As usage grows, so too does your responsibility to minimise risk when selecting products and using source code.
As open source usage becomes mainstream, it's important to ensure you're working with a product your company can rely on in the future and that the use complies with open source licensing. That's not as easy as it sounds: Open source support provider OpenLogic reports more than 330,000 open source software packages for enterprises to choose from. Finding the appropriate open source project, with the right licence and the assurance of a viable future for the project, can be difficult.
Selecting the correct open source product
OpenLogic certifies and provides direct support subscriptions for more than 500 of these open source packages. Its criteria include a viable community, well-understood licensing, documentation, and active maintenance by the project leader.
But others can help narrow your open source options. For example, new to the open source project evaluation arena is SOS Open Source, an automated methodology from open source strategist Roberto Galoppini. His tool enables companies to determine the level of risk associated with any given open source software. SOS Open Source uses 24 metrics and information collected from open source project directories, forges, and meta-forges.
Galoppini says that SOS Open Source is keenly focused on the project strength, measured by the stability and maturity of the project and whether the project is backed by a predictably viable community. Related to the quality of community, Galoppini's methodology also measures the level of community or vendor support available. Finally, the methodology attempts to rate the possibility of project evolution, whether by the current project management or third parties.
Ensuring compliance with open source licensing
But what if your developers are already using open source without your knowledge? Well, there's an app for that. Among others, Black Duck Software, OpenLogic, and Protecode offer services that can crawl through your enterprise and report on the use of open source software. In fact, these vendors can even crawl through the source code in your internally developed applications to ensure that open source libraries or code fragments are not being used in contravention of their associated licences.
If your company hasn't already set an open source usage policy, there's no better time than the present to start down that path.