The enterprise IT guide to open source software management

With tightening budgets and competitive pressures, many IT organizations are turning to open source software to increase agility and flexibility and speed up the velocity of innovation.

However, organisations have done little to gear up for the challenges of multi-source development with open source, including how to find good code, controlling how components are brought in and deployed, assessing code quality, flagging unapproved code and more.

This guide covers how to increase business agility, flexibility and velocity while reducing IT development maintenance, support costs and reducing IP and other business risks.

The Enterprise IT Guide to Open Source Software Management How CTOs, Enterprise Architects, and IT Development Managers can meet the challenges with real solutions for getting the most out of open sourceBlack Duck Guidebook SeriesUntitled DocumentWith tightening budgets and competitive pressures, many IT organizations are turning to open source software to increase agility and flexibility and speed up the velocity of innovation. Implementing a multi-source strategy that uses internal, external, and open source components can complement the modular nature of agile methods, free developers to focus on real innovations, and dramatically cut costs. Most IT organizations want to realize the competitive advantages of open source software, but have done little to gear up for the challenges of multi-source development with open source finding good code, controlling how components are brought in and deployed, assessing code quality, flagging unapproved code, managing components across the application lifecycle, and reducing associated operational, security, and compliance risks. The Black Duck Suite enables IT organizations to realize the compelling economics of open source while mitigating associated risks and challenges.1The GuideThis guide discusses many of the challenges faced by Enterprise IT professionals and how the Black Duck Suite can help them address these challenges by managing and controlling the use of open source for IT development projects across the enterprise." Increasing Business Agility, Flexibility, and Velocity of Innovation" Reducing IT Development, Maintenance, and Support Costs" Mitigating Operational and Security Risk" Reducing Regulatory and Intellectual Property (IP) Risk and Ensuring Compliance" Standardizing and Re-use Software Code" Managing the Software Supply Chain" Ensuring Code Quality" Controlling Open SourceUntitled DocumentIncreasing Business Agility, Flexibility, and Velocity of InnovationChallenge IT departments are under pressure to increase business agility, flexibility, and the velocity of innovation with the same or fewer resources. Using open source software, adopting agile development methods, and standardizing internal code can help, but also present management and control challenges that many organizations have not yet addressed.Solution Increase business agility, flexibility, and velocity of innovation by " enabling the widespread and controlled use of internal, external, and open source code" complementing the modular nature of agile methods with access to modular building blocks of open source code" making billions of lines of the latest open source code readily available to developers so they can write less code, and stop re-inventing the wheel" ensuring that developers select only safe, tested code that meets company policies and won t cause slow downs later in the development lifecycle" eliminating the time and effort it takes to put proven code back through the approval process for each new project" focusing scarce development time and effort on developing code that offers true innovation, and" identifying and fxing bugs and vulnerabilities faster and earlier in the development process.Black Duck Suite Features and Functions The Black Duck Suite can help increase business agility, flexibility, and velocity of innovation." Provides a comprehensive, searchable knowledge base of open source code and information about the code." Catalogs and tracks internal code." Automatically manages and monitors all software code over the lifecycle." Automates the workfow/approval process.Reducing IT Development, Maintenance, and Support CostsChallenge With budgets tight and resources at a minimum, IT organizations need to reduce development, maintenance and support costs wherever possible. Inefficiencies and redundancies in the software development process, especially with large distributed development teams, inflate costs, but can be difficult to identify and eliminate.Bugs and vulnerabilities increase support costs and can be expensive and time-consuming to find and fix.Solution Reduce development, maintenance, and support costs by " saving on commercial licensing costs with open source software" decreasing the amount of new and redundant code IT must write and manage2Untitled Document" supporting standardization and re-use" ensuring that projects include only safe, approved code that won t require costly fixes and support after release, and" reducing the time it takes to identify and fx problems and bugs.Black Duck Suite Features and Functions The Black Duck Suite can help reduce development, maintenance, and support costs." Provides a comprehensive, searchable KnowledgeBase of open source code and information about the code." Catalogs and tracks internal code." Automates the workfow/approval process." Automatically manages and monitors all software code over the lifecycle.Mitigating Operational and Security RiskChallenge Using open source can expose organizations to operational, compliance and security risks. Uncontrolled use of open source could introduce code that does not comply with corporate policies, contains security vulnerabilities, is not properly licensed, or may introduce bugs or problems that will be costly and time consuming to support and fx.Solution Manage operational, compliance and security risks associated with integrating open source with other code by " automatically scans source code and binary fles to discover unknown and unapproved software, ensuring only approved code is used." catalogs where all code is used so problems can be quickly identified and fixed wherever they occur." monitors security vulnerabilities and provides automatic alerts when new vulnerabilities are discovered." provides information on known security vulnerabilities." controls the workfow/approval process.Black Duck Suite Features and Functions The Black Duck Suite can help manage operational, compliance and security risks associated with integrating open source with other code." Automatically scans source code and binary fles to discover unknown and unapproved software, ensuring only approved code is used." Catalogs where all code is used so problems can be quickly identified and fixed wherever they occur." Monitors security vulnerabilities and provides automatic alerts when new vulnerabilities are discovered." Provides information on known security vulnerabilities." Controls the workfow/approval process.3Untitled DocumentReducing Regulatory and Intellectual Property (IP) Risk and Ensuring ComplianceChallenge Organizations must ensure that all software is developed and used in accordance with corporate compliance policies and procedures and regulatory requirements.Incorporating open source and third-party software into the development mix without proper controls can introduce non-compliant code and new licensing complexities and contract obligations that must be managed.Solution Ensure compliance and manage regulatory risks associated with integrating internal, open source and third-party code by" integrating your policies and standards into your management platform" automating the monitoring, validation and control of approved code" controlling how code is approved and deployed " certifying every build" tracking and managing software origins and obligations, and" providing evidence for auditors that your organization has a solid governance program in place to minimize risks.Black Duck Suite Features and Functions The Black Duck Suite can help ensure compliance and manage regulatory risks associated with integrating internal, open source and third-party code." Validates compliance with approved software Bill of Materials (BoM)." Automatically scans for unapproved code." Automates and manages software origins and obligations." Provides audit trail/traceability.Standardizing and Re-use Software CodeChallenge IT development organizations can improve their agility, efficiency, and velocity of innovation by standardizing their code, supporting ease-of-re-use, and reducing or eliminating redundant development.However, it can be difficult and time consuming to enforce standardization and reuse policies and identify and catalog the open source and other code that exists outside of, and across, a distributed enterprise.Solution Facilitate standardization and re-use of open source and other components and design in compliance by" creating a catalog of approved components to support standardization and prevent redundant development" automatically validating that only approved components are used" helping developers fnd open source and internal code for re-use" providing a customizable workfow to automate the processes around finding code and obtaining approval for its use4Untitled DocumentBlack Duck Suite Features and Functions The Black Duck Suite can help facilitate standardization and re-use of open source and other components and design in compliance." Enables developers to quickly search and fnd re-usable, approved code from code repositories." Provides a comprehensive, searchable KnowledgeBase of open source code and information about the code." Catalogs and tracks approved internal and open source code." Automates the workfow/approval process.Managing the Software Supply ChainChallenge Acquiring external code from third-party suppliers and the open source community can be complex and time consuming, even when there are no commercial license fees involved.Validating the origins of externally-sourced code can be difficult or impossible using manual methods.Organizations must understand and comply with a wide variety of license terms as well as manage support contracts and terms for any associated services.Solution Monitor, manage, and gain visibility into your software supply chain and the associated obligations quickly and easily by " using tools to discover, track and manage software origins and obligations, and " automatically inspecting and validating external software from suppliers and the open source community to ensure only approved code is used.Black Duck Suite Features and Functions The Black Duck Suite can help monitor, manage, and gain visibility into your software supply chain and the associated obligations." Tracks and manages software origins and obligations." Automatically inspects and validates external software from suppliers and the open source community ensuring that only approved code is used.Ensuring Code QualityChallenge With billions of lines of open source code available for use, it can be difficult to assess the quality of the code and the reliability of its source.Poor quality code can waste development time, introduce defects and vulnerabilities into your organization, negatively impact the success of your projects, require costly support and maintenance, and damage your organization s reputation.Solution Ensure that your organization is using the highest quality code available by" staying informed of any known issues associated with specific code" limiting developer access to only tested and approved open source code" automatically validating code to ensure that only approved code is introduced into your organization5Untitled Document" enabling developers to easily track down bugs and defects across multiple code repositories distributed across the enterprise.Black Duck Suite Features and Functions The Black Duck Suite can help ensure that your organization is using the highest quality code available." Enables developers to easily search for and fnd bugs and defects wherever they occur." Monitors security vulnerabilities and provides automatic alerts when new vulnerabilities are discovered." Helps developers make better, more informed choices when components are selected by providing information on known security vulnerability information." Validates software builds against an approved Bill of Materials (BoM) to ensure only approved components and versions are used.Controlling Open SourceChallenge Organizations that use open source code may be concerned about the associated operational, security, and compliance risks, but do not have systems or processes in place to efficiently and effectively manage and control those risks.The unmanaged and uncontrolled use of open source can severely limit an organization s ability to realize the open source benefits of reduced costs, increased agility and flexibility, and faster velocity of innovation.Many IT organizations are attempting to enforce standardization and prevent the use and deployment of unauthorized components, particularly open source. Solution Implementing the Black Duck Suite provides a software platform for managing and controlling the use of open source across the application lifecycle and across the enterprise by" enabling standardization, control, and re-use of open source software and other components " allowing you to  design in  compliance with your organization s open source policies" automatically validating that only approved components are used" creating a catalog of approved components to support standardization and prevent redundant development" helping developers fnd approved open source and internal code for re-use, and" managing the code approval workfow so that it s quick and efficient for developers across the organization to add new approved code to your catalog.Black Duck Suite Features and Functions The Black Duck Suite can help provide a software platform to manage and control the use of open source across the application lifecycle and across the enterprise.." Manages and controls the use of open source across the application lifecycle." Provides a customizable workfow to automate the processes around finding code and obtaining approval for its use." Catalogs and tracks approved internal and open source code.6Untitled DocumentGD-EC-0210-A4EUR-ABTo Learn MoreWe invite you to take advantage of a free consultation with one of our Open Source Software Specialists. Many IT professionals have taken advantage of this free consultation to see how the Black Duck Suite can help implement corporate OSS policies without disrupting their work.Please Visitwww.blackducksoftware.com/consultation to schedule your free consultation. One of our OSS Specialists will be in touch to schedule your consultation on a day and time convenient to you.If you wish to speak with someone right away, please call our customer hotline at 781-891-5100.About Black Duck SoftwareBlack Duck  Software is the leading provider of products and services for automating the management, governance and secure use of free and open source software (FOSS) at enterprise scale in a multi-source development process. Black Duck enables companies to realize the significant benefits of FOSS to shorten time-to-solution and reduce costs while mitigating the associated management, compliance and security challenges. Black Duck Software powers Koders.com, the industry s leading code search engine for FOSS, and Ohloh.net, the largest community for, and free public directory of, FOSS. Black Duck is one of the 500 largest software companies in the world, according to Softwaremag.com. The company is headquartered near Boston and has offices in San Mateo, California, London, Paris, Frankfurt, Hong Kong, Tokyo and Beijing. For more information, visit www.blackducksoftware.com. 2010 Black Duck, Know Your Code, Ohloh, the Ohloh logo, and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United States and other jurisdictions. Koders is a trademark of Black Duck Software, Inc. All other trademarks are the property of their respective holders. United Kingdom & IrelandTo learn more, please contact: aknapp@blackducksoftware.com or call +44 (0) 7891 689205DACHTo learn more, please contact: sjust@blackducksoftware.com or call +49 (69) 67733-196FranceTo learn more, please contact: hguyomard@blackducksoftware.com or call +33 (0) 6 28 07 77 39Additional information is available at Black Duck s web site: www.blackducksoftware.com