Firms should set policies on how to deal with the use and distribution of and contributions to open source projects, Stormy Peters, director of community and partner programmes with OpenLogic argued in a session at the Linuxworld conference.
Only 41 per cent of the firms currently have some level of an open source licensing policy, according to a survey by the company that offers software that tracks the use of open source applications within a firm.
Such policies range from informal arrangements that require verbal approval form a company lawyer or open source 'manager before installing any software, to formalised policies that list pre-approved software packages or licenses.
The lack of open source policies is often sparked by the complexity of the open source licensing landscape. In addition to 59 official open source licenses approved by the Open Source Initiative, there are numerous unofficial open source licenses that range from a variation of the GPL banning use in military applications to one called the Free Beer License".
Instead of navigating this complex legal mine field, most organizations choose to turn a blind eye towards licenses, quietly allowing engineers to download and install the software without going through a procurement process.
"Organisations […] know they are saving money and they know they are saving time. But [ignoring the problem] is really kind of scary at the same time. They are looking for a way to manage the risk without getting rid of all the money they are savings," said Peters.
But allowing open source to enter through the back door is rarely a good strategy, she warned, because it could put them in violation of licensing terms. A company for instance can use GPL-software such as Linux internally without having to publish the source code. But publication is required when it start to distribute the software, either to customers or to partners, which include corporate spin-offs.
Firms might also want to avoid licenses that require distributors of the code to provide users and developers with a patent license.
Companies should therefore create a list of pre-approved open source licenses that have been studied for their requirements and interdependencies, suggested Peters. The resulting policy should also differentiate between internal and external use.
Policies can also prevent unpleasant surprises when firms contribute to open source projects, or when employees participate on discussion lists.
Some firms for instance don't disclose which software they use because that makes it easier for hackers to target the company or because they don't want to be singled out in the media for being an early adopter of an unproven technology.
But they also can score points with the open source community if they allow employees to work on a project or when the submit bug fixes. Having the backing of a large corporation furthermore gives a project more clout if any problems would arise.
Firms struggle with open source licenses
By Tom Sanders on Aug 10, 2007 1:57PM