HP announced Thursday a three-part software governance initiative to help companies address the legal, financial and security demands associated with using free and open source software (FOSS).
The company is donating its intellectual property for monitoring open source products to a new open source community. It is also founding a new organization designed to further educate users about the licensing demands and legal issues surrounding open source software.
The third component of the governance initiative is an expansion of HP’s existing consulting services. The company will provide contracted services to enterprises seeking help in identifying open source software and dealing with the license requirements.
“There is a growing need for companies to monitor their use of software containing open source elements. Some software developers ship their products without adequate disclosure of open source. Other software developers do notify their customers,” Doug Small, director of marketing for HP’s open source and Linux Organization, told LinuxInsider.
The problem, he said, involves both software based completely on open source and products that have open source components embedded in them. Open source is easy to obtain and often bypasses a company’s regular acquisition procedures, leading to compliance issues.
HP has been developing its own internal mechanisms for monitoring and regulating open source software over the last six years, said Small. That process evolved into software tools to identify open source code and licensing content.
HP is contributing these tools to a community it created around its FOSSology Web site, which went live earlier this week. FOSSology is based on the tools HP uses to effectively manage its own use of free and open source software.
This new community is designed to help users address deployment issues such as the acquisition, tracking and licensing of FOSS. FOSSology’s flexible and open architecture framework, along with detection agents, can help users discover FOSS and related licenses within their own organizations. This tool set is free and downloadable from FOSSology.org for immediate use under the General Public License (GPL) version two.
“We see doing this as table stakes. It is our obligation to contribute to the open source community. That’s how the open source model works,” said Small. “The second reason for our donating our intellectual property is to create more demand from customers for our consulting services.”
FOSSBazaar is a second part of HP’s new community initiatives for open source growth. It makes HP’s expertise freely available to the software community as part of a collaborative effort with industry-leading software vendors and the Linux Foundation. Coverity, DLA Piper, Google, Novell, Olliance Group, OpenLogic and SourceForge have joined HP to offer online resources, educational documentation and community interaction to address FOSS business issues and promote best FOSS governance practices, said Small.
“The HP FOSS governance initiative allows HP to share the insight gained from its own experiences managing open source software with the community that made this technology possible in the first place,” said Christine Martino, vice president of HP’s open source and Linux organization.
HP’s leadership around this open source initiative underscores its commitment to address the challenge of managing open source software proliferation while reducing barriers to adoption, she added.
Company officials view the decision to establish FOSSology and FOSSBazaar as a natural outgrowth to its interaction with existing customers. HP has been using open source code and is a major contributor to many open source projects. It is also a manufacturer of hundreds of products based on open source.
“This process has been increasing since we started seven years ago,” said Small. “About two years ago we started talking to our customers about this. As a result, we realized a consulting practice opportunity.”
Traditional corporate policies for managing software assets are often inadequate to address the unique characteristics of free and open source software, according to HP officials. During a recent customer engagement, for example, HP discovered three times as many FOSS licenses as the client originally thought it held, totaling 75 versus 25. This left the customer with a choice: implement governance policies to allow the safe use of FOSS or replace the software at an estimated cost of US$80 million.
The third part of HP’s open source initiative is the introduction of HP Open Source Health Check services. With these contracted services customers can extend and complement the content available from FOSSBazaar. In addition to creating a snapshot of current FOSS usage, the services assist customers with analyzing FOSS management and reducing the risk associated with it.
These services are priced on an individual basis depending on what help a customer needs, according to Small. HP is extending its existing fee structure to include the new Health Check services.
HP Open Source Heath Check offerings provide an open source management (governance) workshop that guides cross-organizational audiences through issues managing open source in the enterprise. The service also offers an open source exploration service using the HP FOSSology tool to discover open source components in legacy applications.
The open source governance assessment service provides a gap analysis of existing open source management practices and industry best practices, with recommendations to address the gaps. The open source total cost of ownership analysis service uses an HP-developed model to assess the cost benefits of moving to FOSS.