Developing Open-Source Business Policies That Work

Accidental Open-Source Developers

This touches on a side issue. Your company may not be in the software business, but that doesn't mean that your in-house developers aren't modifying open-source programs for your own internal use. That's not a problem by the rules of even the strictest open-source license. But if you ship a product that contains modified open-source code, you'll need to obey the license's rules or face possible legal consequences. Verizon, for example, ran afoul of this when it shipped wireless routers for its Fios (fiber-optic service) Internet that contained a GPL (General Public License) program.

Some corporate executives, such as David Allen, CTO at Sparta Consulting, an SAP consultancy, are already painfully aware of the potential trouble with using and developing open-source software. "I am a big fan of open source, use it every day, but I'm concerned that too many CIOs do not have an adequate grasp on their responsibilities with the various licenses that we generically describe as open source. As a new CTO, I have taken the responsibility of creating our IP development standards/policies. Beware of trying to walk the line between 'use' and 'development.' The line between configuration and extension or development is fuzzy at best."

To avoid this kind of misstep, and to make sure that authorized in-house programs are green-lighted before going into production, Hirsch says his company plans to have its policy "state that open source can be used for experimentation, prototyping and investigative application development without permission. However, any production designed applications or utilities will require an approval by the CTO/CIO and the business owner before open source can be used in a production environment."

So long as you use any customized open-source software in-house, Gordon Haff, principal IT advisor for the Illuminata Group, doesn't see too much for companies to worry about. "Anecdotally, when I'm in an end user audience, I don't see much interest in or knowledge of open source software licensing nuances and issues. And, truth be told, for a lot of end users, it doesn't matter much. If you're strictly an end user developing software for your own internal use, you can use pretty much any open source software you like without knowing or caring about the differences between GPLv2 and BSD."

Managing Software

Making proper use of open-source software is the central concern for most companies and organizations. Alan Young, CIO of the Southern Ute Indian Tribe, is focused on coming up with a viable open-source deployment policy. "Given the budget pressures that IT faces and the business objectives, sometimes it makes good sense to think about open-source applications, but the road is fraught with scary consequences."