In 2006, a branch of the U.S. Armed Services wanted to know just how prevalent open-source software had become in its IT ranks.
The IT staffers knew that Linux and a few other open-source infrastructure apps were being used in "a couple of divisions," but they wanted to get a full understanding of that usage and then estimate the ROI to determine whether open source should be rolled out to other divisions. Consultants from Olliance Group took a look at the service's operations and after three days came back with some shocking news: The military branch was already using Linux and other open-source applications in 75% of its divisions, and in half of those, open-source use had already reached mission-critical status.
Though the open-source train had left the station without IT management onboard, the consulting firm was able to determine that the various divisions using open source were seeing an ROI of 300% to 700%. But the military branch still had no governance plan over the use of open-source technology. Needless to say, "they have one now," says Andrew Aitken, a senior vice president at Palo Alto, Calif.-based Olliance, which was acquired by Black Duck Software in 2010.
But others say companies can't be sure they're creating business value without running the numbers first, and having a governance plan is one of the best ways to get a grip on open-source costs -- and keep the company from unwittingly getting tied up in legal battles over the use of proprietary software.
Hidden Costs, Hidden Value
Why is governance so important? Ask Barnes & Noble. In March, B&N got caught in a patent infringement suit between Microsoft and the developers of Android. Microsoft filed suit against Barnes & Noble, claiming that B&N's Nook Color Tablet device and Nook e-reader contained Microsoft intellectual property found in the Android open-source mobile operating system.
Governance means different things to different open-source users. Walli puts open-source players into three categories: those who buy it, those who use it and those who make it. "Once you identify which bucket [you're in], it allows you to build a governance process that really speaks to those three different functions," he says.