11 Tips for Creating an OSS Policy

 
 
By Karen A. Frenkel  |  Posted 01-09-2015 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Get Management Buy-In
    Next

    Get Management Buy-In

    Development teams usually have an in-depth understanding of OSS benefits, but management may not, so tell them about the efficiencies and advantages OSS affords your business.
  • Previous
    Identify Key Shareholders
    Next

    Identify Key Shareholders

    Gather a team with cross-functional responsibilities: software architects, developers and engineers, QA and release managers, legal counsel, product and business managers, and security pros.
  • Previous
    Understand Your Product Development Process
    Next

    Understand Your Product Development Process

    How is your organization using OSS? It may be crucial for your legal and business teams to understand your product development process so you don't create an OSS policy that stalls or hinders your development cycle or product innovation.
  • Previous
    Evaluate Open-Source Use
    Next

    Evaluate Open-Source Use

    Open source can be used to build your product, but it might not be distributed with it. Internal or external use can have different license implications. Whenever you use, consume or contribute to open source, stay compliant and protect your intellectual property from exposure.
  • Previous
    Audit Your Code
    Next

    Audit Your Code

    During your evaluation process, engage a third-party service to perform a code audit to help uncover the open-source code you use throughout your organization. As part of an OSS governance program, catalog and monitor what arrives from open-source and third-party suppliers.
  • Previous
    Draft a Policy
    Next

    Draft a Policy

    After all key stakeholders have assessed your company's use of OSS, draft a formal policy. If you have multiple divisions, it's not necessary to have the same policy across each line of business.
  • Previous
    Review Policy With Stakeholders
    Next

    Review Policy With Stakeholders

    Circulate the policy among stakeholders for review and approval. Make sure your OSS policy works for development processes and aligns with your business goals.
  • Previous
    Implement It Across Your Enterprise
    Next

    Implement It Across Your Enterprise

    For your policy to be implemented successfully, train people in OSS. Address what it is, what it isn't, and how it will work in your company. Create clear documentation and communicate with engineering and other key groups to make sure they understand how the policy works.
  • Previous
    Build in a Feedback Loop
    Next

    Build in a Feedback Loop

    During the implementation process, obtain feedback from the key players you're training. "The best way to kill an open-source compliance program is to document something that is not in line with how people are actually working," cautions Harmon's Alyssa Harvey Dawson.
  • Previous
    Regularly Review and Update Policy
    Next

    Regularly Review and Update Policy

    Your OSS policy must align with your company's business goals. As your policy becomes integrated and changes occur in your organization, collect feedback and adapt the policy to ensure that it consistently works with your development processes.
  • Previous
    Conclusion
    Next

    Conclusion

    By following these steps, you can build an effective OSS policy that ensures compliance and mitigates operational risk. It will also enable product development teams to successfully produce and distribute innovative products that keep your customers happy.
 

More and more companies rely on open-source software (OSS), and in this software-driven economy, an open-source policy is critical. It sets guidelines regarding use, license compliance and how to mitigate against operational risks. OSS's ever-increasing complexity also makes it necessary to have clearly defined policies. The appetite for OSS is growing in enterprises. Gartner predicts that by 2016, the majority of mainstream IT organizations will leverage OSS in mission-critical IT solutions. "Open source is a key part of technology leadership today," says Alyssa Harvey Dawson, vice president, Global Intellectual Property and Licensing at Harman International Industries, an audio entertainment company. "[It] is now a key part of most engineering development processes. You want to encourage your engineers to use it, but you must set guidelines to help them be fully aware of the impact and potential consequences of its use." She teamed up with Black Duck Software to offer these tips on developing an open-source policy. Black Duck's knowledge base tracks 1 million projects from 7,500 sites and contains 2,300 software licenses.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...