
Gartner Report: How to Create and Enforce a Governance Policy for Open Source Software
Organizations are increasingly implementing open source software in order to have access to the latest technologies and innovations. However, policies and procedures around adoption and maintenance are sometimes slow to catch up, resulting in confusion among stakeholders and increased security risks.
In this blog, find out how developing an OSS governance policy could help advance your organization’s open source strategy, as outlined by the Gartner Report, “How to Create and Enforce a Governance Policy for Open Source Software”.
- Why Adopt a Policy for OSS Governance?
- Gartner Report: How to Create and Enforce a Governance Policy for Open Source Software
- Overview of Key Findings
- Download the Report
Why Adopt a Policy for OSS Governance?
Software engineering teams recognize the advantages of open source software and are eager to deploy these technologies. Citing the 2023 State of Open Source Report, in which 80% of respondents said they increased their use of open source software in the past 12 months, Gartner notes, “Nearly all organizations use OSS within mission-critical IT workloads, whether they are aware of it or not. Most software infrastructure innovation starts in OSS communities, and vendors and software engineering teams routinely use OSS in the products they build.”*
But the advantages of open source software come with a unique set of risks, which is why creating an OSS governance policy is an essential step for organizations who plan to continue to leverage open source in their infrastructure.
According to Gartner, “To protect your organization from these OSS risks and ensure the longevity of the products your teams build, the organization should establish an OSS governance policy, and processes to manage OSS consumption, contribution and creation.”*
Gartner® Report: How to Create and Enforce a Governance Policy for Open Source Software
The Gartner Report, "How to Create and Enforce a Governance Policy for Open Source Software," provides a step-by-step guide for teams looking to standardize processes around open source software adoption and management. It includes a template for developing a governance policy, and recommendations to ensure successful distribution and adherence.
Overview of Key Findings
“The adoption of open-source software (OSS) incurs unique risks that extend beyond the scope of the IT department, including legal, risk management, finance and procurement.
OSS risks vary based on the types of OSS that teams use — whether it is packaged products, libraries, frameworks or source code. Risks are also affected by the way teams engage in open-source communities — including OSS consumption, contribution and creation.
Even if governance policies exist, software engineering and procurement teams may not be aware of them, or they may bypass them if the approval process is too hard.”*
Access the Full Report
Get the full details on the recommended steps for creating and enforcing a governance policy for open source software by downloading a complimentary copy of the Gartner® Report today.
*Source: Gartner, How to Create and Enforce a Governance Policy for Open Source Software, 16 March 2023, Ann Thomas, Arun Batchu, Nitish Tyagi.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.