SAP, arguably one of the remaining enterprise software vendors to accept and use open source within its products, made news by announcing a broader open source strategy. More importantly, SAP explained how they planned for the greater acceptance of open source components within their projects. Enterprise IT decision makers can learn from SAP’s progress along the open source adoption cycle.
Risk, a four letter word in IT
As IDG’s Joab Jackson reports, SAP faced two key related hurdles while attempting to grow its usage of open source components within their products – executive acceptance and developer education. Not surprisingly, these very same issues were also highlighted in a newly released Accenture survey of open source adoption amongst 300 US and UK companies with over $500 million in yearly revenue. Accenture explains:
Despite a very encouraging picture, some organizations still remain hesitant. The biggest challenge, mentioned by 35 percent of all companies, is still around training developers how to use open source. Furthermore, lack of senior management support appears to be a key reason given for not using open source software among organizations that have looked at it but ultimately chosen not to use it.
IBM’s Bob Sutor, VP of Open Source and Linux, recently detailed ten questions he is frequently asked by customers considering open source. Here are a few of key questions Bob typically faces:
- Of the hundreds of thousands of open source projects, how do I tell which are the good or bad ones?
- I need a 5 to 10 year plan for installing enterprise software. Which open source projects and companies can I count on to GUARANTEE support for the software for that long?
- How do I avoid making a really bad, possibly job-ending, mistake when moving to open source software?
- Will I have legal or license problems if I use open source projects?
Bob tends to speak with C-level executives and IT decision makers. These audiences are often very concerned about risk mitigation and want to ensure that open source decisions do not add undue risk to the enterprise.
OSS approval processes mitigate risk
Training developers to appropriately utilize approved open source projects and products within an enterprise software project helps address executive and decision maker concerns surrounding open source adoption. This is true whether the software project will only ever be utilized internally or could potentially be made public.
According to Jackson’s report, SAP has standardized a process for managing which open source software is approved for use by SAP’s internal developers. Jackson writes:
Using a program called Code Center, offered by Black Duck Software as part of its Black Duck Suite, von Riegen’s office runs a companywide registry of which open source applications have already been approved by SAP for use within its products. It also specifies which versions of these applications have been approved, which streamlines the maintenance process for the company.
SAP’s open source approval process follows similar processes in place at software vendors such as IBM, Oracle and Microsoft and enterprises alike.
The process begins by identifying which open source projects and products are already in use within the enterprise development process. Think it’s odd to scan for open source usage before a usage policy is in place? Think again – the open source folklore is laden with stories of IT managers stating “we don’t use any open source” and one of his developers piping in to correct them.
Second, more than likely with the help of your legal team, identify the licenses and project governance approaches that your company deems in line with your adoption of the related open source project.
The first two steps will result in a list of approved open source projects that your developers can utilize within their application development efforts.
Finally, determine which open source projects identified above are projects your company would be willing to let developers contribute into. Most enterprises don’t contribute to open source projects even while their usage of open source continues to expand. According to data from Accenture’s survey, only 23 percent of respondents expected to contribute to an open source project. However, being able to contribute into an open source project as part of a developer’s day job is increasingly and attractive recruitment tool. As such, I wouldn’t be surprised if enterprise open source contribution were to accelerate. It’s important to start thinking about which projects could make the shortlist of projects your company’s developers are able to contribute to.
Usage of products such as Black Duck’s Code Center or OpenLogic’s Deep Discovery Scanning Solution is growing within enterprises. For instance, OpenLogic announced a 97 percent increase in quarterly year to year revenue since adding the OSS Deep Discovery Scanning tool to its product mix. The growing use of these tools points to a growing understanding that open source adoption must be planned and managed, as is the case with any technology adoption decision.
Does your company have a formal open source adoption process? Why not?