How to integrate OSS in products?

FOSSBazaar is no longer being updated. The information on this site is preserved for your convenience but may be out of date. Please visit Linux Foundation's Open Compliance Program for current information and activities.

The following presentation shall provide an overview how to look at Open Source Software (OSS) and how to use it effectively.

From a general point of view OSS needs to be treated in nearly all cases as third party OEM software, which is licensed under an OSS compliant license. There are only two exceptions where OSS has to be considered as own software, those are when it comes to bugs and patents.

In order to deliver products timely and with the required features and quality, which is crucial for business success and growth for any enterprise, it is almost impossible not to take advantage of OSS.

A company can be completely based on OSS because there are OSS Applications available in all areas e.g.:

    IT Infrastructure
    Linux, Apache Webserver, MySQL, PHP, Asterisk

      Collaboration Tools, evolution, sugarCRM, Trac, mediawiki

      Development Tools
      subversion, git, bugzilla, gcc, gdb, Eclipse, JUnit, CCCC, FIT

      Incorporation into products
      U-Boot, Linux, BusyBox, glibc, JBoss, gtk

OSS offers many benefits. However, companies can also be seriously harmed when OSS is used improperly.

OSS will influence and even change the complete economic environment a company is acting in. It will influence the market; new competitors with OSS solutions might enter the market segment a company is acting in. Customers will have own OSS policies, which have to be respected and followed if you want to do still business with them. Additionally it will influence the company internal processes like the supply management process, because a company has to know what it receives from its OEM/ODM vendors. Further it will influence the recruiting processes; if there is an OSS package which is important for the companies' business the company may hire developers of that package. And it will for sure influence the own development and product policies.

So the main question is how to use OSS correctly and efficiently.

To make good use of OSS a company has to follow a "top down approach" and not a "buttom up approach". First you need to define a clear strategy about OSS and about the communities supporting OSS and it has to be communicated. Having defined the strategy you need to define the processes according to the strategy and last but not least you have to define the adequate control mechanisms. Training of the employees is as important as the strategy. Thus it can be said from an abstract point of view that using OSS correctly and efficiently is a matter of "strategy", "processes" and "education".

When you look at the product lifecycle process and the various ways in which OSS can be integrated into a product (intentionally or un-intentionally). It is imperative to correctly identify all OSS code and take up the required licences for legal compliance. The point is that the license obligations of every incorporated OSS add to the non functional requirements of a product, e.g. in the most simple case the license text has to be provided in the user documentation of the product. Thus all license obligations of all incorporated OSS have to be treated, tracked and verified as any other product requirement and the overall system architecture has to take all those requirements into account. In order to be able to do that a company has to establish the adequate process framework, which can be regarded as a stack of processes with which the product life cycle process has to be enhanced.

To conclude the decision about using or not using OSS needs to be taken by Management. Using OSS correctly and efficiently is a question of processes, careful requirements engineering and training. Once everything is in place, using OSS becomes a worthwhile investment of time and money.

If you have questions, add ons, etc. I would be more than happy to recieve them.