How to Bring Open-Source Software into the Enterprise - Page 2

Five tips for using open-source software

Over the past decade, I've come to see what makes open-source software thrive in an enterprise. Simply put, once enterprises put in place the same governance, policy and support processes around open-source software as they do with proprietary software, there is no limit to how much open-source software they can bring into their organization-or how much money they can save.

Here are five tips on how to close the gaps and allow open source to come into your organization in a way that maps to your corporate risk factors, making open-source software no more or less of a risk than proprietary software:

Tip No. 1: Service-level agreement (SLA) support

One of the greatest things about open-source software is that it is backed by an active and responsive community. However, like many CTOs and CIOs, I don't like uncertainty and will pay to mitigate risk. When it comes to mission-critical software, you can't guarantee that the community will provide support in the time period you require. Whether you download software or buy it from a commercial open source vendor, you need to have SLA support contracts. Support is available from several commercial open source vendors.

Tip No. 2: Indemnification

Lawsuits happen in the software industry, whether it's proprietary or open-source software. Some legal actions you hear about, some you don't. It is critical, especially if the software you are using is important to your business, that you have indemnification to protect you from legal actions that could preclude you from further use. Indemnification is available from many of the commercial open source vendors.

Tip No. 3: Open source licenses: compliance or violation

One of the key differences between proprietary and open-source software is the license used. Each organization has its own risk threshold that dictates which open source licenses it allows into its organization. Once you've decided that a particular open source license is allowed, you still must comply with the license. It's important to have processes to ensure compliance with open source licenses-just as you would with proprietary licenses. Your legal department can guide you in understanding license obligations and ensuring compliance.

Tip No. 4: Procurement

In the early days of enterprise open source adoption, we were looking for open source projects that were bits of code we could embed into larger solutions. Today, we see open-source software transitioning into full-blown open source solutions. As the open source community continues to develop full-featured solutions, it becomes imperative to have a procurement process in place that ensures you are selecting software from mature and active communities. Just like you need to evaluate viability of a software vendor, you need to evaluate viability of a community or open source project.

Tip No. 5: Governance

Lastly, you need to develop and enforce a comprehensive governance program that tracks your open-source software from the cradle to the grave. What are your policies for allowing software into the organization? Who will approve it? How do you track when and where software is used? What are the conditions by which you will look to retire or replace the software? How can you assure that the use of the software conforms to your interoperability requirements? You can build your own processes and tools, or there are several vendors that provide open source governance or management platforms to automate this process.

Carol J. Rizzo is a technology consultant with more than 25 years of health care and financial industry experience, having served as CTO of Kaiser Permanente, AIG and CitiGroup. Currently, Carol is consulting software companies in the health care, financial and media industries. She has managed a variety of technology functions including infrastructure operations, engineering, interactive software development, product development and telecommunications. She can be reached at