11/16/2004

Open Source Compliance Program Options

From IT Manager's Journal:

"Companies across the board are utilizing open source at an unprecedented rate, sometimes without much internal visibility. Who in an organization keeps track of open source adoption, modification, implementation and terms of use?

Without a formal compliance program, business enterprises put themselves at risk of unintended violation of open source licenses, inadvertent loss of their own intellectual property rights, and contravention of government regulations. Yet most companies today lack the policies, procedures, and trained personnel to minimize the legal and intellectual property risks of using open source.

A Forrester Research report of September 2003 titled 'Your Open Source Strategy' provides three general recommendations for a company deploying open source in-house:

Fund an open source advisory group to perform due diligence;
Create policies to guide adoption and developer participation;
Build a developer portal to track inventory and provide support.

These are good recommendations for CIOs using open source generally, but practical implementation might vary for a number of reasons. For instance, not all companies use open source in the same way or to the same degree. Because the consequences of distributing open source can be so significant, hardware and software vendors need to pay particular attention to the use of open source code in their products. A more rigorous open source compliance program makes sense for them. "