The Enterprise Open Source Blog

Creating an Open Source Compliance Checklist

Posted by Dave McLoughlin on April 13th, 2012 in Governance, Legal & Compliance, Open Source Management, Open Source Trends, Scanning & Provisioning

In a recent blog article Using Categorization to Simplify Open Source License Compliance I talked about simplifying open source compliance through license “categorization” where I listed the common categories used in many open source licenses. In this article I’m going to talk about creating an open source compliance checklist based on those categorizations.

In OpenLogic Exchange (OLEX) Enterprise Edition we have analyzed several hundred open source licenses and created a list of high-level obligations for each license. For example, in OLEX the Apache License 2.0 list of obligations looks like this:

• Distribute copy of license
• Give notice of or fulfill other requirements related to modified files
• Obligation to include notice text or files
• Obligation to include copyright or trademark notice
• Obligation to indemnify contributors
• Obligation to apply license to original or derivative works
• Restrictions regarding use of trademark
• Termination of patent license upon filing of patent litigation

Open Source Software Management: A Review of Wazi Articles

Posted by Aaron Mandelbaum on April 11th, 2012 in Governance, Legal & Compliance, Open Source Management, Open Source Trends, Scanning & Provisioning, Support, The Cloud

Open Source Software Management: A Review of Wazi Articles
The 5 most recent articles published on http://olex.openlogic.com/wazi/

Choosing the Right Type of Open Source Support

Posted by Greg Bell on April 9th, 2012 in Support

Open source software is used by organizations both large and small for everything from desktop applications to mission-critical infrastructure, but many enterprises have inconsistent open source support coverage or lack technical support coverage altogether. Just as most companies won’t use commercial software without technical support coverage, it’s important to evaluate technical support needs and options for any open source used in the enterprise. For some companies it makes sense to rely on internal expertise for open source support, while others require commercial-grade support coverage for some or all of the open source software they use.

In this post I’ll outline the key issues you should consider when evaluating support options for the open source deployed in your organization. I’ll also link to a resource that can help you work through the pros and cons of each option.

Open Source Software LinkedIn API’s Empower your Business

Posted by Nicholas DiPiazza on April 6th, 2012 in Open Source Management, Open Source Trends

LinkedIn contains a massive amount of valuable information about potential new hires that you can use to your company’s benefit. It provides you a single website you can use to view a person’s past work history, recommendations from other LinkedIn users, education background, etc.

But by itself, LinkedIn is just another website where you have to login to get what you need. And you might be thinking that sure, the data is useful, but how do I get that data into my own internal system so that our internal applications / databases can utilize that information?

LinkedIn provides what is called an “Application Programming Interface” which is a fancy way of saying that you can use web services to access LinkedIn functions.

In order to use the LinkedIn API, first you must register at the LinkedIn developer website.

Once you are registered, you are provided a secret API key that you will use. This key validates that you are you, and not someone else on the system.

Supporting Open Source-Based Apps in the Cloud

Posted by Rod Cope on April 4th, 2012 in Open Source Management, Open Source Trends, Support, The Cloud

Your choice of public vs. private cloud and IaaS vs. PaaS providers can have a dramatic impact on your ability to support your open source-based applications in a 24×7 production environment.

Upcoming Webinar: Using SPDX to Streamline Open Source Compliance

Posted by Aaron Mandelbaum on April 2nd, 2012 in Governance, Legal & Compliance, Open Source Management, Open Source Trends, Scanning & Provisioning

The SPDX (Software Package Data Exchange) standard is designed to help companies streamline their open source compliance efforts by sharing information about open source licenses that are used in software packages.

Building the Business Case for Open Source Code Scanning

Posted by Jesse Hood on March 30th, 2012 in Governance, Legal & Compliance, Open Source Management, Open Source Trends, Scanning & Provisioning

I often talk to people who are having a hard time developing the business case for purchasing and implementing a source code scanning tool or purchasing an application audit service. I respond by describing that a legitimate and successful business case in 2012 needs to include the following:

At minimum, a general understanding of the basics of open source software
Both the want and need to find and implement a solution
The organizational drivers and resources to develop a solution to a problem or to enhance and compliment an existing system that lacks efficiency or accuracy
Cross-functional approvals and resources from multiple departments
Accurate and balanced vendor evaluation and selection criteria

Hopefully some of the ideas in this article will resonate to help all of you continue building the business case as you consider how or when to start a scanning and license compliance initiative.

Open Source Software Support: How Well Are You “Minding the Gap”?

Posted by Aaron Mandelbaum on March 28th, 2012 in Support

More and more enterprises are using open source software projects such as Linux, Apache, Tomcat, MySQL, and ActiveMQ as a significant and growing part of their IT portfolio. Some enterprises work with one or more open source vendors to get commercial grade, open source support, for the OSS they use.

However, there are also a substantial amount of open source users that view support as an after thought and find themselves scrambling for a solution at the 23rd (or 25th) hour. Just last week we began our quarterly Open Source Benchmark Report survey focusing on the support aspect of open source software usage.

One question we included in the survey was, “What is the biggest OSS challenge facing you in 2012?” The answers covered a wide range, but there was one consistent theme: when it comes to support, time is of the essence and time needs to be accounted for when obtaining support.

In our Predictions and Trends for Open Source in the Enterprise report, that we concluded at the end of 2011 and published earlier this year, there were a few stats that jumped out to me relative to this discussion;

Open Source Technologies Thrive in the Age of SaaS and Cloud

Posted by Eric Weidner on March 26th, 2012 in Open Source Trends

As we are moving some infrastructure to SaaS applications, I am reminded of previous debates about the effect of SaaS applications on Open Source Technologies. It’s pretty clear that the growth in Open Source has accelerated and has even been enabled by the presence of game changers like SaaS and Cloud. The ability to cheaply and rapidly get new products to market has made the use of Open Source vital to many organizations and the sheer number of options is staggering. At OpenLogic, we build SaaS applications and those applications use hundreds of Open Source components. In fact, CloudSwing now contains more Open Source libraries in less than a year of development than OLEX has in over 4 years of development.

The SPDX License List: the gateway drug to full SPDX adoption?

Posted by Jilayne Lovejoy on March 23rd, 2012 in Legal & Compliance, Scanning & Provisioning

The SPDX License List is just one part of a larger effort to make reporting open source software licensing information more efficient and thus ease license compliance. As an active member of the SPDX legal work group, it began as a simple matter of raising my hand that I took on the task of ‘keeper of the list.’ Or so it seemed.

When I began working at OpenLogic, my first task was to read all the most commonly used open source licenses, analyze the license requirements, and help create the framework which would become the OLEX Open Source License Compliance module to our scanner. This necessarily brought up some tangential questions. Do we have this license already in our database and, if so, is it truly the same license? At what point does it become a different license? What is considered part of the license text and what isn’t? What should the license be called? How should the formatting look when the license is displayed on the page? Later, my role would evolve to include using our product to perform open source audit services for our customers. There is nothing like drinking your own Kool-Aid to encourage improvements at the macro and microscopic level.