Without Open Source components it is hard to imagine building commercial software. In fact, a recent survey found that almost 80% of companies use open source components in their software (1). Unfortunately, another survey reveals a startling statistic: more than 50% of companies do not have a formal policy or procedures in place for managing their open-source components (2).
As an Engineering executive are you aware of the impact on your software’s life cycle that open source components could be having?
Development
Once the requirement definition and design are complete, the actual coding begins. The usage of open source components in coding commercial software is rising as more companies understand they should let their developers focus on the mission critical parts of their software, rather than reinvent the wheel.
If you are using open source components, you need to verify the licenses, security and versioning of each open source component your developers are adding. This can save significant time; and problems from occurring in later stages. Most companies require their engineering to maintain a spreadsheet with all of the open source components they are using. This is a time consuming and tedious task, but a critical one (although there are alternatives to manual documentation).
Build Time
During the build you need to check your open source components more thoroughly to ensure that the code you are implementing will not negatively impact your company’s goals. This process should be to identify all your open source licenses and check it against your company policy.
You should be aware that although some open source licenses, like the BSD, Apache, and MIT, are quite liberal and basically let you use the software any way you want as long as you attribute the original developer. Others, like the GNU licenses, play well with other software licensed as open source but make life difficult for proprietary offerings. These could be catastrophic for your company to discover after deployment.
Testing Phase
All the hard work of your team in the previous stages will come under a microscope at this phase. And this is also the case regarding you open source components. This is the time to take care of all the special cases identified during the build stage and run the necessary approval processes. Be sure that your approval and review process is open, well-documented and transparent to avoid major issues after launch.
In addition, the open source community is quick to find and fix bugs and security vulnerability, so be sure to check new versions or updates for the open source components you are using. Doing this manually is a hard task, but there is an automated solution that alerts you whenever a security issue has been found or a new update has been released.
Distribution & Deployment
The process does not end with the deployment of your software. You will need to provide complete and comprehensive reports on demand as part of your EULA (End User License Agreement) for your product, for partnerships or for audits. This effectively lets you prove compliance whenever required. Of course with open source components keeping up-to-date on current licensing requirements, code changes, and security breach issues can be an exhausting and never-ending time waster for your developers.
WhiteSource can take the frustration out of continuously trying to keep track of open source components and their licenses by automating open source management to allow your team to focus on building great products.
WhiteSource integrate with your build tools and becomes part of your continuous integration environment. It automatically identifies all the open source components (including all dependencies) and provides you with full inventory and licenses reports.
Image by Cliffydcw (Own work) [CC BY-SA 3.0], via Wikimedia Commons
