Using Open Source – The Right Way!
In today’s world, most developers make use of open source. But, what exactly is Open Source? Open source software is the software that grants anyone with the freedom to copy, inspect & enhance as per their needs.
- Some common myths about Open Source Software
- You cannot use free & open source software in a proprietary environment.
- All open source licenses require the release of source code for everything.
- The easiest answer to FOSS is to just “say no”.
But the simplest definition of open source software is source code must be freely & publicly available.
- The software’s license must allow modifications to the software & must allow the modified software to be distributed under the same terms as the original license.
- The software and derivative works can be freely (re)distributed.
It is known that companies can gain a competitive edge with the strategic use of OSS components. But, at the same time, lack of awareness while using OSS may result in conflicts which can expose companies to unnecessary risks.
Gartner said that 69%of companies surveyed have no formal policy for evaluating & cataloguing OSS usage in their enterprise. Companies must have a policy for procuring OSS, deciding which applications will be supported by OSS, identifying the intellectual property risk or the risk associated with using OSS.
Once a policy is in place, there must be a governance process to enforce it. The policies should outline the following-
- The licenses which contain obligations which the enterprise finds acceptable to fulfill, white-list those components/licenses which fall within this category.
- The license which contain obligations the enterprise does not find acceptable – blacklist those components/licenses which fall in this category.
- Review process for new open source packages the enterprise wishes to adopt, both directly, or embedded inside commercial products within appropriate usage constraints.
- Formal review process to review existing software products already in use – This is to decide if the software contains open source & if that open source contains licenses which are acceptable or not.
An enterprise should not only adopt an OSS policy but also enforce the policy. This can be achieved by creating a review board that can approve/reject new & existing software. All existing & new software should be carefully audited & component inventory should be built for all the projects. Recent cases have shown that license obligations in open source are legally enforceable & violating them is the same as copyright infringement.
Its very important for companies to organize trainings and seminars to create awareness about the various risks associated with usage of OSS component & train users on FOSS policies, procedures & guidelines in using OSS. Because of the churn in the industry, it’s very important that this activity is done from time to time to make sure that the project teams are always well versed with the set methodologies.
With over 11+ years of experience, Jalpa Joshi heads the Open Source Audit team and is responsible for technical project management for Lyra Infosystems. She has also worked on multiple projects catering to customers from domestic and international markets across various sectors.