I will begin by defining the two subjects in the above question. “Open-source software (OSS) is computer software with its source code made available and licensed with a license in which the copyright holder provides the rights to study, change and distribute the software to anyone and for any purpose. Open-source software is very often developed in a public, collaborative manner.” (Wikipedia). Open source software exists in everyday technology, like the apps on smartphones, the televisions we use, and even on the complex operating system, Linux. There are hundreds of thousands of open source software packages in existence today.
A governance policy consists of the rules put in place in order to use, track, and maintain compliance of the software. This includes the policies surrounding the OSS, approvals and control. Why should a policy be defined and in place for companies that write and distribute software? Because companies must comply with the licenses that are attached to the OSS that they use in the software they distribute. A well-designed governance policy will encourage the use of OSS while simultaneously protecting intellectual property and maintaining license compliance.
OpenLogic is a Software-as-a-Service (SaaS) solution for comprehensive governance and provisioning of open source software. This tool allows users to set up a governance policy by using the following steps:
1. Policy: The administrator(s) choose the rules regarding the use of open source software for the developers. The rules are custom-made for the company, which allows the administrator to encourage or discourage the use of open source, or to encourage certain open source packages or versions. The goal here should be to make the process clear and easy for developers so they can save time and money by utilizing open source that complies with the goals of the company. In OpenLogic, the administrator can specifically allow certain versions of an OSS package if required to avoid or utilize certain licenses. The developers can download the desired OSS through OpenLogic with the knowledge that the company allows its use. The policies can be very specific or broad.
2. Approval: If a developer would like to use OSS that has not already been approved, then s/he can request the package and it will be submitted for approval to one or more administrators. This system of approval allows the company to include managers that may not typically be a part of the software development cycle (i.e. business or marketing managers).
3. Control: A governance policy is rather useless if the administrator cannot see what is being used. OpenLogic allows administrators to monitor the use of open source software across the enterprise. This feature reports the OSS used as well as the licenses and obligations tied to that code. If there is a security issue with a version being used, the administrator can immediately address it. Also, developers can look and see what their coworkers are using and collaborate as a team.
A well-designed governance policy will not only help a company to control and maintain the OSS in their code, but it will also give the developers the freedom to use the OSS that is going to save them time and increase innovation. Without this infrastructure, using OSS can end up costing more time and money if a developer finds out that the OSS they used has a license that is against the company policy. A governance policy can be as broad or as specific as needed by the enterprise, and should be a tool that makes using OSS easier.