A critical consideration of a corporate open source software provisioning strategy revolves around the maturity of the community and longevity of that community continuing to develop their project.
Sometimes I wonder exactly how many open source projects exist in the cyber-verse? It's a question that literally might never have an answer. Universities are one of the a great cultivators of open source projects. This begs the question, how many college students are writing code for a sanctioned, on-going university funded project versus the student who needed to complete their final exam by authoring an open source project they then posted with a very unique URL? How about the genius high school or even junior high student that got into coding as a hobby and then forgot about the first project they built after he or she moved on to solving much more advanced problems in a university? What about a small group of unnamed hackers (or a large one with coordinated efforts and organization) that is intentionally building an open source project with malicious intent for the end users? How would you know of their obfuscated intent? The consequences of even downloading code from a hacker organization like that could be disastrous!
The really popular projects get picked up by the worldwide communities and are potentially accepted in the ongoing development at organizations like the Apache Software Foundation. In other cases a project may be so amazing and attractive to a major technology company that the original authors retain their intellectual property ownership under an open source license while negotiating proprietary and commercial rights to a technology company that sells commercial licenses for the project. This commercial license may also include other services like technical support and consulting expertise. But there are still many useful, great open source projects that aren't adopted by well-known communities or backed by commercial offerings.
In a previous article on this topic I found some statistics from major repositories showing that the number of documented unique OSS packages available are in the hundreds of thousands. These statistics combined with the accelerated adoption rate of OSS in the enterprise plus the fact that locking down the internet access of employees might not be a realistic approach to manage OSS makes a provisioning strategy critical for successful adoption. Any enterprise using open source originating either from a repository or from a commmunity maintained home page may want to start asking some of the following questions:
The answers to these questions will help to determine the maturity of the open source software projects development community. That information in turn can help an enterprise’s development team and information security team make the threshold decision as to whether the project is even worthy of downloading to test in a technical evaluation.
One solution to this problem is OpenLogic’s publicly available certified library of open source projects called the OpenLogic Exchange (OLEX for short). We are dedicated to the ongoing adoption of true community versions of open source projects and OpenLogic has a very unique approach to community involvement that benefit's enterprise organizations of all industries. On customer requests, and usually in the context of purchasing a commercial support contract on open source software products, we will do this kind of background research and community evaluation for your organization.
What other questions do you find yourself asking when evaluating the maturity of an OSS community?
Allowed tags: <a> link, <b> bold, <i> italics
If you read a post on The Enterprise OSS Blog, please leave a comment. Let us know what you think, even if it's just a few words. Comments do not require approval, but they are moderated.OpenLogic reserves the right to remove any comments it deems inappropriate.