Closing Open-Source Gaps by Developing a Policy
Open-source software is becoming ubiquitous, but companies need to be aware that its use must be carefully managed. Problems can arise because many open-source licenses require that users who incorporate open-source code in their software must make their code available for free (at reproduction cost), permit modifications of the software and permit redistribution without charging a fee.
These obligations could dramatically decrease the value of commercial software that incorporates open source. And the scope of these obligations is unclear. For example, basic license terms in the General Public License (GPL), the most commonly used open-source license, such as derivative work and collective work, are not well defined for software. Another major concern is that the GPL terminates immediately upon any breach of its terms rather than the more common contract approach of providing a period to solve any such breach.
Failure to address these issues can be expensive. A company that uses software without a license is in violation of copyright law and could be liable for significant damages. Similarly, automatic termination means that a company that incorporates open-source software in a consumer product risks millions of dollars in damages if it makes an error in incorporating open-source software.
The use of open-source software is further complicated because the Open Source Initiative has approved over 50 licenses as meeting the Open Source Definition. Many of these licenses are not compatible. For example, a software module licensed under GPL can't be distributed with modules licensed under the Mozilla Public License.
Despite these uncertainties, Fortune 500 companies such as IBM, Google Inc., Wells Fargo & Co., DaimlerChrysler AG and ETrade Financial Corp. use open-source software. Major companies such as IBM, Oracle Corp., Sun Microsystems Inc., Sony Corp. and Hewlett-Packard Co. have incorporated open-source software in their products, and some companies have shifted from a commercial to an open-source model for major products, such as Sun for its Solaris operating system and CA Inc. for it Postgres database software. Even the U.S. Department of Defense, in a recent strategic report on its IT needs, advocated the use of open-source software. However, the uncontrolled use of open-source software can lead to serious problems. Consider that IBM reduced the purchase price for Think Dynamics Inc. by 30% due to uncertainties arising from the use of open source.
Given these uncertainties, software developers and users need to manage the use of open-source software. It is no longer possible to simply prohibit its use. Rather, companies should avoid these problems by adopting an open-source use policy, which should address the following issues:
- Use of open-source components in products for third parties.
- Use of open source for internal purposes.
- Approved usage models.
- Implementation of policy by industry experts or outsourced teams.
- Permitted/forbidden open-source licenses.
- Rules for contribution by employees to open-source projects.
- Use of commercial products (Black Duck/Palmida) to audit use of open-source code.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Changing Face of Collaboration in the Enterprise The importance of having enterprise content anywhere is the main focus of this article. Along with this, having an API-based environment with collaborative...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Benefits of Automated Log Management This paper discusses the challenges associated with effective log management and enables you to better define best practices and requirements for log management...
- Live Webcast Increasing the Value of Your Reports and Dashboards Learn how incorporating other analytical capabilities such as predictive modeling and visualization can increase the value of your reports and dashboards by providing...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
- Testimonial: Cystic Fibrosis Trust Peter Hawkins, the Head of IT for Cystic Fibrosis Trust, discusses the role CommVault's Simpana software platform plays in improving the company's information... All Management White Papers | Webcasts