The Enterprise Open Source Blog

Open Source Provisioning Strategies Can Help Achieve the Promised ROI

Posted by Jesse Hood on February 6th, 2012 in Open Source Trends, Scanning & Provisioning

Open source literally is a gold mine for enterprises in 2012+ and as the amount of choices increase exponentially so does the need for a provisioning strategy.

Webster’s basic definition for provisioning is to supply someone or something with provisions. Thanks Webster, I can always count on you to cut to the chase. Since we are not really writing about supplying food, water or clothing rations I had to find a more appropriate and up to date definition.

This one from webopedia describes provisioning as: The process of providing users with access to data and technology resources. The term typically is used in reference to enterprise-level resource management.

That’s pretty good, but lets dig a bit further into the nature of open source to consider the implications of effectively and safely provisioning it for an enterprise. Three of the largest open source repositories in the world publish the following data about the amount of code available:

Open Source Scanning: A Technical Perspective on Which Files to Scan

Posted by Dave McLoughlin on January 23rd, 2012 in Scanning & Provisioning

When preparing to scan your application development projects for open source software, one simple approach is to point your scanner at the root directory of your development system. But that is probably not the most efficient approach, and results may include many open source components that are not actually part of your application. Or worse, the scanner may miss components that are not present in the build environment. There are many reasons to be careful and selective about what you scan and why. Here’s a short list of considerations when preparing to scan and determine the open source used in your application.

Linear vs. Targeted: The Location and Amount of Source Code Scanning is Important

Posted by Jesse Hood on January 6th, 2012 in Scanning & Provisioning

The location and amount of source code scanning and analysis an organization should expect to do when beginning a new initiative will likely have a direct correlation to establishing or revisiting a meaningful open source policy. Retroactively auditing for open source and analyzing licenses can quickly become a much more time and resource intensive task than expected for companies that are starting these projects in 2012, mainly due the potential for large legacy code bases that have never been vetted for open source before.

This article includes a short description of how the individuals who are or will become members of an open source review board could start thinking strategically about a scanning project to maximize efficiency of limited resources.

4 Steps to Understanding an Open Source Audit

Posted by Dave McLoughlin on December 21st, 2011 in Legal & Compliance, Scanning & Provisioning

Often times, at the completion of an open source software (OSS) audit, customers will ask us “Now that I know what OSS and licenses I have, what do I do?” or “Do I have any issues?” What they are really wondering about is license compliance, are they in violation of any of the OSS licenses, or if they are not in compliance, what are the implications?

If you are familiar with common OSS licenses, you will know that quite often people are most concerned about the dreaded “copyleft” licenses, where non-compliance can potentially mean they have to provide their source code, and more importantly, their intellectual property to their customers.

So how do you tell if there are issues or if there is anything you have to do to comply with the OSS license that is in the OSS used in your application development?

Here is a simple guide to help you to begin to understand compliance issues and how to come into compliance for newly discovered OSS.

Open Source Software in Cars: Five Best Practices for Compliance

Posted by Kim Weins on December 19th, 2011 in Governance, Legal & Compliance, Open Source Trends, Scanning & Provisioning, Support

For auto companies that are using or want to use open source software, it’s important to build open source compliance processes into your development and procurement processes.

You’ve probably already heard that GM’s Chevy Volt has over 10 million lines of code – 2 million more than a fighter jet. What you may not know is that the Volt includes a lot of open source software – and the open source code used is available on the oss.gm.com website to fulfill the requirements of the GPL and LGPL licenses.

But the use of open source in cars doesn’t stop there. GENIVI, a non-profit industry alliance that includes members like BMW, Delphi and GM working to create an open source development platform for In-Vehicle Infotainment (IVI). In addition, several Android-based IVI systems have been announced and more are coming soon. The use of open source also extends to the many car-focused mobile apps for both Android and Apple platforms.

I spoke at the recent Automotive Linux Summit in Japan and shared five tips to help you ensure you are complying with the open source licenses that you use:

Open Source Provisioning and Source Code Scanning for the Enterprise.

Posted by Jesse Hood on December 5th, 2011 in Scanning & Provisioning

Documenting the provisioning channel(s) of open source downloads and ongoing use of open source scanning tools are now industry best practices that minimize the potential of license violations.

So how do enterprises approach this seemingly massive challenge of so many different bits and bytes to choose from and then vet their code weeks or months after making selections?

It’s almost as simple as balancing your checkbook (if anyone even uses those general ledgers any more). Keep in mind that the first time I tried to balance a checkbook I needed some help from someone who had been doing it for a while. We all hopefully know exactly where every penny and dollar comes from in our bank accounts and hopefully know exactly where it goes when it leaves.

Learn About the Ins and Outs of Open Source Audits

Posted by Greg Bell on October 25th, 2010 in Scanning & Provisioning

As enterprise use of open source software approaches 100%, it’s becoming more imperative than ever for businesses to determine what open source software is being used, establish open source policies, and ensure open source license compliance. Litigation, loss of revenue, and compromised bargaining position are some of the risks associated with lack of open source license compliance. As a result, open source audits are becoming common requirements in a wide variety of scenarios, including mergers and acquisitions, financing, and distribution deals.

Open Source and Software Allergies

Posted by Rod Cope on September 13th, 2010 in Scanning & Provisioning

One of the reasons they put ingredient labels on food is so you can make sure you won’t eat something that might kill you. Why don’t we do the same thing with software?

Open Source Scanning: A Case Study in SaaS and Cloud Technologies

Posted by Kim Weins on May 12th, 2010 in Scanning & Provisioning

OpenLogic offers several solutions to help companies scan their software and systems to find any open source software that is being used. At OpenLogic, we’ve proven that a (software-as-a-service) SaaS solution coupled with cloud technologies creates a faster and easier solution for our customers.

Using Open Source Software in Your Products? Learn How to Scan for Open Source and Comply with Licenses

Posted by Greg Bell on May 11th, 2010 in Scanning & Provisioning

Open source software is so widespread that it has made its way into a wide variety of products — from cars to DVRs to security systems. In addition, companies often provide free software to customers or partners that includes open source. Even the latest mobile apps often contain open source components.