Recently Laurie Wurster of Gartner wrote an article in the Harvard Business Review which confirms that the free and open source software (“FOSS”) has reached a “tipping point” in adoption by companies which confirms a trend she noted in her 2008 report (Accenture and IDG have reached similar conclusions). http://blogs.hbr.org/cs/2011/03/open_source_software_hits_a_st.html
Yet she notes that this increase in adoption has not been matched by implementing processes to manage such use. She raised the same issue in her 2008 report. http://lawandlifesiliconvalley.com/blog/?p=107. In the Harvard Business Review in March 2011, she states:
Even as our survey painted a rosy picture of the future of enterprise use of open source software, it also surfaced a concern. Most organizations, it revealed, have not established a policy framework to guide decision-making on the use of open source software. A proper framework would outline types of licenses acceptable to the organization, guidelines pertaining to intellectual property, regulations governing contributions to external projects, and an approved vendor/project list. Just a third of respondents claimed their organizations have anything like this kind of policy structure; the rest rely on ad hoc or informal processes
In fact, this problem is sufficiently important that we are having a specific breakout session on FOSS management at the Open Source Think Tank this week. http://lawandlifesiliconvalley.com/blog/?p=600.
Open source has now become ubiquitous, yet management of its use remains uneven. The recent Forrester Research report at LinuxCon notes that 2010 was the year of using open source to improve business process execution speed and company growth. The adoption of open source has decreased in importance because open source is now so widely adopted.
Recently, Dell had problems with compliance with its Stark tablet http://laforge.gnumonks.org/weblog/2010/09/13/. This case illustrates critical lessons in open source management: (1) diligence is essential and (2) open source has many free lance enforcers who are checking compliance. Dell used the Android operating system in the tablet. Dell failed to comply with the terms of the GPLv2 to make available the source code with the object code even though everyone “knows” that the Android operating system is licensed under the Apache license. As Black Duck noted in a recent report on Android software, the Android operating system is based on the Linux operating system and has 185 sub components which use nineteen different open source licenses. The compliance failure was first noted by Harald Welte of gpl-violations. Harald is one of the “free lance” enforcers of the GPL.
The industry is responding to these challenges through a number of initiatives.
1. The Linux Foundation working with the Fossology project has developed: the Software Package Data Exchange™ (SPDX™) specification is a standard format for communicating the components, licenses and copyrights associated with a software package www.spdx.org.
2. The Linux Foundation has developed tools to assist in determining and managing open source http://www.linuxfoundation.org/programs/legal/compliance/tools.
3. HP has made its open source scanning tools available through Fossology http://www.fossology.org/.
4. GPL violations has made its binary scanning tools available http://www.binaryanalysis.org/en/content/show/download.
5. Project Harmony is an informal group of lawyers and industry members who are discussing the role of contribution agreements in open source projects. The discussion ranges from the appropriateness of contributor agreements to the use of assignment or licenses in contribution agreements.
Linux Foundation is also preparing a checklist for compliance which will be available in the fourth quarter of 2010. These efforts should make compliance simpler over time, but it is important for companies to participate in these efforts to make them more effective.