How to Bring Open-Source Software into the Enterprise

Open-source software has gained growing acceptance in the enterprise. Once enterprises put in place the same governance, policy and support processes around open-source software as they do with proprietary software, there is no limit to how much open-source software they can bring into their organization. Here, Knowledge Center contributor Carol J. Rizzo offers five tips on how to bring open-source software into your organization in a way that maps to your corporate risk factors, making open-source software no more or less of a risk than proprietary software.


Over the past decade, I've served as CTO of three different Fortune 500 companies. In each of those companies, one of my primary responsibilities was to mitigate risks associated with technology. During the same period, open-source software has gained growing acceptance in the enterprise. Properly sourced, open-source software can bring so much to the table: lower cost solutions, high-quality software and all the other benefits that come from active and altruistic developer and user communities.

However, there is a long-established, risk-averse mindset within many large companies. Companies have established software procurement practices which depend upon an interaction and relationship with a vendor. This has slowed the adoption of open-source software which, similar to commercial software, still has to be adopted under certain guidelines.

A few short years ago, I worked with a company that had a "no open source" usage policy. Fast forward to today, where average Fortune 500 companies are using more than 100 open-source projects each. Some companies are more conservative than others, but I still see four basic phases of open source adoption in corporate America:

Phase No. 1: No awareness

There aren't many of these companies left, and when you do find them, they tend to be smaller organizations. They don't yet know what open-source software is used in their organization and they certainly haven't developed any policies regarding it.

Phase No. 2: Denial and prevention

These companies often are risk-averse. They have yet to try to understand how open source works or do a risk-benefit analysis. They realize that open-source software could contain risks, so they ban it outright or put huge barriers in the way of developers who want to use open source.

Phase No. 3: Limited, safe usage

This is probably where most companies are today in the adoption of open source. Enterprises start by getting Linux from a large, trusted source such as IBM or another enterprise vendor. The vendor provides key services including indemnification and support.

Phase No. 4: Smart governance

The optimal phase of open-source software is where enterprises use open-source software in accordance with policies and architecture blueprints. In this phase, companies realize that they need to put the same processes and controls in place for open-source software as they have with proprietary software. These controls enable companies to gain the benefits of open source while mitigating risks.

As companies move towards "smart governance" of open source, they will need to address several gaps that exist between open-source software and the proprietary software they are used to. Luckily, there are now a wide variety of vendors that wrap open-source software with a set of offerings that help enterprises close these gaps.