Open source software (OSS) is pervasive in today?s deployed software and the supply chain. Gartner estimates that by 2016, open source will be included in mission-critical software packages in 99 percent of global enterprises. There are over a million freely downloadable open source components that development organizations can use to build better software faster. But as open source software is more broadly used, IT organizations struggle to manage risk, control software assets and ensure compliance. In an environment where development organizations are under intense pressure to keep pace in competitive markets, a lack of formal policies and ad-hoc management practices for open source create unnecessary exposure.
2. Why open source?
Open source software (OSS) is pervasive in today’s software lifecycle and supply chain. Gartner
estimates that by 2016, open source will be included in mission-critical software packages in
99 percent of global enterprises. Open source is used to build applications, products and services
and offers hundreds of thousands of freely downloadable code components that can be leveraged to
speed development and slash budgets by thousands, or even millions, of dollars.
While cloud computing, mobile and distributed
development trends are ramping up the intensity
and pace of application development, development
managers are under even more pressure to improve
time to solution with fewer resources and under
tighter budget restrictions. For mobile application
development in particular, the benefits of OSS
are extremely practical. For example, financial
services firms face tremendous pressure to quickly
deploy high-quality mobile applications, and OSS
components are already proven in the mobile world.
According to Eric Newcomer, former
Chief Architect of Credit Suisse, “Banks
worldwide are seeing universal interest
in online interactions by customers via
mobile devices, and it doesn’t take a lot
of research to discover that most of the
components used in mobile applications are
open source.”
Open source is the most practical and logical way of
leveraging IT resources to respond to the emerging
industry trends that are driving the accelerated
development of mobile applications.
The fastest growing and most agile companies are
built on open source, from Facebook with 800+
million users and Twitter with 500+ million users
to Amazon, YouTube and Google. Apple, the most
valuable company in the world, built its iPhone,
iPad and MacBook products with open source. The
benefits are clear: the industry-standard cost per
line of code (LoC) ranges from $10 to $20 and
the average component used by a Global 2000
organization contains 50,000 LoC per component.
Therefore, the use of OSS could save from $500K to
$1M per project.
2
Growing popularity of open source in the enterprise
3. 3
Open Source in the Code Base
IDC recently reported that IT organizations have
about 30 percent open source in their deployed code
base. In Black Duck’s experience, our “best-in-class”
customers use up to, and even over, 80 percent open
source. These development organizations are taking
advantage of code that already exists, not reinventing
the wheel, and are producing more while coding less.
Open source communities have demonstrated
heightened levels of innovation and speed, and IT
organizations are taking notice. The use of OSS
methods and technologies combined with community
best practices for development has become a strategic
imperative for accelerating software development,
controlling IT costs and remaining competitive.
Established IT organizations are at risk of being
outpaced by this new approach unless they consider
proactively using OSS components and development
methodologies as part of their business strategy.
Given the increasing need to swiftly deploy high-quality
products and applications, many IT executives
believe that the adoption of OSS is inevitable because
of its price and performance advantages. However, the
benefits of OSS are fully realized only when its use is
accompanied by an automated governance program
that provides developers with control and visibility.
4. 4
Why are governance and
compliance essential?
OSS empowers developers to increase innovation, efficiency and competitiveness, but as open
source becomes more and more pervasive, the need for a governance and compliance solutions
increases exponentially.
Gartner predicts that by 2014, “50 percent of organizations will experience technology, cost and
security challenges due to a lack of open source governance,” and through 2015, “less than 50
percent of IT organizations will have effective open source governance programs in place.”
Poor OSS governance can create quality, security
and business challenges, putting an organization’s
software assets and intellectual property (IP) at risk.
The key to avoiding the consequences of improperly
using open source components is to develop policies
and procedures based on best practices while
automating the management of OSS component use.
Business and IT leaders need to understand the
obligations associated with OSS licenses and foster
the development of cross-departmental policies
that will prevent the organization from violating
software license obligations. Many IT executives,
enterprise architects and development managers have
gained control over open source component use by
automating the governance and compliance process
as an integral part of their application development
cycle. And they’ve done so without slowing the
development process or adding overhead to the
development team.
Legal Obligations
“Free code” does not mean “free of obligations,” and
open source brings with it unique and sometimes
complex legal requirements. Once a mere matter of
proper attribution between developers and businesses,
open source license disputes can ultimately
threaten the reputation of a brand now that these
issues have moved into the realm of the courts.
Improperly managed open source code can result in
bad publicity, copyright infringement and even stop
shipment orders, damaging company reputations and
immediately impacting product revenue streams.
5. How do you get started?
A prudent first step towards managing OSS is to understand how much you have and where it’s
used. Thanks to advances in technology, you can now acquire software that will automatically scan
and audit a code base. It’s important to note that audits should not be a one-time event; it’s wise to
audit code on an on-going basis to ensure long-term compliance as part of a continuous integration
process with both the company’s risk management policies as well as external license obligations.
Next, you should establish and implement a governance program that encompasses all third-party
code, whether from a commercial vendor, an OSS project or an outsourced supplier.
The diagram below illustrates a management maturity model showing five levels of open source adoption.
Organizations with mature processes and policies don’t worry about compliance; compliance is built-in. They
can instead focus on leveraging open source for strategic advantage and maximizing its value.
5
Stages of OS Adoption
6. 6
An effective governance program has four main elements:
Organizational leaders should develop governance strategies focusing on the specific issues related to the
acquisition, use and management of OSS that ultimately align with their growth goals, business objectives
and internal policies. They need to establish policies that serve as the rules for evaluating, approving, using,
reusing and releasing open source code, as well as for participating in open source communities.
These policies should encourage developers to leverage the benefits of open source, and they
should be created and managed by key stakeholders.
7. 7
Case Study:
SITA Builds Path to Success
with Open Source Software Strategy
SITA, the world’s leading specialist in air transport communications and IT
solutions, delivers business solutions for airline, airport and government
customers over the world’s most extensive network. As the backbone of
the global air transport industry, SITA is constantly searching for new ways
to improve development processes and enhance innovative capabilities.
Questions
How much OSS is currently part of our code base?
How can we maximize and streamline our OSS use?
What are the licensing details of each OSS component?
Governance Objectives
Enable greater use of OSS across the organization to improve
software development efficiency and quality.
Ensure compliance with OSS licenses and distribution requirements.
Results
SITA’s open source governance program plays a fundamental role in the
ongoing development of the Horizon project, allowing SITA’s development
teams to search, discover and use pre-approved OSS and components
within this ground-breaking reservation system. SITA’s Horizon program
has already captured headlines as a major innovation ushering in the next
generation of passenger management systems for the airline industry.
“ We couldn’t have designed and implemented our current open source governance
program without the Black Duck® Suite, and the benefits are immediately
apparent. Now that we can constantly scan and establish a clean bill of materials
across all projects with our automated governance program, we can combine
the best of proprietary and open source software components to bring ground-breaking
and innovative solutions like Horizon to market better, faster and more
cost-effectively than ever before.”
–Patrick Holden, Senior Programme Manager, Software Development, SITA
SITA Horizon – The NextGen
Passenger Management System that
connects airlines with their customers
8. In Conclusion
By using OSS strategically, you can gain significant management control with processes and technology while
simultaneously helping your organization benefit from accelerated time-to-solution and cost advantages.
In order to maximize the benefits of integrating open source components into your code base, it’s critical to
implement a comprehensive, automated approach to governance and compliance that integrates across the
application development lifecycle.
A proactive strategy is the best approach, and the Black
Duck team works with customers at all levels of adoption
to ensure open source success. The Black Duck® Suite
provides a comprehensive set of governance and compliance
automation tools that enable development organizations
to maximize the power of open source technologies
and methods.
Black Duck Consulting offers a quick and easy way to learn
about industry best practices and assess organizational
readiness and governance maturity. The easy-to-use,
complementary Open Source Management Assessment
(OSMA) begins with a self-guided survey and includes
a phone consultation. The assessment is designed
to help clients accelerate the implementation of a
governance program.
Visit www.blackducksoftware.com/OSMA to complete a free
OSMA today and quickly benchmark your organization’s use
of OSS.
About Black Duck
Offering award-winning software and consulting, Black Duck is the partner of choice for open source software adoption, governance and
management. Enterprises of every size depend on Black Duck to harness the power of open source technologies and methods. As part of the
greater OSS community, Black Duck connects developers to comprehensive OSS resources through Ohloh.net, and to the latest commentary
from industry experts through the Open Source Delivers blog. Black Duck also hosts the Open Source Think Tank, an international event
where thought leaders collaborate on the future of open source. Black Duck is headquartered near Boston and has offices in San Mateo, St.
Louis, London, Paris, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information about how to leverage open source to deliver faster
innovation, greater creativity and improved efficiency, visit www.blackducksoftware.com and follow us at @black_duck_sw.
Contact
To learn more, please contact: sales@blackducksoftware.com or 1.781.891.5100
Additional information is available at: www.blackducksoftware.com
GD-INTRO_OSGC-UL-1013