The Six Elements of Open Source Governance

FOSSBazaar is no longer being updated. The information on this site is preserved for your convenience but may be out of date. Please visit Linux Foundation's Open Compliance Program for current information and activities.

Wazi's picture
Posted March 11th, 2009 by Wazi
The excerpt below is from an article by Kimberly McClintock that originally appeared on Wazi, a clearinghouse for the timeliest thinking on open source software.

Introduction

There's a rumor going around that the be-all-end-all of open source governance is scanning. Scanning an effective CYA on governance? Bollocks, we say. One component, but not the whole story. Scanning will help you figure out what you've got, alright, but then what? How do you know if what you've got and what you're doing with it are copacetic without a policy or two? And once you've done the work of figuring out what you've got, how you're using it, and you've got those policies in place, how do you keep that information current?
Each of these questions scratches the surface of concerns we think are urgent, and they're not addressed by scanning alone.
The rumor mongers have an agenda, and you'd be right to suspect that we do, too. We are, after all, the company behind OpenLogic Exchange (OLEX), which comes in an Enterprise Edition that's designed to cover all the bases of open source governance. However, rest assured that the point of this article is not to push our solution so much as to share the thinking behind our solution. If you can put together another stack that covers the bases we lay out for you here, more power to you.

Governance of Open Source in the Enterprise - Six Elements

What you really want is open source governance that's so easy you (and your users) will barely know it's there. We've done this a gazillion times, and we've boiled it down to Six Elements:
  1. Policies - First, decide what Is OK and what Is Not OK
  2. Inventory - Figure out what you got
  3. Provisioning - Figure out how you're gonna get more...
  4. Managing - ...while following the rules from #1
  5. Auditing - Circle back and confirm that everything's still going ok
  6. Reporting - Gift-wrap that "OK" to show you care (and give them sparkle for the board slides)

Approach these elements roughly as steps and they'll lead you through a set of exercises that determine comfort level and current usage, establish monitoring and control of what's used and where going forward, and result in the creation of a sustainable system going forward.
You'll notice 'scanning' is not mentioned at all here. That's because we believe scanning is a means, not an end....
Continue reading The Six Elements of Open Source Governance ยป