HP Whitepapers: governments. − “Best practices in open source governance” − “Open source governance: Critical business considerations and strategies” • Assessment guides: − Open source Governance Maturity Self-assessment survey − Open source Supportability Assessment (OSSA) tools & process • Moderated forums − General/getting started, legal & licensing, policy and process, security, lifecycle management, support • Blogs authored by industry experts • News articles • Links providing access to sponsors/vendors − (i.e. HP’s C&I services, OpenLogic), other open source communities of interest (i.e. openBRR) • Tools area, − Link to FOSSology project 24 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise FOSSology • Makesit easier to inventory, study and evaluate free and open source software. Report −Dedicated to the development of Generation Agents Governance tools. OSS Discovery & −Encompassing a code repository, a Extraction meta-data database, and an open source license detection agent Meta-data License Detection •Add’l agents will be developed Database over time Code Reuse −Based on an extensible architecture designed by HP (Nomos) Integration Testing Results •Enable anyone to create and easily plug-in new functionality. Vulnerability/Security Open Source Software Repository Monitor −Academia, enterprise researchers & LSB Compliance developers interested in deploying and others… FOSS • Download site for the FOSSology HP Initial IP 1st Half ‘08 Future ideas tool Software: HP contribution http://www.fossology.org 25 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Key Paradigm Tools are NOT a replacement for Open Source governance processes but will improve the processes by providing: • Enablement (manual process not viable) • Efficiencies (improved TCO) • Agility (improved time-to-market) • Reliability (license detection) • Scalability (single package as well as complete distribution) 26 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Open Source Health Check - What is it? • A set of services to diagnose the use of Open Source in an enterprise • Designed to answer 3 key questions −What OSS is used in my company? −Where is it being used? −How is it being used? • Diagnosis is base for eventual process improvement 27 18 November 2009 FOSS Governance / Bruno Cornec / HP

Open Source Governance in the Enterprise Bruno.Cornec@hp.com (Linux Solution Consultant in the Contact HP/Intel Solution Center) http://www.hp.com/linux ”Changes are never easy to make. There is comfort and safety in tradition, but change must come, no matter how painful or expensive it may be.” Linus Torvalds, Richard Stallman, Bill Hewlett Eric Raymond, Nat Makarevitch, René Cougnenc, Eric Dumas, Rémy Card, Phil Robb, Michael Thanks Wenig among others, for their work and devotion to the Open Source Software cause... and my family for their patience :-) 28 18 November 2009 FOSS Governance / Bruno Cornec / HP

http://fossa.inria.fr	10937
http://www.itssv6.eu	36
http://site.inria.fr	13
http://www.fuscia.info	9
http://128.93.162.20	3
http://site	2
http://itssv6.eu	1
http://utop	1
http://translate.googleusercontent.com	1
http://fossa	1

OSS Governance

by fOSSa - Free Open Source Software Academia Conference on Jul 12, 2010

Accessibility

Categories

Upload Details

Usage Rights

10 Embeds 11,004

Statistics

OSS Governance Presentation Transcript