Closing Open-Source Gaps by Developing a Policy
Open-source software is becoming ubiquitous, but companies need to be aware that its use must be carefully managed. Problems can arise because many open-source licenses require that users who incorporate open-source code in their software must make their code available for free (at reproduction cost), permit modifications of the software and permit redistribution without charging a fee.
These obligations could dramatically decrease the value of commercial software that incorporates open source. And the scope of these obligations is unclear. For example, basic license terms in the General Public License (GPL), the most commonly used open-source license, such as derivative work and collective work, are not well defined for software. Another major concern is that the GPL terminates immediately upon any breach of its terms rather than the more common contract approach of providing a period to solve any such breach.
Failure to address these issues can be expensive. A company that uses software without a license is in violation of copyright law and could be liable for significant damages. Similarly, automatic termination means that a company that incorporates open-source software in a consumer product risks millions of dollars in damages if it makes an error in incorporating open-source software.
The use of open-source software is further complicated because the Open Source Initiative has approved over 50 licenses as meeting the Open Source Definition. Many of these licenses are not compatible. For example, a software module licensed under GPL can't be distributed with modules licensed under the Mozilla Public License.
Despite these uncertainties, Fortune 500 companies such as IBM, Google Inc., Wells Fargo & Co., DaimlerChrysler AG and ETrade Financial Corp. use open-source software. Major companies such as IBM, Oracle Corp., Sun Microsystems Inc., Sony Corp. and Hewlett-Packard Co. have incorporated open-source software in their products, and some companies have shifted from a commercial to an open-source model for major products, such as Sun for its Solaris operating system and CA Inc. for it Postgres database software. Even the U.S. Department of Defense, in a recent strategic report on its IT needs, advocated the use of open-source software. However, the uncontrolled use of open-source software can lead to serious problems. Consider that IBM reduced the purchase price for Think Dynamics Inc. by 30% due to uncertainties arising from the use of open source.
Given these uncertainties, software developers and users need to manage the use of open-source software. It is no longer possible to simply prohibit its use. Rather, companies should avoid these problems by adopting an open-source use policy, which should address the following issues:
- Use of open-source components in products for third parties.
- Use of open source for internal purposes.
- Approved usage models.
- Implementation of policy by industry experts or outsourced teams.
- Permitted/forbidden open-source licenses.
- Rules for contribution by employees to open-source projects.
- Use of commercial products (Black Duck/Palmida) to audit use of open-source code.
- VDI and Beyond: Addressing Top IT Challenges to Drive Agility and Growth This paper explores a collection of compelling FlexCast services to highlight how XenDesktop can drive a modern, mobile workforce toward greater agility and...
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- The Challenges and Opportunities of Mobile Application Development Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- Maintain Less. Create More. Spend less on maintenance and spend more time creating with Red Hat Enterprise Linux. Read on to learn how Red Hat can help...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Management White Papers | Webcasts