HP Offers Open-Source Tracking Tools

HP, with other pro-open-source companies and organizations, is releasing programs and policies to help enterprises track corporate open-source  use.

After a soft-launch in December, Hewlett-Packard on Jan. 23 officially released a pair of new open-source initiatives to help businesses and developers track their free and open-source software programs and licenses: FOSSology and FOSSBazaar.

HP is not doing this on its own. While the open-source management and tracking programs and business processes underlying these initiatives were created by HP, these new initiatives also have the support of The Linux Foundation, Google, Novell, Olliance Group, OpenLogic, SourceForge, international law firm DLA Piper and source-code analysis company Coverity.

The point of these paired projects is to help enterprises and developers track their open-source software assets. HP officials pointed to a recent example with a customer. They said that HP found three times as many FOSS licenses-75-as the customer initially thought. This meant the customer had to choose whether to implement governance policies to allow the safe use of FOSS or replace the software, which would have cost about $80 million.

As Eben Moglen, director of the Software Freedom Law Center, said in a statement, "The principle of 'share and share alike' requires governance measures different than those for the protection of proprietary assets, but not more burdensome. Resources like those HP announced today can help businesses understand how to make using free and open-source software in a compliant manner very simple, effective and profitable."

The first site, FOSSology, provides both a GNU GPL (General Public License) Version 2 tool kit and an open-source code and license database. Users can run FOSSology agents on their software code repositories. The results are then presented via a Web-based interface to developers or IT administrators. As an open-source project itself, FOSSology can now be used to discover open-source code and its associated licenses in the corporate software code library.

Future versions will include the ability to detect reused code. For example, if a home-brew program includes source code from an existing GNU V2 program, FOSSology will report this to the company for the appropriate action.

FOSSBazaar, which is still restricted to beta testers, helps businesses address FOSS business issues and develop best governance practices through online resources, educational materials and community interaction, company officials said.

HP is also offering a new service, HP Open Source Health Check, which is built on FOSSBazaar's resources. While FOSSology provides a quick look at a company's present open-source use and FOSSBazaar general advice on how to handle open-source software in an enterprise, the new HP offering is designed to give companies specific advice and consulting on how they're currently using FOSS and how to make the best corporate use of FOSS.

Other companies, including Black Duck Software and Palamida, provide similar services. However, their focus tends to be on the details of FOSS' intellectual property issues. Doug Levin, CEO of Black Duck, said HP's new initiatives are more complementary rather than competitive with Black Duck's offerings.

In a blog posting on the FOSSology's soft launch, Levin wrote, "We can now officially welcome HP to our market. FOSSology is a nice tool for developers. It will result in software developers being better informed about their use of GPL. That makes it a very worthy tool."