Open Source Governance

    governance

    Today, reducing the Total Cost of Ownership (TCO) of the IT Infrastructure and the faster Time to market for software development projects is a key mandate in every Enterprise. Usage of Open Source Software (OSS) is one of the key enablers in achieving the goals of reduction in cost and delivery time. Enterprises are also showing interest in leveraging OSS due to many proven success stories. Though usage of OSS has many benefits, its usage and adoption can add to the risks, complexity and challenges faced by an enterprise. In this article, I would like to point out key considerations and risk factors associated with OSS adoption and how we can address these challenges by defining an OSS Governance Framework.

    The world of OSS provides a huge repository of knowledge that can be leveraged in multiple ways. One of the ways is to use OSS for enterprise-wide standardization and reuse, leading to increased productivity. By using OSS in software development projects, efforts can be reduced, helping reduce cost. Additionally, software can be developed at a faster rate and is also better in quality. These are some of the factors leading to widespread and rapid adoption in today‘s software delivery life-cycle. OSS Adoption has witnessed Accelerated Growth around the Globe with CAGR exceeding 40%. Increasingly, enterprises are recognizing Open Source to be a vital part of the IT landscape and embracing it due to the value it brings to their business and their customers. Gartner estimates that by 2013, Open Source will be included in 85% of all commercial software packages, and by 2016 will be included in mission-critical software packages within 99 percent of global enterprises.

    Challenges

    Although there are compelling reasons for adopting OSS, its usage comes with potential risks. As open source software is readily available, developers can acquire it from a wide range of sources. The ease with which open source software can enter into the development stack of an enterprise makes it difficult to monitor its usage, comply with licenses, apply updates and provide an adequate level of service. In other words, wide availability of open source software means that an enterprise needs to effectively manage its environment to avoid problems at a later stage. A few of the challenges faced by organizations while adopting open source software are:

    1. Managing Licenses: One of the important challenges in adopting open source software is the management of licenses. Though licenses are mostly overlooked by developers and enterprises, ignorance can have serious consequences for the enterprise.
    2. Legal Concerns: Open Source Licenses present a challenge as their terms are different that typical commercial software. OSS licenses usually do not include IP representations, warranties, support and indemnification. If the licensing terms are not understood before OSS packages are adopted into the development source code, it can have serious legal implications which may put business at risk.
    3. Availability of Support: Due to the way many open source software projects are organized, they may not have the support infrastructure desired by enterprises. To enable adoption of open source software, enterprises demand Service Level Agreements, for which, it may be necessary to tie-up with vendors who provide support for the selected software.


     Benchmark Information: Due to the nature of open source software and its support structure, ready benchmarks may not be available that allow the enterprise to evaluate performance, up-time and availability.

    Security and Vulnerability Analysis: Security and vulnerability analysis is another important parameter for evaluating software used by an enterprise. Though source code of open source software is readily available, an enterprise may not have the time and the expertise to perform a thorough analysis and certify the software. Non-availability of clear certification can be a hurdle in the adoption of open source software.

    Importance of Governance

    To overcome these challenges and successfully adopt and benefit from open source software, an enterprise needs to implement a well-defined OSS Governance model. The governance model must include processes to track usage of open source software and ensure compliance with issues like acquisition, licensing, support and distribution. To implement OSS Governance, an enterprise needs to define and communicate corporate-wide open source policies and guidelines along with developing legal expertise focused on the area of open source. User education and awareness form an important part of the governance model, as awareness will lead to better compliance. The governance model also needs to track source code inventory across the organization and establish an open source community to provide guidance, support and leadership to manage the effective utilization and propagation of open source software. Using the OSS governance framework, an enterprise can implement well-defined processes at each location where open source software is used and addresses important issues like:

    1. Acquisition and Tracking: Improve awareness of open source usage and track its entry into the enterprise as well as its usage.
    2. Licensing: Gain a clear understanding of various licenses and how they impact usage of open source software. Define and implement suitable policy to ensure compliance with open source licenses.
    3. Source Reliability: Using trusted sources to acquire open source software, preventing introduction of malicious code or using vulnerable code.


     
    Proposed Approach for Implementation

    1. Define: This phase consists of assessment and analysis to understand open source usage in the enterprise. In other words, an analysis of how the enterprise uses open source software in its infrastructure needs to be performed. Based on this understanding an Open Source Policy has to be defined, which dictates the way open source usage is approved. Ideally, an Open Source Review Board consisting of a cross functional team, mainly comprising of IT, Legal & Compliance, should be formed to review the assessment findings and to define a policy.
    2. Implement: Once the policy is in place, it is recommended to have a pilot implementation. Successful completion of the pilot would be followed by enterprise wide proliferation. As part of this phase, all the stake holders involved with open source adoption are trained on the company‘s Open Source Policy so that its requirements and processes are followed going forward.
    3. Automate: Implementing the workflow based on OSS policy involves sizable amount of effort from various stake holders across the enterprise. To get consistent results and a fast response, it is recommended that this workflow be automated using tools that specialize in OSS governance.
    4. Monitor: In this phase, we need to continually monitor the usage of open source in the enterprise and ensure compliance with the defined policies.


    It is important to note that the OSS Governance Model is not static in nature, but an iterative, evolving process. Based on observations from the continuous monitoring phase, the model needs to be refined, updated and re-implemented. Over time, the OSS Governance Framework is augmented with a set of best practices that should be adopted across the enterprise. Some of the best practices under the OSS Governance Framework are: establishment of a Program Management Office, identification of stake-holders, definition of associated roles & responsibilities, creation of an open source review board for monitoring & reviewing open source usage, creating awareness of policies through extensive training & workshops and enforcement of policies.

     

    Reference:

    https://fossbazaar.org/content/best-practices-open-source-governance/
    http://www.gartner.com/id=817618
    http://www.zdnet.com/blog/murphy/apaches-open-source-governance-model/1196
    http://www.oss-watch.ac.uk/resources/governanceModels

     

    *If you find something is misleading or not correct then please throw some light on it.

    About Me

    Hi, I'm Anup Hariharan Nair.

     

    Anup's read book montage

    The Start-Up of You: Adapt to the Future, Invest in Yourself, and Transform Your Career
    Paper Promises: Debt, Money, and the New World Order
    The 8th Habit: From Effectiveness to Greatness
    The 7 Habits of Highly Effective People: Powerful Lessons in Personal Change
    The Quest: Energy, Security, and the Remaking of the Modern World
    The Ascent of Money: A Financial History of the World
    Civilization: The West and the Rest
    The Complete Sherlock Holmes
    A Brief History of Time
    The Physics of Star Trek
    Breakout Nations: In Pursuit of the Next Economic Miracles
    The Power of Habit: Why We Do What We Do in Life and Business
    End This Depression Now!
    Micromotives and Macrobehavior
    The Origin of Wealth: Evolution, Complexity, And the Radical Remaking of Economics
    The Wealth of Networks: How Social Production Transforms Markets and Freedom
    That Used to Be Us: How America Fell Behind in the World It Invented and How We Can Come Back
    Code: Version 2.0
    Start Something That Matters
    The Future of Ideas: The Fate of the Commons in a Connected World


    Anup Nair's favorite books »
    © 2026 The opinions and views expressed in the blog are those of mine and don’t always necessarily reflect official positions of organizations and authors who are referenced in the articles.

    Please publish modules in offcanvas position.