I want to scan my codebase to detect open source; how long will it take?
In the time that I have spent with OpenLogic, I have worked with companies across many industries, and with companies ranging from a handful of developers to thousands of developers. One thing they have in common is that they typically have some type of open source policy, some far more developed than others.
A number of interesting press releases by industry experts published this year show some of the most impressive data ever on the exponential growth of open source software adoption. Open source buzz is humming both behind the scenes and on the front page in just about every major industry that touches a piece of modern technology!
In my last post, I discussed where we came from and where we are now in regards to knowledge and understanding of open source software and licenses. I talked about how, not too long ago, there seemed to be a fair amount of denial when it came to the use of open source software in the enterprise. Today, open source software has garnered enough attention that the term "open source" is found far outside the software world. Yet, misconceptions and misunderstandings prevail. Why? How did we get here? And how do we get to the point where there is accurate and consistent knowledge around FOSS? More specifically, how do we get to a point where FOSS use in the enterprise incorporates a thorough and appropriate understanding that backs a FOSS policy that is tailored to the realities and practicalities of that particular business?
At the Linux Foundation Collaboration Summit in San Francisco in mid-April, I gave a talk titled, "FOSS Knowledge: A little does NOT always go a long way." The title was supposed to be a bit eye-catching; the subject-matter, hopefully thought-provoking. I've attended my share of open source software-related events and often the topics covered in the legal or business tracks relate to trends, information, tools, and best practices for the use of open source software, particularly in regards to license compliance - basically what one needs to do. But I'm finding that it is ever-more critical to look at knowledge: the understanding, awareness, and education around open source software and licenses.
I am asked two very reasonable questions, on a very regular basis, by some very interesting people.
Open source audits are never as simple as they seem. You have successfully tackled your first open source audit and you are probably asking yourself what to do to help with future audits. The answer is: preparation. The steps you take before you start the auditing process will make the project that much more successful. To help with future audits, let's look at a few tips and tricks you can use before you begin an audit:
Scanning and auditing your code for open source software (OSS) is a great first step towards compliance. However, some organizations may be reluctant to perform scans because of concerns about how disruptive the process can be to their development effort. In this article, I will explore a couple different approaches to scanning your code for OSS and the potential disruption associated with each. I have organized the article from the least to most disruptive approach.
Shortly after announcing an update on mobile app open source compliance research, I presented on the broader topic of "Apps, App Store, and Open Source" at LinuxCon in San Diego. Judging from the number of people who attended the presentation and their engagement, this is still a topic many people are intrigued by. In this post, I'll provide an overview of the research and its potential implications.
Commercial source code scanning tools have become quite the hot topic for CIO’s, software development managers, in-house counsel, and enterprise architecture teams over the last eight to ten years. The emergence of these new technologies obviously has direct correlation to the maturity of open source software, which is now just as common as commercially-licensed software in medium to large enterprise data centers. Additionally, the distribution of open source into the consumer market is undeniable making source code scanning a critical risk mitigation measure for all companies that are buying or selling modern technology. Today’s article will briefly explain “noise reduction” and the process of using multiple matching techniques in a source code scanning tool.
If you read a post on The Enterprise OSS Blog, please leave a comment. Let us know what you think, even if it's just a few words. Comments do not require approval, but they are moderated.OpenLogic reserves the right to remove any comments it deems inappropriate.