The eight-step open source software adoption process
Koohgoli recommends an eight-step process for effective open source licence management.
Establish a software licensing policy: The first step, which is a necessary practice, involves establishing a software licensing policy. Establish what is acceptable for your organisation, and what is not. Typically, determine what kind of licences or licence stamps you believe will be acceptable for this project. List the stakeholders to define the policy. People from different departments of the business—such as the licensing or legal group, the engineering department, or the business division, and so on, can be involved as they understand the various business requirements. Also, determine what you would do in case a software licensing violation occurs.
Software package pre-approval: The second step, which can be optional, involves defining a process that allows developers to request for certain off-the-shelf open source software to be used in their project. If somebody wants to use a software package from outside, what is the code they are going to use? How are they going to use it? Is it in binary or source code format? Determine how it will be modified, and so on.
These requests will be compiled, tagged and reviewed. The package being requested for use is examined, and related licences are assessed and matched with the software policy established; based on this evaluation, the request is either accepted or rejected.
Existing portfolio assessment: The third step, which is necessary, involves establishing a baseline about what you already have in your company. Basically, it means analysing your existing content and making sure that anything that violates your existing software adoption policy gets flagged, and if necessary, removed.
Incoming third-party software assessment and regular software assessment: These are the fourth and fifth steps. Both of these, again, are necessary and relate to analysing the content that comes from outside into your company—from contractors, outsourced or purchased from a third-party. You need to ensure that such sourced content is clean, and complies with the company's software adoption policy. It is wise to automatically analyse code to make sure that there are no surprises in the end, when the product is ready for the market. We know of companies that do this scanning on a daily basis.
Real-time library check-in assessment: This step involves checking the content that exists in the content libraries of the organisation, to determine that each component in the repository complies with the established software adoption policy.
Real-time automated assessment: These days we have solutions that work in the background, like an anti-virus solution, and detect any piece of open source software that is added to any workstation through USB or via the Web. The developer immediately gets an alert if any violation of any licensing policy is found. The developer then has the choice of either removing the piece of code entirely, or adding a comment that will be used for testing and would be removed later, and may continue with the process.
Pre-shipment software assessment: This involves the analysis of the final artefact. If you have followed the earlier steps, there should be no surprises.
This is what we call a structured open software adoption process. [Please use the following link to download the white-paper: http://bit.ly/yjmntb]