VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
OSS - enterprise adoption strategy and governance
1. maximizing the Return of Your Output Technology Investment
Open Source Software – Strategy, Policies & Governance.
maximizing the Return of Your Output Technology Investment
Prabir Sarkar v1.0
2. maximizing the Return of Your Output Technology Investment
Content
Part I:- What’s OSS and what are the Benefits / Opportunities?
Part II:- The Risks and Challenges
Part III:- Strategy & Policies
Part IV:- Governance
maximizing the Return of Your Output Technology Investment
3. maximizing the Return of Your Output Technology Investment
PART - I
What’s OSS and what are the
Benefits / Opportunities?
maximizing the Return of Your Output Technology Investment
4. maximizing the Return of Your Output Technology Investment
What is Open Source Software (OSS) anyway ?
Open source software is developed collaboratively and is owned by a community rather than a single vendor.
The source code is freely available, and users are permitted and encouraged to change, improve, and
redistribute the software—subject to the terms of the open source license.
The result is a paradigm that moves development teams away from being locked into a vendor and provides
benefits from cost savings, access to source code and continued innovation.
Wikipedia (which itself is a free content encyclopedia under the Creative Commons Attribution-ShareAlike license)
describes open source software as follows:
Open source is a development methodology, which offers practical accessibility to a product's source (goods
and knowledge) … The open source model of operation and decision-making allows concurrent input of
different agendas, approaches and priorities, and differs from the more closed, centralized models of
development.
The 16 October 2009 memorandum from the US DoD CIO, defines OSS as "software for which the human-
readable source code is available for use, study, re-use, modification, enhancement, and re-distribution
by the users of that software".
maximizing the Return of Your Output Technology Investment
5. maximizing the Return of Your Output Technology Investment
Why use OSS?
maximizing the Return of Your Output Technology Investment
• At this point in the evolution of the software industry, it has become difficult, if not impossible, to create
any significant body of software without using at least some open source software (OSS).
• The best-in-class software in some areas is OSS.
• Lower cost alternatives to traditional commercial packages.
• Faster time-to-market by avoiding development and testing of new code.
• Lower development costs by using free, already debugged code.
• Customers favor, and sometimes even require OSS.
• Open source now represents an average of 29 percent of the code deployed by IT, and technology
innovators are using 60 to 80 percent of open source code. - Source: Black Duck Report - Open Source
Governance In Highly Regulated Companies.
• “Open source is a “silver bullet” that allows simultaneous improvement along all three dimensions of the
software “iron triangle” of cost, schedule and features”. - Jeff Hammond, principal analyst at Forrester
Research.
• OSS came with a corporate acquisition.
6. maximizing the Return of Your Output Technology Investment
Why use OSS? … Cont
maximizing the Return of Your Output Technology Investment
Mark Driver, Gartner’s lead analyst on
open source, recently reflected on this
development: “Open source is
ubiquitous, it’s unavoidable…having a
policy against open source is impractical
and places you at a competitive
disadvantage.” In fact, Gartner predicts
that “by 2014, 50 percent of Global 2000
organizations will experience technology,
cost and security challenges through a
lack of open source governance.” The
urgency is growing for management to
catch up with the reality of how software
is built today.
7. maximizing the Return of Your Output Technology Investment
Why use OSS? … Cont
maximizing the Return of Your Output Technology Investment
8. maximizing the Return of Your Output Technology Investment
A slice of History.
maximizing the Return of Your Output Technology Investment
9. maximizing the Return of Your Output Technology Investment
A slice of History Cont …
maximizing the Return of Your Output Technology Investment
10. maximizing the Return of Your Output Technology Investment
A slice of History Cont …
maximizing the Return of Your Output Technology Investment
11. maximizing the Return of Your Output Technology Investment
Current state of OSS projects.
maximizing the Return of Your Output Technology Investment
12. maximizing the Return of Your Output Technology Investment
CII … Now and Forever ….
maximizing the Return of Your Output Technology Investment
13. maximizing the Return of Your Output Technology Investment
Primary Reasons why Organizations are using OSS – A Gartner
Survey.
maximizing the Return of Your Output Technology Investment
14. maximizing the Return of Your Output Technology Investment
Factors influencing OSS adoption – A LSE study on Private and Public
sector enterprises in Europe.
maximizing the Return of Your Output Technology Investment
Source :- London School of Economics. “Total cost of ownership of open source software: a report for the UK Cabinet
Office supported by OpenForum Europe.” (November 2011 )
15. maximizing the Return of Your Output Technology Investment
Key Initiatives Supported by OSS – A Gartner Survey
maximizing the Return of Your Output Technology Investment
16. maximizing the Return of Your Output Technology Investment
Show Me the Money: The Cost Savings and Other Benefits of Open Source
maximizing the Return of Your Output Technology Investment
Source: The Growth of Open Source Software in Organizations. – Optaros Publications and Thought Leadership.
Source :- http://www.computerworlduk.com/
Nov. 2012
Source :- http://www.informationweek.com/
Source :- http://www.govtech.com/ Aug. 2013
17. maximizing the Return of Your Output Technology Investment
Show Me the Money: Cost Heads & Savings of Open Source … Cont
maximizing the Return of Your Output Technology Investment
Source: The Growth of Open Source Software in Organizations. – Optaros Publications and Thought Leadership.
18. maximizing the Return of Your Output Technology Investment
Major reasons for supporting external OSS projects
- A Gartner Survey.
maximizing the Return of Your Output Technology Investment
19. maximizing the Return of Your Output Technology Investment
… So, its not just about saving Money !
maximizing the Return of Your Output Technology Investment
20. maximizing the Return of Your Output Technology Investment
Average Defect Density of OSS better than Industry average.
(Source https://scan.coverity.com/, Coverity Scan)
maximizing the Return of Your Output Technology Investment
21. maximizing the Return of Your Output Technology Investment
Quality of OSS code higher than proprietary code.
(Source https://scan.coverity.com/, Coverity Scan : 2013 OSS Report. )
maximizing the Return of Your Output Technology Investment
22. maximizing the Return of Your Output Technology Investment
PART II
The Risks and Challenges
maximizing the Return of Your Output Technology Investment
23. maximizing the Return of Your Output Technology Investment
Clear and Present Danger
maximizing the Return of Your Output Technology Investment
24. maximizing the Return of Your Output Technology Investment
What are the Risks in using OSS ?
Risks from the use of open source include:
• Technical and operational
Issues can arise in Code quality/integrity, Ability to obtain support, Viability of the community
behind the open source project. When open source is used in mission critical operations, a clear plan
and path from the code to where it’s used to how and where to obtain support and fixes are critical.
• Regulatory
Issues can arise in compliance of regulatory Sarbanes-Oxley, data privacy regulations (PCI) and
export regulations (there are over 4,000 open source projects with encryption algorithms strong enough
to require a filing with the U.S Bureau of Industry and Security(BIS).
The lack of visibility on what the code is doing and how it works can represent a major control oversight
of the data and create regulatory exposure. In addition, the way developers integrate open source with
proprietary code can affect IP ownership. For example, in March 2011, a former Goldman Sachs
programmer received an eight-year jail term for theft of intellectual property in the form of software.
[ http://cryptome.org/2014/04/goldman-sachs-code-thief.htm]
maximizing the Return of Your Output Technology Investment
25. maximizing the Return of Your Output Technology Investment
What are the Risks in using OSS ? … Cont 1
•Security
The lack of visibility on what the code is doing and how it works can represent a major control oversight
of the data and create regulatory exposure. In addition, the way developers integrate open source with
proprietary code can affect IP ownership. For example, in March 2011, a former Goldman Sachs
programmer received an eight-year jail term for theft of intellectual property in the form of software.
[http://cryptome.org/2014/04/goldman-sachs-code-thief.htm].
Development’s use of OSS can create blind spots that need to be addressed, and IT management needs
to ensure security as new applications, products and services are created.
• Legal
Legal risk and exposure with OSS is fairly well known and widely reported. While open source is free, all
open source comes with a license and obligations that must be met. Open source licenses range from
simple/permissive licenses such as the MIT and BSD license, to the more restrictive, “copyleft” GPL
family of licenses. Improper use of open source code, especially code under the GPL-family of licenses,
can impact an organization’s IP and their brand.
maximizing the Return of Your Output Technology Investment
26. maximizing the Return of Your Output Technology Investment
What are the Risks in using OSS ? …Cont 2.
• Brand
A company’s brand is one of its most valuable assets, representing the company’s ultimate promise to all of its customers.
Microsoft, for example, has made a concerted effort over the last few years to develop a positive relationship with the open
source community. But even one of the best run software companies in the world ran afoul of the open source community
and damaged its brand with the release of Windows 7.
GPL licensed open source code was integrated with part of the release by a third-party and was not discovered
as part of Microsoft’s release process. To its credit, Microsoft discovered the sproblem, reported and fixed it. However,
when viewed in the context of Microsoft working to improve their relationship with the open source community, it was a
significant setback to their development efforts and relationship with the community. This relationship is key to hiring
open source talent; companies now strategically seek developers who are both skilled in software development and open
source community savvy.
Microsoft admits its GPL violation; will reissue Windows 7 tool under open-source license (Source :-
http://www.zdnet.com/blog/microsoft/microsoft-admits-its-gpl-violation-will-reissue-windows-7-tool-under-open-source-
license/4547)
Microsoft pulled the Windows 7 USB/DVD Download Tool from the Microsoft Store on November 10 after a report by "Within
Windows" blogger Rafael Rivera that he had found what looked to be open-source code in the tool. Inclusion of open-
source code isn't a no-no, but Microsoft's decision to put a restrictive, non-open-source license on the tool incorporating
that code was. (The USB tool, which Microsoft made available on October 22, is designed to help netbook users upgrade
from XP to Windows 7 in a more streamlined way.)
maximizing the Return of Your Output Technology Investment
27. maximizing the Return of Your Output Technology Investment
The OSS License Regimes
maximizing the Return of Your Output Technology Investment
GPL Preamble : - http://www.gnu.org/copyleft/gpl.html
Software Freedom Law Center Guide to GPL Compliance 2nd Edition :-
http://www.softwarefreedom.org/resources/2014/SFLC-Guide_to_GPL_Compliance_2d_ed.html#gplv2
28. maximizing the Return of Your Output Technology Investment
Lack of Controls on OSS components
maximizing the Return of Your Output Technology Investment
29. maximizing the Return of Your Output Technology Investment
Mixing Code is risky!
maximizing the Return of Your Output Technology Investment
30. maximizing the Return of Your Output Technology Investment
PART III
Strategy & Policies
maximizing the Return of Your Output Technology Investment
31. maximizing the Return of Your Output Technology Investment
OSS Management
maximizing the Return of Your Output Technology Investment
32. maximizing the Return of Your Output Technology Investment
Why do we need an OSS Policy ?
maximizing the Return of Your Output Technology Investment
"While most software managers are aware of the legal risks (e.g., license compliance with
commercial strategies and additional code used, monitoring the use of code, etc.) and the
operational risks (e.g., compatibility requirements, maintenance and support, integration concerns,
among others) of using open source, the benefits far outweigh these concerns. As such creating an
open source software policy is a key strategic imperative for organizations in the software industry.
“ - Greg Olson, Senior Director, Open Source Management Practice, Black Duck Software.
“Unaudited and unmanaged open source technology proliferates with an enterprise software
portfolio and is hidden as a ticking time bomb that eventually results in technical failure that cannot
be sufficiently addressed, security risks that can result in a significant loss of business value, and
potential intellectual property (IP) risks that can result in legal action. – Gartner
“Companies must have a policy for procuring OSS (Open Source Software), deciding which
applications will be supported by OSS, and identifying the intellectual property risk or supportability
risk associated with using OSS. Once a policy is in place, then there must be a governance process
to enforce it.” – Laurie Wurster, Research Director, Gartner
33. maximizing the Return of Your Output Technology Investment
How did OSS policy evolve globally?
maximizing the Return of Your Output Technology Investment
34. maximizing the Return of Your Output Technology Investment
Why OSS policy trended the way it did?
Prior to 2001, there was almost no activity in policy related to open-source, which could be the result of a lack
of maturity in open-source software development up until this point and/or difficulty in finding
documentation of older open-source policies online. The first year in which we see a significant increase
in open-source policies is 2002, followed by a sharp jump in 2003 (see Figure 2). Potential
explanations for the marked surge in open-source policies in 2003 could include increased
lobbying efforts by large multinational firms invested in open-source, the growth of anti-
Americanism and the desire to be less reliant on American brands, and the development of strong viable
open-source alternatives. Between 2006 and 2007, we see a second boost in open-source policies,
which could be attributed to a reaction to the global release of a major closed-source software package,
to avoid vendor lock-in. This reaction was likely driven in part by the desire of governments to avoid
costly software renewal as well as unfavorable reception of the closed-source software package.
Source:- Center for Strategic and International Studies - Whitepaper on Government Open Source
Policies - March 2010
maximizing the Return of Your Output Technology Investment
35. maximizing the Return of Your Output Technology Investment
OSS strategy statement & Steps for creating OSS Policy
OSS Strategy Statement –“Maximize the Return while Minimizing the Risks”
maximizing the Return of Your Output Technology Investment
In order to align ourselves with the above strategy we need to evolve an OSS
policy. The four steps for creating an effective OSS policy are:
36. maximizing the Return of Your Output Technology Investment
The OSS Management action areas
maximizing the Return of Your Output Technology Investment
37. maximizing the Return of Your Output Technology Investment
Critical elements of an effective OSS policy
maximizing the Return of Your Output Technology Investment
Who will Own the policy, conduct trainings, review,
update policy etc … OpenSource Review Board?
What are the evaluation criteria ?
Who approves what ?
Should provide guidance to procurement of OSS / third party
components with embedded OSS.
OSS inventory management, all modifications and uses
tracked, all bug fixes shared. Archive all artifacts of
OSS.
Identify owner of OSS components to track security bugs & all
support issues.
License compliance for distributed S/W with OSS & for network delivered services using
OSS components. Audit each release for total compliance.
What kind of OSS participation is permitted or required ?
38. maximizing the Return of Your Output Technology Investment
The Discovery and Evaluation Step. (Further Details)
maximizing the Return of Your Output Technology Investment
39. maximizing the Return of Your Output Technology Investment
The Policy Builder Questionnaire.
maximizing the Return of Your Output Technology Investment
40. maximizing the Return of Your Output Technology Investment
Part IV
Governance
maximizing the Return of Your Output Technology Investment
41. maximizing the Return of Your Output Technology Investment
The Governance Gap
Gartner predicts that by 2014, "50% of Global 2000
organizations will experience technology, cost
and security challenges due to a lack of open
source governance," and through 2015, "less
than 50% of IT organizations will have effective
open source governance programs in place."
maximizing the Return of Your Output Technology Investment
42. maximizing the Return of Your Output Technology Investment
The Fallout
maximizing the Return of Your Output Technology Investment
Free Software Foundation, Inc. v. Cisco Systems, Inc. – Dec, 2008
A GPLv2 quagmire
V Verizon. – GPL Compliance issues.
43. maximizing the Return of Your Output Technology Investment
Enabling Open Source Governance
maximizing the Return of Your Output Technology Investment
Effective governance of open source can empower developers, increase innovation and improve
competitiveness. For mid to large organizations with hundreds of developers working on multiple
projects across geographies better software can be delivered faster by automating, centrally
managing and auditing their selection & use. Its important to integrate enterprise-scale governance of
open source across the entire application lifecycle. An effective governance regime will deliver the
following results -
44. maximizing the Return of Your Output Technology Investment
Tight coupling of automated governance process with application
Lifecycle
maximizing the Return of Your Output Technology Investment
45. maximizing the Return of Your Output Technology Investment
Automated governance & Compliance
maximizing the Return of Your Output Technology Investment
46. maximizing the Return of Your Output Technology Investment
Acknowledgements
During research and preparation of this document I have freely gathered information from various
whitepapers, surveys, articles, blogs available on the internet. I have mentioned the sources as and
when they came up across the slides. Here is a brief list of such & other sources but is not exhaustive.
• COVERITY SCAN: 2013 OPEN SOURCE REPORT (Coverity Scan)
• Blackduck Software.
• Gartner Surveys
• Opensource.org, Gnu.org
• OpenLogic.com
• Linuxfoundation.org
• Optaros.com
• CIO.com
maximizing the Return of Your Output Technology Investment