Home » Blogs » Andrew Aitken's blog

Origination of Open Source Governance in the Enterprise

FOSSBazaar is no longer being updated. The information on this site is preserved for your convenience but may be out of date. Please visit Linux Foundation's Open Compliance Program for current information and activities.

Andrew Aitken's picture
Posted April 4th, 2008 by Andrew Aitken
In my previous entry I noted that small and medium businesses tend to develop governance policies adhoc and real time and are likely to be developed and run by IT. That is, as open source proliferates, the policies are more organic and evolve over time. They also tend to be more technically oriented and include fewer business terms or provisions.

This is mostly a contrast with enterprises. Although the need for an open source policy may be driven by ground up proliferation of open source software, the policy itself tends to be developed and implemented at a specific point in time, rather than as an evolution. Additionally, the policy tends to be more far reaching, driven by legal and/or IT and with other business units participating. Some of the core differences in policies are; requirements for vendors and 3rd party software and quite detailed and sophisticated use cases, processes and web-based program management. Interestingly, most open source governance programs are established as separate programs from other typical internal software and technology governance and compliance activities. I think this trend may actually decrease as open source itself matures, best practices evolve, tools mature, and organizations like FOSSBazaar attract a wider following. At some point open source governance becomes a more known process and can be incorporated into other internal oversight programs.

Communication plays an absolutely critical role when implementing an open source governance program. We’ve seen the success or failure of compliance and governance programs hinge on how they were communicated across the organization. I’ll get into this in more detail next time.

rca's picture

Slotting into IT governance guidelines?

Submitted by Ramon Cahenzli on Mon, 2008-04-28 18:53.

Do you think it is possible to slot FOSS-specific governance techniques into existing governance standards such as COBIT?

I have only a very superficial knowledge of COBIT from a lightning course about it, but my impression was that software licensing is mostly treated as "you need to make sure you've paid for all your licenses", not as "here are some licensing options and their consequences".

COBIT is gaining traction here among companies just large enough to implement it, but does it have any importance in larger enterprises?

Andrew Aitken's picture

Slotting into IT governance guidelines?

Submitted by Andrew Aitken on Tue, 2008-04-29 14:42.
Ramon, thank you for pointing COBIT out to me I was not familiar with this effort. I reviewed the 4.1 document and think that it might be a valuable framework for open source governance. I would caution though, that to be a part of what appears to be a standards-based approach, open source governance needs some maturing. Open source governance, like most other technology initatives, is about people, process and tools; IMHO none of those components are well enough understood, or have enough commonalities yet, for a standards group to settle on as a baseline. Although we are fast approaching the point in time when there is enough information through efforts such as Fossbazaar and others where this will be a possibility.
rca's picture

I agree with those points,

Submitted by Ramon Cahenzli on Tue, 2008-04-29 16:39.

I agree with those points, it's definitely something to look at for the future.

I think it might be worth keeping an eye on COBIT as it's apparently an open standard and quite well received, especially by practitioners. The scientific sector meanwhile does not write much about it, and the publications that do exist generally complain about a lack of publications :) (As in Carroll, Ridley and Young, 2004)

So once both FOSS governance has matured and COBIT's application is better understood, I hope they're ready to complement each other.