SlideShare a Scribd company logo

Why FLOSS is a Java developer's best friend: Dave Gruber

JAX London
JAX London

The explosion of new open source projects is changing the game for today’s Java developers. With literally hundreds of thousands of FOSS projects underway, the opportunity to leverage open source to deliver “the trifecta” (faster/better/cheaper) has never been better. In this session we will explore tools and resources that can help you navigate the vast world of open source projects, in addition to sharing tips and tricks that will help you narrow the field so you can quickly get to the right projects for your next application.

Technology
1 of 36
FLOSS: Your New Best Friend Dave Gruber Director of Developer Programs Black Duck Software, Inc. Stewards of ohloh.net
Where do YOU find FLOSS? 1.8m repositories 260k projects 250k projects 108k repositories 28.5k projects 30k projects 250 projects 9.5k projects 2
Sifting though the world of open source GitHub: 1,751,000 repositories SourceForge: 260,000 projects GoogleCode: 250,000 projects Bitbucket: 108,000 repositories Codeplex: 29,000 projects LaunchPad: 28,500 Foundations: 500+ projects Photo from http://splits59.com/blog/?p=49
And are all these real projects? Lots of projects, but – How many are active, how many abandoned? – How many have a team? How important is it that people are still working on a project?
How many projects are active? • 550,000+ projects on Ohloh. • 271,372 with a code analysis. • 96,824 with a commit in the past 2 years. • 46,883 with a commit in the past year. • 29,303 with a commit in the past 6 months. • 21,251 with a commit in the past 3 months. • 12,870 with a commit in the past month. • 5,629 with a commit in the past week. • 1,224 with a commit in the past day
So, how many projects are active? 6000 Days since last commit 5000 4000 3000 17.3% 2000 1000 1 Yr 100 90 80 70 60 50 40 30 20 10 % of All Analyzed Projects
But do these 17% have a team? 2827 Number of Contributors 50 40 30 49.3% 2 or more 8.5% of all analyzed projects 20 10 2 100 90 80 70 60 50 40 30 20 10 % of Active Projects in the Past Year
Languages of live projects Perl C# Ruby Java still leads the pack! PHP JavaScript C Python Top 5000 live projects C++ Other
Take-aways • Only a small fraction of all the projects ever started gain long-term traction. • Less than 5% of all projects analyzed are “live” (1+ commits in the past year, and 2+ committers ever.) • While Java leads the pack, newer projects trending towards Python, PHP, JavaScript. Activity Matters so check before you use!
So how can we sift through all these projects?! Find Evaluate Approve Track
Finding FLOSS is “easy” • Searching the “forges” • Github.com/search • Code.google.com • Sourceforge.com/directory • Codeplex.com/site/search • Bitbucket.org/repo/all • Ask StackOverflow, Google Search Find Evaluate Approve Track
Search public directories Public FOSS Directories – ohloh.net 550,000 projects – olex.openlogic.com 330,000 projects – ostatic.com 120,000 projects – Maven Central search.maven.org – Free Software Foundation http://directory.fsf.org 6850 projects – osalt.com ~500 projects – EOS Directory (Enterprise-ready OSS) ~400 projects Public FOSS Code Search options – code.ohloh.com 11b+ LOC – krugle.org – Codase.com 250m LOC – grepcode.com (Java only) – Symbolhound.com/codesearch – Searchco.de
Choosing the “right” project 1. What languages are used? 2. What’s the license for the project? 3. How is the documentation? 4. How well maintained is the project? 5. How active is the project? 6. Is the code widely used in other places? 7. Size and complexity? 8. Are there known vulnerabilities? 9. Any outstanding lawsuits? 10. Is there commercial support available? 11. Does the project use encryption? 12. What is the quality of the code?
So where are the answers? The easy ones (look at the code or project page) 1. What languages are used? 2. What’s the license for the project? • Or check a project directory like Ohloh, OLEX, etc. 3. How is the documentation? • Look in the wiki, check Ohloh (counts comments) 4. Size and complexity? • Review the code and structure Find Evaluate Approve Track
So where are the answers? A little harder, but still available 5. Are there known vulnerabilities? (National Vulnerabilities DB) • osvdb.org/search/advsearch • web.nvd.nist.gov/view/vuln/search • HP Fortify scans some FLOSS projects 6. How well maintained is the project? • Check the bugbase, see how many high priority bugs are open and for how long 7. How active is the project? • # of active committers, commit stream (Project or Ohloh) 8. Is the code widely used in other places? • Search StackOverflow, google, download stats
So where are the answers? The tougher ones 9. Any outstanding lawsuits? • Google search for project name & “lawsuit” 10. Is there commercial support available? • Companies like Credativ in Germany and OpenLogic in the US support a subset of FOSS projects 11. Does the project use encryption? • Sometimes documented on project sites, otherwise explore the project 12. What is the quality of the code? • Limited # of code quality audits from Coverity (scan.coverity.com)
Approvals • Do you have a formal approval process? • How many of these questions are required? • Know your FOSS policy. • Speed up the process by getting answers in advance! • Automated solutions exist to help Find Evaluate Approve Track
Inventory, Catalog & Tracking Know what and where you use FOSS! – Vulnerabilities – Possible license issues – New releases – Reuse Scan for existing FLOSS, then stay current. Find Evaluate Approve Track
Are you an Open Source free-loader? Ok, so you use… • But do you contribute? – That’s ok. “Freeloading” is just the beginning and where everyone starts.
FLOSS Adoption Lifecycle Mission critical V a Strategic l imperative u e Tactical decision Engineer driven Tech mgmt driven Business strategy driven Opportunistic Policy Engagement Usage Contribution
Why contribute? • As you customize to meet your needs, the community can help further refine. • If you customize and don’t contribute back, you own it forever. Give back and the community can help evolve and maintain. • You got something of value for free, why not give back?
Why start and manage? • If you create something of value… • That’s NOT a competitive differentiator… • But you depend on it… • Building a community around it can accelerate it’s development.
Getting more out of FLOSS What if you could leverage the methods behind FLOSS for internal development? – Is there an opportunity to leverage the inner workings of open source development to refine internal development? – What’s to be learned?
“Innersourcing” The application of best practices, processes, culture and methodologies taken from the open source world and applied to internal software development and innovation efforts. 10/16/2012 24
Characteristics 1. Transparency 2. Collaboration 3. Self-organization 4. Egalitarianism 5. Meritocracy 10/16/2012 25
Compared to internal dev FOSS Internal 1. Transparency 1. Need-to-know 2. Collaboration 2. Self-motivated 3. Self-organization 3. Org boundaries 4. Egalitarianism 4. Chain of command 5. Meritocracy 5. Autocratic 10/16/2012 26
3 Pillars of Inner-Source Tools & Ethos Processes Mechanisms Inner-Source 10/16/2012 27
Ethos Open access: to all code, documentation, and how decisions were made. Shared, common directory to find SW for reuse and knowledge. Open participation: No artificial boundaries to joining and contributing. Open communication: Visible decision making process. Documented history of all decisions and the reasoning behind them. Open governance: Process is designed and managed in the open. Process changes to meet the needs of the people participating. Open leadership: Leaders are respected based on their ability to execute. If people don’t like the direction of a project: fork it! 10/16/2012 28
Processes Governance – Designed for the people, by the people – Rules of engagement (how to contribute) – How decisions are made – How the rules can be changed in the future – In writing, for all to see Incubate Develop Maintain 10/16/2012 29
Mechanisms and Tools supporting the methods Forge Basic Wiki Infrastructure Requirements Bug Tracker 10/16/2012 30
Mechanisms Forge Code Quality in the open • Bug tracking is typically limited to individual teams Anyone can report issues Bug Tracker New contributors can engage by fixing a bug 10/16/2012 31
Mechanisms – Communications Public wikis – Single point of communication – Self-documenting – Archive history of project decisions and progress Wiki Email lists – Decision making in the open – Self-documenting – Open to all to participate IRC Channels and Forums – Open developer discussions 10/16/2012 32
Potential Benefits 1. Better code - Greater internal code scrutiny 2. Increased innovation and focus on value- added development - More knowledge sharing and code re-use 3. Better resource allocation - Broad expertise 4. Extensive support and buy-in from organization 5. Improved productivity, morale and retention - motivated contributors, job satisfaction! 6. Faster development 10/16/2012 33
Challenges Technology is the “Easy Part” - be aware of: • Management & developer Mindset • Lack of communication and shared purpose • Culture shock and dissonance • Lack of process consistency • Technical mindset shift from delivering binaries to delivering source code • Mindset shift from delivering final product to incremental quality code 10/16/2012 34
Getting Started 1. Define clear community goals, vision, behaviors and expectations 2. Identify ‘seed-collaborators’ and catalysts 3. Choose 1-2 small/common technologies/projects to start 4. Deploy Inner Source platform mechanisms – Forge, Wiki, Bugtracker, Lists, Forums 5. Define a governance model – Communications and incentive program – Who coordinates/approves changes/releases 6. Talk to Management about HR ramifications – Employee performance reviews – Managerial expectations/comfort levels 10/16/2012 35
A free, community resource Dave Gruber Director Developer Programs Black Duck ohloh.net dgruber@blackducksoftware.com @davegruber5 36

Recommended

Tutorial on Using Amazon Mechanical Turk (MTurk) for HCI Research
Tutorial on Using Amazon Mechanical Turk (MTurk) for HCI ResearchTutorial on Using Amazon Mechanical Turk (MTurk) for HCI Research
Tutorial on Using Amazon Mechanical Turk (MTurk) for HCI Research
Ed Chi
 
Open Source Lessons from the TODO Group
Open Source Lessons from the TODO GroupOpen Source Lessons from the TODO Group
Open Source Lessons from the TODO Group
Chris Aniszczyk
 
Open Source Secret Sauce - Lugor Sep 2011
Open Source Secret Sauce - Lugor Sep 2011Open Source Secret Sauce - Lugor Sep 2011
Open Source Secret Sauce - Lugor Sep 2011
Ted Husted
 
Supporting Newcomers in Software Development Projects
Supporting Newcomers in Software Development ProjectsSupporting Newcomers in Software Development Projects
Supporting Newcomers in Software Development Projects
Sebastiano Panichella
 
DSC UTeM DevOps Session#1: Intro to DevOps Presentation Slides
DSC UTeM DevOps Session#1: Intro to DevOps Presentation SlidesDSC UTeM DevOps Session#1: Intro to DevOps Presentation Slides
DSC UTeM DevOps Session#1: Intro to DevOps Presentation Slides
DSC UTeM
 
Identify Development Pains and Resolve Them with Idea Flow
Identify Development Pains and Resolve Them with Idea FlowIdentify Development Pains and Resolve Them with Idea Flow
Identify Development Pains and Resolve Them with Idea Flow
TechWell
 
The hadoop ecosystem table
The hadoop ecosystem tableThe hadoop ecosystem table
The hadoop ecosystem table
Mohamed Magdy
 
Oscon 2016: open source lessons from the todo group
Oscon 2016: open source lessons from the todo groupOscon 2016: open source lessons from the todo group
Oscon 2016: open source lessons from the todo group
Ben VanEvery
 

Recommended

Tutorial on Using Amazon Mechanical Turk (MTurk) for HCI Research
Tutorial on Using Amazon Mechanical Turk (MTurk) for HCI ResearchTutorial on Using Amazon Mechanical Turk (MTurk) for HCI Research
Tutorial on Using Amazon Mechanical Turk (MTurk) for HCI Research
Ed Chi
 
Open Source Lessons from the TODO Group
Open Source Lessons from the TODO GroupOpen Source Lessons from the TODO Group
Open Source Lessons from the TODO Group
Chris Aniszczyk
 
Open Source Secret Sauce - Lugor Sep 2011
Open Source Secret Sauce - Lugor Sep 2011Open Source Secret Sauce - Lugor Sep 2011
Open Source Secret Sauce - Lugor Sep 2011
Ted Husted
 
Supporting Newcomers in Software Development Projects
Supporting Newcomers in Software Development ProjectsSupporting Newcomers in Software Development Projects
Supporting Newcomers in Software Development Projects
Sebastiano Panichella
 
DSC UTeM DevOps Session#1: Intro to DevOps Presentation Slides
DSC UTeM DevOps Session#1: Intro to DevOps Presentation SlidesDSC UTeM DevOps Session#1: Intro to DevOps Presentation Slides
DSC UTeM DevOps Session#1: Intro to DevOps Presentation Slides
DSC UTeM
 
Identify Development Pains and Resolve Them with Idea Flow
Identify Development Pains and Resolve Them with Idea FlowIdentify Development Pains and Resolve Them with Idea Flow
Identify Development Pains and Resolve Them with Idea Flow
TechWell
 
The hadoop ecosystem table
The hadoop ecosystem tableThe hadoop ecosystem table
The hadoop ecosystem table
Mohamed Magdy
 
Oscon 2016: open source lessons from the todo group
Oscon 2016: open source lessons from the todo groupOscon 2016: open source lessons from the todo group
Oscon 2016: open source lessons from the todo group
Ben VanEvery
 
Open Source Building Career and Competency
Open Source Building Career and CompetencyOpen Source Building Career and Competency
Open Source Building Career and Competency
Krishna-Kumar
 
OaaS:Open as a Strategy
OaaS:Open as a StrategyOaaS:Open as a Strategy
OaaS:Open as a Strategy
OpenCity Community
 
gsoc
gsocgsoc
gsoc
Yask Srivastava
 
Intro to open source - 101 presentation
Intro to open source - 101 presentationIntro to open source - 101 presentation
Intro to open source - 101 presentation
Javier Perez
 
First openesb submit at brussels
First openesb submit at brusselsFirst openesb submit at brussels
First openesb submit at brussels
Prabhu Pathak
 
How and Why you can and should Participate in Open Source Projects (AMIS, Sof...
How and Why you can and should Participate in Open Source Projects (AMIS, Sof...How and Why you can and should Participate in Open Source Projects (AMIS, Sof...
How and Why you can and should Participate in Open Source Projects (AMIS, Sof...
Lucas Jellema
 
GoOpen 2010: Sandro D'Elia
GoOpen 2010: Sandro D'EliaGoOpen 2010: Sandro D'Elia
GoOpen 2010: Sandro D'Elia
Friprogsenteret
 
A New Hiring Paradigm
A New Hiring ParadigmA New Hiring Paradigm
A New Hiring Paradigm
MaRS Discovery District
 
What is open source?
What is open source?What is open source?
What is open source?
Ahmet Bulut
 
But we're already open source! Why would I want to bring my code to Apache?
But we're already open source! Why would I want to bring my code to Apache?But we're already open source! Why would I want to bring my code to Apache?
But we're already open source! Why would I want to bring my code to Apache?
gagravarr
 
SLE/GPCE Keynote: What's the value of an end user? Platforms and Research: Th...
SLE/GPCE Keynote: What's the value of an end user? Platforms and Research: Th...SLE/GPCE Keynote: What's the value of an end user? Platforms and Research: Th...
SLE/GPCE Keynote: What's the value of an end user? Platforms and Research: Th...
Stéphane Ducasse
 
stackconf 2022: The State of DevOps and Observability
stackconf 2022: The State of DevOps and Observabilitystackconf 2022: The State of DevOps and Observability
stackconf 2022: The State of DevOps and Observability
NETWAYS
 
2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!
2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!
2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!
Gene Kim
 
Foundation Comparison
Foundation ComparisonFoundation Comparison
Foundation Comparison
Jody Garnett
 
How open source is driving DevOps innovation: CloudOpen NA 2015
How open source is driving DevOps innovation: CloudOpen NA 2015How open source is driving DevOps innovation: CloudOpen NA 2015
How open source is driving DevOps innovation: CloudOpen NA 2015
Gordon Haff
 
The Latest in DevOps: Elite Performance, Productivity, and Scaling - Google
The Latest in DevOps: Elite Performance, Productivity, and Scaling - GoogleThe Latest in DevOps: Elite Performance, Productivity, and Scaling - Google
The Latest in DevOps: Elite Performance, Productivity, and Scaling - Google
Marilyne Huret
 
Engineering Culture and Infrastructure
Engineering Culture and InfrastructureEngineering Culture and Infrastructure
Engineering Culture and Infrastructure
Schubert Zhang
 
Markings of a Healthy OSS Project
Markings of a Healthy OSS ProjectMarkings of a Healthy OSS Project
Markings of a Healthy OSS Project
Clement Ho
 
Open Source: What is It?
Open Source: What is It?Open Source: What is It?
Open Source: What is It?
DuraSpace
 
Open Source Compliance at Twitter
Open Source Compliance at TwitterOpen Source Compliance at Twitter
Open Source Compliance at Twitter
Chris Aniszczyk
 
Everything I know about software in spaghetti bolognese: managing complexity
Everything I know about software in spaghetti bolognese: managing complexityEverything I know about software in spaghetti bolognese: managing complexity
Everything I know about software in spaghetti bolognese: managing complexity
JAX London
 
Devops with the S for Sharing - Patrick Debois
Devops with the S for Sharing - Patrick DeboisDevops with the S for Sharing - Patrick Debois
Devops with the S for Sharing - Patrick Debois
JAX London
 

More Related Content

Similar to Why FLOSS is a Java developer's best friend: Dave Gruber

Open Source Building Career and Competency
Open Source Building Career and CompetencyOpen Source Building Career and Competency
Open Source Building Career and Competency
Krishna-Kumar
 
OaaS:Open as a Strategy
OaaS:Open as a StrategyOaaS:Open as a Strategy
OaaS:Open as a Strategy
OpenCity Community
 
gsoc
gsocgsoc
gsoc
Yask Srivastava
 
Intro to open source - 101 presentation
Intro to open source - 101 presentationIntro to open source - 101 presentation
Intro to open source - 101 presentation
Javier Perez
 
First openesb submit at brussels
First openesb submit at brusselsFirst openesb submit at brussels
First openesb submit at brussels
Prabhu Pathak
 
How and Why you can and should Participate in Open Source Projects (AMIS, Sof...
How and Why you can and should Participate in Open Source Projects (AMIS, Sof...How and Why you can and should Participate in Open Source Projects (AMIS, Sof...
How and Why you can and should Participate in Open Source Projects (AMIS, Sof...
Lucas Jellema
 
GoOpen 2010: Sandro D'Elia
GoOpen 2010: Sandro D'EliaGoOpen 2010: Sandro D'Elia
GoOpen 2010: Sandro D'Elia
Friprogsenteret
 
A New Hiring Paradigm
A New Hiring ParadigmA New Hiring Paradigm
A New Hiring Paradigm
MaRS Discovery District
 
What is open source?
What is open source?What is open source?
What is open source?
Ahmet Bulut
 
But we're already open source! Why would I want to bring my code to Apache?
But we're already open source! Why would I want to bring my code to Apache?But we're already open source! Why would I want to bring my code to Apache?
But we're already open source! Why would I want to bring my code to Apache?
gagravarr
 
SLE/GPCE Keynote: What's the value of an end user? Platforms and Research: Th...
SLE/GPCE Keynote: What's the value of an end user? Platforms and Research: Th...SLE/GPCE Keynote: What's the value of an end user? Platforms and Research: Th...
SLE/GPCE Keynote: What's the value of an end user? Platforms and Research: Th...
Stéphane Ducasse
 
stackconf 2022: The State of DevOps and Observability
stackconf 2022: The State of DevOps and Observabilitystackconf 2022: The State of DevOps and Observability
stackconf 2022: The State of DevOps and Observability
NETWAYS
 
2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!
2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!
2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!
Gene Kim
 
Foundation Comparison
Foundation ComparisonFoundation Comparison
Foundation Comparison
Jody Garnett
 
How open source is driving DevOps innovation: CloudOpen NA 2015
How open source is driving DevOps innovation: CloudOpen NA 2015How open source is driving DevOps innovation: CloudOpen NA 2015
How open source is driving DevOps innovation: CloudOpen NA 2015
Gordon Haff
 
The Latest in DevOps: Elite Performance, Productivity, and Scaling - Google
The Latest in DevOps: Elite Performance, Productivity, and Scaling - GoogleThe Latest in DevOps: Elite Performance, Productivity, and Scaling - Google
The Latest in DevOps: Elite Performance, Productivity, and Scaling - Google
Marilyne Huret
 
Engineering Culture and Infrastructure
Engineering Culture and InfrastructureEngineering Culture and Infrastructure
Engineering Culture and Infrastructure
Schubert Zhang
 
Markings of a Healthy OSS Project
Markings of a Healthy OSS ProjectMarkings of a Healthy OSS Project
Markings of a Healthy OSS Project
Clement Ho
 
Open Source: What is It?
Open Source: What is It?Open Source: What is It?
Open Source: What is It?
DuraSpace
 
Open Source Compliance at Twitter
Open Source Compliance at TwitterOpen Source Compliance at Twitter
Open Source Compliance at Twitter
Chris Aniszczyk
 

Similar to Why FLOSS is a Java developer's best friend: Dave Gruber (20)

Open Source Building Career and Competency
Open Source Building Career and CompetencyOpen Source Building Career and Competency
Open Source Building Career and Competency
 
OaaS:Open as a Strategy
OaaS:Open as a StrategyOaaS:Open as a Strategy
OaaS:Open as a Strategy
 
gsoc
gsocgsoc
gsoc
 
Intro to open source - 101 presentation
Intro to open source - 101 presentationIntro to open source - 101 presentation
Intro to open source - 101 presentation
 
First openesb submit at brussels
First openesb submit at brusselsFirst openesb submit at brussels
First openesb submit at brussels
 
How and Why you can and should Participate in Open Source Projects (AMIS, Sof...
How and Why you can and should Participate in Open Source Projects (AMIS, Sof...How and Why you can and should Participate in Open Source Projects (AMIS, Sof...
How and Why you can and should Participate in Open Source Projects (AMIS, Sof...
 
GoOpen 2010: Sandro D'Elia
GoOpen 2010: Sandro D'EliaGoOpen 2010: Sandro D'Elia
GoOpen 2010: Sandro D'Elia
 
A New Hiring Paradigm
A New Hiring ParadigmA New Hiring Paradigm
A New Hiring Paradigm
 
What is open source?
What is open source?What is open source?
What is open source?
 
But we're already open source! Why would I want to bring my code to Apache?
But we're already open source! Why would I want to bring my code to Apache?But we're already open source! Why would I want to bring my code to Apache?
But we're already open source! Why would I want to bring my code to Apache?
 
SLE/GPCE Keynote: What's the value of an end user? Platforms and Research: Th...
SLE/GPCE Keynote: What's the value of an end user? Platforms and Research: Th...SLE/GPCE Keynote: What's the value of an end user? Platforms and Research: Th...
SLE/GPCE Keynote: What's the value of an end user? Platforms and Research: Th...
 
stackconf 2022: The State of DevOps and Observability
stackconf 2022: The State of DevOps and Observabilitystackconf 2022: The State of DevOps and Observability
stackconf 2022: The State of DevOps and Observability
 
2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!
2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!
2013 Velocity DevOps Metrics -- It's Not Just For WebOps Any More!
 
Foundation Comparison
Foundation ComparisonFoundation Comparison
Foundation Comparison
 
How open source is driving DevOps innovation: CloudOpen NA 2015
How open source is driving DevOps innovation: CloudOpen NA 2015How open source is driving DevOps innovation: CloudOpen NA 2015
How open source is driving DevOps innovation: CloudOpen NA 2015
 
The Latest in DevOps: Elite Performance, Productivity, and Scaling - Google
The Latest in DevOps: Elite Performance, Productivity, and Scaling - GoogleThe Latest in DevOps: Elite Performance, Productivity, and Scaling - Google
The Latest in DevOps: Elite Performance, Productivity, and Scaling - Google
 
Engineering Culture and Infrastructure
Engineering Culture and InfrastructureEngineering Culture and Infrastructure
Engineering Culture and Infrastructure
 
Markings of a Healthy OSS Project
Markings of a Healthy OSS ProjectMarkings of a Healthy OSS Project
Markings of a Healthy OSS Project
 
Open Source: What is It?
Open Source: What is It?Open Source: What is It?
Open Source: What is It?
 
Open Source Compliance at Twitter
Open Source Compliance at TwitterOpen Source Compliance at Twitter
Open Source Compliance at Twitter
 

More from JAX London

Everything I know about software in spaghetti bolognese: managing complexity
Everything I know about software in spaghetti bolognese: managing complexityEverything I know about software in spaghetti bolognese: managing complexity
Everything I know about software in spaghetti bolognese: managing complexity
JAX London
 
Devops with the S for Sharing - Patrick Debois
Devops with the S for Sharing - Patrick DeboisDevops with the S for Sharing - Patrick Debois
Devops with the S for Sharing - Patrick Debois
JAX London
 
Busy Developer's Guide to Windows 8 HTML/JavaScript Apps
Busy Developer's Guide to Windows 8 HTML/JavaScript AppsBusy Developer's Guide to Windows 8 HTML/JavaScript Apps
Busy Developer's Guide to Windows 8 HTML/JavaScript Apps
JAX London
 
It's code but not as we know: Infrastructure as Code - Patrick Debois
It's code but not as we know: Infrastructure as Code - Patrick DeboisIt's code but not as we know: Infrastructure as Code - Patrick Debois
It's code but not as we know: Infrastructure as Code - Patrick Debois
JAX London
 
Locks? We Don't Need No Stinkin' Locks - Michael Barker
Locks? We Don't Need No Stinkin' Locks - Michael BarkerLocks? We Don't Need No Stinkin' Locks - Michael Barker
Locks? We Don't Need No Stinkin' Locks - Michael Barker
JAX London
 
Worse is better, for better or for worse - Kevlin Henney
Worse is better, for better or for worse - Kevlin HenneyWorse is better, for better or for worse - Kevlin Henney
Worse is better, for better or for worse - Kevlin Henney
JAX London
 
Java performance: What's the big deal? - Trisha Gee
Java performance: What's the big deal? - Trisha GeeJava performance: What's the big deal? - Trisha Gee
Java performance: What's the big deal? - Trisha Gee
JAX London
 
Clojure made-simple - John Stevenson
Clojure made-simple - John StevensonClojure made-simple - John Stevenson
Clojure made-simple - John Stevenson
JAX London
 
HTML alchemy: the secrets of mixing JavaScript and Java EE - Matthias Wessendorf
HTML alchemy: the secrets of mixing JavaScript and Java EE - Matthias WessendorfHTML alchemy: the secrets of mixing JavaScript and Java EE - Matthias Wessendorf
HTML alchemy: the secrets of mixing JavaScript and Java EE - Matthias Wessendorf
JAX London
 
Play framework 2 : Peter Hilton
Play framework 2 : Peter HiltonPlay framework 2 : Peter Hilton
Play framework 2 : Peter Hilton
JAX London
 
Complexity theory and software development : Tim Berglund
Complexity theory and software development : Tim BerglundComplexity theory and software development : Tim Berglund
Complexity theory and software development : Tim Berglund
JAX London
 
Akka in Action: Heiko Seeburger
Akka in Action: Heiko SeeburgerAkka in Action: Heiko Seeburger
Akka in Action: Heiko Seeburger
JAX London
 
NoSQL Smackdown 2012 : Tim Berglund
NoSQL Smackdown 2012 : Tim BerglundNoSQL Smackdown 2012 : Tim Berglund
NoSQL Smackdown 2012 : Tim Berglund
JAX London
 
Closures, the next "Big Thing" in Java: Russel Winder
Closures, the next "Big Thing" in Java: Russel WinderClosures, the next "Big Thing" in Java: Russel Winder
Closures, the next "Big Thing" in Java: Russel Winder
JAX London
 
Java and the machine - Martijn Verburg and Kirk Pepperdine
Java and the machine - Martijn Verburg and Kirk PepperdineJava and the machine - Martijn Verburg and Kirk Pepperdine
Java and the machine - Martijn Verburg and Kirk Pepperdine
JAX London
 
Mongo DB on the JVM - Brendan McAdams
Mongo DB on the JVM - Brendan McAdamsMongo DB on the JVM - Brendan McAdams
Mongo DB on the JVM - Brendan McAdams
JAX London
 
New opportunities for connected data - Ian Robinson
New opportunities for connected data - Ian RobinsonNew opportunities for connected data - Ian Robinson
New opportunities for connected data - Ian Robinson
JAX London
 
HTML5 Websockets and Java - Arun Gupta
HTML5 Websockets and Java - Arun GuptaHTML5 Websockets and Java - Arun Gupta
HTML5 Websockets and Java - Arun Gupta
JAX London
 
The Big Data Con: Why Big Data is a Problem, not a Solution - Ian Plosker
The Big Data Con: Why Big Data is a Problem, not a Solution - Ian PloskerThe Big Data Con: Why Big Data is a Problem, not a Solution - Ian Plosker
The Big Data Con: Why Big Data is a Problem, not a Solution - Ian Plosker
JAX London
 
Bluffers guide to elitist jargon - Martijn Verburg, Richard Warburton, James ...
Bluffers guide to elitist jargon - Martijn Verburg, Richard Warburton, James ...Bluffers guide to elitist jargon - Martijn Verburg, Richard Warburton, James ...
Bluffers guide to elitist jargon - Martijn Verburg, Richard Warburton, James ...
JAX London
 

More from JAX London (20)

Everything I know about software in spaghetti bolognese: managing complexity
Everything I know about software in spaghetti bolognese: managing complexityEverything I know about software in spaghetti bolognese: managing complexity
Everything I know about software in spaghetti bolognese: managing complexity
 
Devops with the S for Sharing - Patrick Debois
Devops with the S for Sharing - Patrick DeboisDevops with the S for Sharing - Patrick Debois
Devops with the S for Sharing - Patrick Debois
 
Busy Developer's Guide to Windows 8 HTML/JavaScript Apps
Busy Developer's Guide to Windows 8 HTML/JavaScript AppsBusy Developer's Guide to Windows 8 HTML/JavaScript Apps
Busy Developer's Guide to Windows 8 HTML/JavaScript Apps
 
It's code but not as we know: Infrastructure as Code - Patrick Debois
It's code but not as we know: Infrastructure as Code - Patrick DeboisIt's code but not as we know: Infrastructure as Code - Patrick Debois
It's code but not as we know: Infrastructure as Code - Patrick Debois
 
Locks? We Don't Need No Stinkin' Locks - Michael Barker
Locks? We Don't Need No Stinkin' Locks - Michael BarkerLocks? We Don't Need No Stinkin' Locks - Michael Barker
Locks? We Don't Need No Stinkin' Locks - Michael Barker
 
Worse is better, for better or for worse - Kevlin Henney
Worse is better, for better or for worse - Kevlin HenneyWorse is better, for better or for worse - Kevlin Henney
Worse is better, for better or for worse - Kevlin Henney
 
Java performance: What's the big deal? - Trisha Gee
Java performance: What's the big deal? - Trisha GeeJava performance: What's the big deal? - Trisha Gee
Java performance: What's the big deal? - Trisha Gee
 
Clojure made-simple - John Stevenson
Clojure made-simple - John StevensonClojure made-simple - John Stevenson
Clojure made-simple - John Stevenson
 
HTML alchemy: the secrets of mixing JavaScript and Java EE - Matthias Wessendorf
HTML alchemy: the secrets of mixing JavaScript and Java EE - Matthias WessendorfHTML alchemy: the secrets of mixing JavaScript and Java EE - Matthias Wessendorf
HTML alchemy: the secrets of mixing JavaScript and Java EE - Matthias Wessendorf
 
Play framework 2 : Peter Hilton
Play framework 2 : Peter HiltonPlay framework 2 : Peter Hilton
Play framework 2 : Peter Hilton
 
Complexity theory and software development : Tim Berglund
Complexity theory and software development : Tim BerglundComplexity theory and software development : Tim Berglund
Complexity theory and software development : Tim Berglund
 
Akka in Action: Heiko Seeburger
Akka in Action: Heiko SeeburgerAkka in Action: Heiko Seeburger
Akka in Action: Heiko Seeburger
 
NoSQL Smackdown 2012 : Tim Berglund
NoSQL Smackdown 2012 : Tim BerglundNoSQL Smackdown 2012 : Tim Berglund
NoSQL Smackdown 2012 : Tim Berglund
 
Closures, the next "Big Thing" in Java: Russel Winder
Closures, the next "Big Thing" in Java: Russel WinderClosures, the next "Big Thing" in Java: Russel Winder
Closures, the next "Big Thing" in Java: Russel Winder
 
Java and the machine - Martijn Verburg and Kirk Pepperdine
Java and the machine - Martijn Verburg and Kirk PepperdineJava and the machine - Martijn Verburg and Kirk Pepperdine
Java and the machine - Martijn Verburg and Kirk Pepperdine
 
Mongo DB on the JVM - Brendan McAdams
Mongo DB on the JVM - Brendan McAdamsMongo DB on the JVM - Brendan McAdams
Mongo DB on the JVM - Brendan McAdams
 
New opportunities for connected data - Ian Robinson
New opportunities for connected data - Ian RobinsonNew opportunities for connected data - Ian Robinson
New opportunities for connected data - Ian Robinson
 
HTML5 Websockets and Java - Arun Gupta
HTML5 Websockets and Java - Arun GuptaHTML5 Websockets and Java - Arun Gupta
HTML5 Websockets and Java - Arun Gupta
 
The Big Data Con: Why Big Data is a Problem, not a Solution - Ian Plosker
The Big Data Con: Why Big Data is a Problem, not a Solution - Ian PloskerThe Big Data Con: Why Big Data is a Problem, not a Solution - Ian Plosker
The Big Data Con: Why Big Data is a Problem, not a Solution - Ian Plosker
 
Bluffers guide to elitist jargon - Martijn Verburg, Richard Warburton, James ...
Bluffers guide to elitist jargon - Martijn Verburg, Richard Warburton, James ...Bluffers guide to elitist jargon - Martijn Verburg, Richard Warburton, James ...
Bluffers guide to elitist jargon - Martijn Verburg, Richard Warburton, James ...
 

Recently uploaded

Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
Claudio Di Ciccio
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 

Recently uploaded (20)

Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 

Why FLOSS is a Java developer's best friend: Dave Gruber

  • 1. FLOSS: Your New Best Friend Dave Gruber Director of Developer Programs Black Duck Software, Inc. Stewards of ohloh.net
  • 2. Where do YOU find FLOSS? 1.8m repositories 260k projects 250k projects 108k repositories 28.5k projects 30k projects 250 projects 9.5k projects 2
  • 3. Sifting though the world of open source GitHub: 1,751,000 repositories SourceForge: 260,000 projects GoogleCode: 250,000 projects Bitbucket: 108,000 repositories Codeplex: 29,000 projects LaunchPad: 28,500 Foundations: 500+ projects Photo from http://splits59.com/blog/?p=49
  • 4. And are all these real projects? Lots of projects, but – How many are active, how many abandoned? – How many have a team? How important is it that people are still working on a project?
  • 5. How many projects are active? • 550,000+ projects on Ohloh. • 271,372 with a code analysis. • 96,824 with a commit in the past 2 years. • 46,883 with a commit in the past year. • 29,303 with a commit in the past 6 months. • 21,251 with a commit in the past 3 months. • 12,870 with a commit in the past month. • 5,629 with a commit in the past week. • 1,224 with a commit in the past day
  • 6. So, how many projects are active? 6000 Days since last commit 5000 4000 3000 17.3% 2000 1000 1 Yr 100 90 80 70 60 50 40 30 20 10 % of All Analyzed Projects
  • 7. But do these 17% have a team? 2827 Number of Contributors 50 40 30 49.3% 2 or more 8.5% of all analyzed projects 20 10 2 100 90 80 70 60 50 40 30 20 10 % of Active Projects in the Past Year
  • 8. Languages of live projects Perl C# Ruby Java still leads the pack! PHP JavaScript C Python Top 5000 live projects C++ Other
  • 9. Take-aways • Only a small fraction of all the projects ever started gain long-term traction. • Less than 5% of all projects analyzed are “live” (1+ commits in the past year, and 2+ committers ever.) • While Java leads the pack, newer projects trending towards Python, PHP, JavaScript. Activity Matters so check before you use!
  • 10. So how can we sift through all these projects?! Find Evaluate Approve Track
  • 11. Finding FLOSS is “easy” • Searching the “forges” • Github.com/search • Code.google.com • Sourceforge.com/directory • Codeplex.com/site/search • Bitbucket.org/repo/all • Ask StackOverflow, Google Search Find Evaluate Approve Track
  • 12. Search public directories Public FOSS Directories – ohloh.net 550,000 projects – olex.openlogic.com 330,000 projects – ostatic.com 120,000 projects – Maven Central search.maven.org – Free Software Foundation http://directory.fsf.org 6850 projects – osalt.com ~500 projects – EOS Directory (Enterprise-ready OSS) ~400 projects Public FOSS Code Search options – code.ohloh.com 11b+ LOC – krugle.org – Codase.com 250m LOC – grepcode.com (Java only) – Symbolhound.com/codesearch – Searchco.de
  • 13. Choosing the “right” project 1. What languages are used? 2. What’s the license for the project? 3. How is the documentation? 4. How well maintained is the project? 5. How active is the project? 6. Is the code widely used in other places? 7. Size and complexity? 8. Are there known vulnerabilities? 9. Any outstanding lawsuits? 10. Is there commercial support available? 11. Does the project use encryption? 12. What is the quality of the code?
  • 14. So where are the answers? The easy ones (look at the code or project page) 1. What languages are used? 2. What’s the license for the project? • Or check a project directory like Ohloh, OLEX, etc. 3. How is the documentation? • Look in the wiki, check Ohloh (counts comments) 4. Size and complexity? • Review the code and structure Find Evaluate Approve Track
  • 15. So where are the answers? A little harder, but still available 5. Are there known vulnerabilities? (National Vulnerabilities DB) • osvdb.org/search/advsearch • web.nvd.nist.gov/view/vuln/search • HP Fortify scans some FLOSS projects 6. How well maintained is the project? • Check the bugbase, see how many high priority bugs are open and for how long 7. How active is the project? • # of active committers, commit stream (Project or Ohloh) 8. Is the code widely used in other places? • Search StackOverflow, google, download stats
  • 16. So where are the answers? The tougher ones 9. Any outstanding lawsuits? • Google search for project name & “lawsuit” 10. Is there commercial support available? • Companies like Credativ in Germany and OpenLogic in the US support a subset of FOSS projects 11. Does the project use encryption? • Sometimes documented on project sites, otherwise explore the project 12. What is the quality of the code? • Limited # of code quality audits from Coverity (scan.coverity.com)
  • 17. Approvals • Do you have a formal approval process? • How many of these questions are required? • Know your FOSS policy. • Speed up the process by getting answers in advance! • Automated solutions exist to help Find Evaluate Approve Track
  • 18. Inventory, Catalog & Tracking Know what and where you use FOSS! – Vulnerabilities – Possible license issues – New releases – Reuse Scan for existing FLOSS, then stay current. Find Evaluate Approve Track
  • 19. Are you an Open Source free-loader? Ok, so you use… • But do you contribute? – That’s ok. “Freeloading” is just the beginning and where everyone starts.
  • 20. FLOSS Adoption Lifecycle Mission critical V a Strategic l imperative u e Tactical decision Engineer driven Tech mgmt driven Business strategy driven Opportunistic Policy Engagement Usage Contribution
  • 21. Why contribute? • As you customize to meet your needs, the community can help further refine. • If you customize and don’t contribute back, you own it forever. Give back and the community can help evolve and maintain. • You got something of value for free, why not give back?
  • 22. Why start and manage? • If you create something of value… • That’s NOT a competitive differentiator… • But you depend on it… • Building a community around it can accelerate it’s development.
  • 23. Getting more out of FLOSS What if you could leverage the methods behind FLOSS for internal development? – Is there an opportunity to leverage the inner workings of open source development to refine internal development? – What’s to be learned?
  • 24. “Innersourcing” The application of best practices, processes, culture and methodologies taken from the open source world and applied to internal software development and innovation efforts. 10/16/2012 24
  • 25. Characteristics 1. Transparency 2. Collaboration 3. Self-organization 4. Egalitarianism 5. Meritocracy 10/16/2012 25
  • 26. Compared to internal dev FOSS Internal 1. Transparency 1. Need-to-know 2. Collaboration 2. Self-motivated 3. Self-organization 3. Org boundaries 4. Egalitarianism 4. Chain of command 5. Meritocracy 5. Autocratic 10/16/2012 26
  • 27. 3 Pillars of Inner-Source Tools & Ethos Processes Mechanisms Inner-Source 10/16/2012 27
  • 28. Ethos Open access: to all code, documentation, and how decisions were made. Shared, common directory to find SW for reuse and knowledge. Open participation: No artificial boundaries to joining and contributing. Open communication: Visible decision making process. Documented history of all decisions and the reasoning behind them. Open governance: Process is designed and managed in the open. Process changes to meet the needs of the people participating. Open leadership: Leaders are respected based on their ability to execute. If people don’t like the direction of a project: fork it! 10/16/2012 28
  • 29. Processes Governance – Designed for the people, by the people – Rules of engagement (how to contribute) – How decisions are made – How the rules can be changed in the future – In writing, for all to see Incubate Develop Maintain 10/16/2012 29
  • 30. Mechanisms and Tools supporting the methods Forge Basic Wiki Infrastructure Requirements Bug Tracker 10/16/2012 30
  • 31. Mechanisms Forge Code Quality in the open • Bug tracking is typically limited to individual teams Anyone can report issues Bug Tracker New contributors can engage by fixing a bug 10/16/2012 31
  • 32. Mechanisms – Communications Public wikis – Single point of communication – Self-documenting – Archive history of project decisions and progress Wiki Email lists – Decision making in the open – Self-documenting – Open to all to participate IRC Channels and Forums – Open developer discussions 10/16/2012 32
  • 33. Potential Benefits 1. Better code - Greater internal code scrutiny 2. Increased innovation and focus on value- added development - More knowledge sharing and code re-use 3. Better resource allocation - Broad expertise 4. Extensive support and buy-in from organization 5. Improved productivity, morale and retention - motivated contributors, job satisfaction! 6. Faster development 10/16/2012 33
  • 34. Challenges Technology is the “Easy Part” - be aware of: • Management & developer Mindset • Lack of communication and shared purpose • Culture shock and dissonance • Lack of process consistency • Technical mindset shift from delivering binaries to delivering source code • Mindset shift from delivering final product to incremental quality code 10/16/2012 34
  • 35. Getting Started 1. Define clear community goals, vision, behaviors and expectations 2. Identify ‘seed-collaborators’ and catalysts 3. Choose 1-2 small/common technologies/projects to start 4. Deploy Inner Source platform mechanisms – Forge, Wiki, Bugtracker, Lists, Forums 5. Define a governance model – Communications and incentive program – Who coordinates/approves changes/releases 6. Talk to Management about HR ramifications – Employee performance reviews – Managerial expectations/comfort levels 10/16/2012 35
  • 36. A free, community resource Dave Gruber Director Developer Programs Black Duck ohloh.net dgruber@blackducksoftware.com @davegruber5 36