Picking the right open source projects

As usage grows, so too does your responsibility to minimise risk when selecting products and using source code.


As open source usage becomes mainstream, it's important to ensure you're working with a product your company can rely on in the future and that the use complies with open source licensing. That's not as easy as it sounds: Open source support provider OpenLogic reports more than 330,000 open source software packages for enterprises to choose from. Finding the appropriate open source project, with the right licence and the assurance of a viable future for the project, can be difficult.

Selecting the correct open source product

OpenLogic certifies and provides direct support subscriptions for more than 500 of these open source packages. Its criteria include a viable community, well-understood licensing, documentation, and active maintenance by the project leader.

But others can help narrow your open source options. For example, new to the open source project evaluation arena is SOS Open Source, an automated methodology from open source strategist Roberto Galoppini. His tool enables companies to determine the level of risk associated with any given open source software. SOS Open Source uses 24 metrics and information collected from open source project directories, forges, and meta-forges.

Galoppini says that SOS Open Source is keenly focused on the project strength, measured by the stability and maturity of the project and whether the project is backed by a predictably viable community. Related to the quality of community, Galoppini's methodology also measures the level of community or vendor support available. Finally, the methodology attempts to rate the possibility of project evolution, whether by the current project management or third parties.

Ensuring compliance with open source licensing

But what if your developers are already using open source without your knowledge? Well, there's an app for that. Among others, Black Duck Software, OpenLogic, and Protecode offer services that can crawl through your enterprise and report on the use of open source software. In fact, these vendors can even crawl through the source code in your internally developed applications to ensure that open source libraries or code fragments are not being used in contravention of their associated licences.

If your company hasn't already set an open source usage policy, there's no better time than the present to start down that path.

Follow me on Twitter at SavioRodrigues. P.S.: I should state: "The postings on this site are my own and don't necessarily represent IBM's positions, strategies, or opinions."

"Recommended For You"

HP launches open source tracking tool Developing open-source business policies that work