The old adage, "you can't manage what you can't measure" applies to open source as well.  Bernard Golden recently posted on why it is important for CIOs to understand what open source software they are using in order to adequately address both the infrastructure needs and legal requirements of open source.  He looks at the challenges that this lack of awareness can present.

Think about the risk exposure this represents. Obviously, there are questions regarding whether the company is complying with the license obligations of the open source software, so the company's attorneys are likely to be concerned.

To my mind, though, legal risk is only a small part of the overall risk this CIO faces. The far larger risk is that there is no visibility into the makeup of a significant portion of the company's IT infrastructure. How can you confidently plan for SLA commitments when you're not sure of what software you're running, its maturity, supportability, and so on? Furthermore, as a CIO, you face the very real potential of being unable to adequately map out your workforce skills planning, since you are unaware of what development and operations commitments accompany these invisible software implementations. Finally, it's hard to attest to important regulatory requirements (if you're subject to regulations like recoverability and so on, as financial institutions are), when you don't know what will need to be recovered.

OpenLogic developed OSS Discovery — a free, open source tool that finds installed open source on your machines – to address just this problem.  IT organizations can download OSS Discovery and use it to scan a sampling of machines in their organization to find out what open source they are using.  OpenLogic also provides a free inventory analysis of the first 500 machines.  This inventory is the first step to open source governance.

Once you have the data about what open source you are using, you can:

• ensure compliance with open source licenses
• determine the type of support and SLAs required
• plan for skills needed in your organization
• ensure compliance with regulations and internal policies

You can also benchmark your open source usage against that of other similar companies by taking the results from OSS Discovery and anonymously submitting them to The Open Source Census.  By doing so, you will get access to benchmark reports that show opportunities for using more open source software.