Open Source and risk
The focus of debate on Open Source is too often focused on “its free” and sometimes overstated claims about software quality.
As everybody knows, the cost and risk associated with bringing anything into an enterprise go far beyond the license costs. For OSS, a big problem is that by its nature it can bypass the controls imposed by procurement and the legal departments. This can lead to a range of potential risks from IP infringement to plain old version control. Of almost equal importance to the actual risk is the fact that the risk associated with OSS can be invisible (as the OSS use will often not be tracked as licensed software would be) and therefore undermine the whole of IT risk management.
This article covers one approach to dealing with issue: specialist software to analyse the Open Source software. There are of course more straight forward alternatives: Any vendor supplying OSS as part of a licensed product should be held to account to provide support and ‘handle’ the risk issues. For ‘pure’ OSS, there are plenty of commercial organisations who will provide a degree of quality assurance and service guarantees around projects. It may take away from the “Its free and I won’t need to talk to legal and prodcurement” but do we really want staff bringing software straight from the web into deployment?
Ronan
Recent Comments
November 1, 2010 (8:36) CICS and PHP - DON'T PANIC It's great to see transactional support of any kind for a cloud language... be it PHP or not (whi...
July 16, 2010 (12:41) Does Micro Focus Server for SOA miss the point? I think Micro Focus has done a tremodeous introduction of Web Service from a COBOL. May not be a ...
June 15, 2010 (6:14) CICS and PHP - DON'T PANIC Hi Steve, Well, we don't actually *demand* that you host the PHP in regions separate to those ru...
April 3, 2010 (12:27) AMQP - Great idea, but it will never work As someone who has worked on DDS from an implementation perspective as well as an OMG standards p...
December 12, 2009 (9:15) Did Teilhard's JuxtaComm patent wipe out IBM, Microsoft and SAP? Subsequent to my post, the Calgary Herald ran an article (http://www.calgaryherald.com/business/P...
December 10, 2009 (9:01) AMQP - Great idea, but it will never work Now, this is a late reply! @Thorlin. I looked at DDS before embarking on AMQP (I also looked a...
December 7, 2009 (2:40) Come in Texas East District Court, your time is up The important thing to remember about patents is that they're all about the claims. While the bu...
October 27, 2009 (9:08) BAM vs BI Good article. Thanks, Emil
October 23, 2009 (11:04) So Oracle got Sun - but why? Oracle has stepped up the rhetoric when it comes to its plans for Sun. In a message to Sun custom...
September 16, 2009 (1:15) IBM gets Cognos to fill the gaps IBM has two BAM solutions now Cognos Now! and Websphere Business Monitor. Why two BAM solutions f...