11 Tips for Creating an OSS Policy
-
Get Management Buy-In
Development teams usually have an in-depth understanding of OSS benefits, but management may not, so tell them about the efficiencies and advantages OSS affords your business. -
Identify Key Shareholders
Gather a team with cross-functional responsibilities: software architects, developers and engineers, QA and release managers, legal counsel, product and business managers, and security pros. -
Understand Your Product Development Process
How is your organization using OSS? It may be crucial for your legal and business teams to understand your product development process so you don't create an OSS policy that stalls or hinders your development cycle or product innovation. -
Evaluate Open-Source Use
Open source can be used to build your product, but it might not be distributed with it. Internal or external use can have different license implications. Whenever you use, consume or contribute to open source, stay compliant and protect your intellectual property from exposure. -
Audit Your Code
During your evaluation process, engage a third-party service to perform a code audit to help uncover the open-source code you use throughout your organization. As part of an OSS governance program, catalog and monitor what arrives from open-source and third-party suppliers. -
Draft a Policy
After all key stakeholders have assessed your company's use of OSS, draft a formal policy. If you have multiple divisions, it's not necessary to have the same policy across each line of business. -
Review Policy With Stakeholders
Circulate the policy among stakeholders for review and approval. Make sure your OSS policy works for development processes and aligns with your business goals. -
Implement It Across Your Enterprise
For your policy to be implemented successfully, train people in OSS. Address what it is, what it isn't, and how it will work in your company. Create clear documentation and communicate with engineering and other key groups to make sure they understand how the policy works. -
Build in a Feedback Loop
During the implementation process, obtain feedback from the key players you're training. "The best way to kill an open-source compliance program is to document something that is not in line with how people are actually working," cautions Harmon's Alyssa Harvey Dawson. -
Regularly Review and Update Policy
Your OSS policy must align with your company's business goals. As your policy becomes integrated and changes occur in your organization, collect feedback and adapt the policy to ensure that it consistently works with your development processes. -
Conclusion
By following these steps, you can build an effective OSS policy that ensures compliance and mitigates operational risk. It will also enable product development teams to successfully produce and distribute innovative products that keep your customers happy.
More and more companies rely on open-source software (OSS), and in this software-driven economy, an open-source policy is critical. It sets guidelines regarding use, license compliance and how to mitigate against operational risks. OSS's ever-increasing complexity also makes it necessary to have clearly defined policies. The appetite for OSS is growing in enterprises. Gartner predicts that by 2016, the majority of mainstream IT organizations will leverage OSS in mission-critical IT solutions. "Open source is a key part of technology leadership today," says Alyssa Harvey Dawson, vice president, Global Intellectual Property and Licensing at Harman International Industries, an audio entertainment company. "[It] is now a key part of most engineering development processes. You want to encourage your engineers to use it, but you must set guidelines to help them be fully aware of the impact and potential consequences of its use." She teamed up with Black Duck Software to offer these tips on developing an open-source policy. Black Duck's knowledge base tracks 1 million projects from 7,500 sites and contains 2,300 software licenses.