Best Practices in Open Source Governance

FOSSBazaar is no longer being updated. The information on this site is preserved for your convenience but may be out of date. Please visit Linux Foundation's Open Compliance Program for current information and activities.

Hewlett-Packard's picture

You would be hard pressed to find an enterprise today that does not use open source software. In fact, HP continues to reaffirm that most companies use more open source software than they realize.

Acceptance and adoption of open source is actually widespread across many industries—including commercial software developers—and expanding rapidly. The reason for such broad adoption is clear: enterprises want to save money, which in some cases can mean millions of dollars; and they want to enjoy this savings while leveraging high quality and flexibility within their business technology infrastructure. Global peer review and open access to source code are seen as major contributors to meeting these objectives. Accordingly, Gartner Group predicts that by 2008, 95 percent of Global 2000 organizations will have formal open source acquisition and management strategies.

To many, the “free” availability of open source software would seem like a bonanza. Because the code itself is typically available at no cost, there is little standing in the way for developers to make software choices on an individual basis, without corporate or even departmental oversight. And the ease with which open source software can be acquired and integrated into products is a very appealing factor in its widespread use. But this “free and easy” world of open source software can rapidly lead to chaos and an unsustainable situation from both a technical and legal perspective. Therefore, proper open source software governance is becoming increasingly important—in fact, essential—to ensure long-term viability of open source projects across the enterprise.

In this white paper, Best Practices in Open Source Governance, we review the importance of open source software governance, summarizing the potential risks that open source technology could introduce to your enterprise and providing guidance for managing its use and proliferation based on our experience. HP has addressed these risks by implementing a comprehensive open source governance program across its organizations. We offer a set of recommendations derived from this work that you can leverage to implement an open source governance program in your enterprise. In addition, we offer a broad set of professional services to assist you in assessing your open source environment and implementing appropriate governance strategies.