Open Source best practices

Today, all software vendors make use of open source.

• They strive for excellence in leveraging using open source software in commercial software products while ensuring licensing compliance and governance.

• They strive for excellence in using open source based business models for commercial success.

• They strive for excellence in leveraging development models that are used in open source communities in adapting these for in-house use at commercial software vendors.

• They analyze usage of open source software during due diligence in acquiring software companies.
  

To reach excellence you have to be equipped with knowledge about best practices for open source. This blog is meant to provide you with the latest knowledge about open source, esp. open source licensing in commercial software, to reach excellence in open source matters. Please find more information in the book “Best practices for commercial use of open source software”.

Open Source  and Open Source Licensing for commercial software

This page shows you why you should carefully consider using open source software in commercial software: Advantages and disadvantages of open source usage, why open source is used in commercial software and how to manage open source licensing and to control open source usage.

Most important is professional management of open source usage by defining an open source policy for your software company and by following structured processes for open source licensing approval and control. Rest assured that attorneys, consultants and tool vendors are there to assist you.

Advantages of Open Source usage

Simple and fast access to open source are often named as key advantages. Low cost and high quality are additional reasons to consider open source. For a software vendor, there might also be a strategic advantage to use open source software to provide the "non-competitive" part of a solution, while the developers care for the competitive part of the solution.

Motivation for open source usage in commercial software

Usually there are numerous open source components used in commercial software. It makes sense to use open source in commercial software if and only if you can comply with the open source license attached to that open source software. If you do so, you can leverage open source to quickly create functionality and to build on trusted functionality that is provided by software vendors or the open source community.

Relevance of Open Source Licensing

Open source components like the International Components for Unicode, ICU,or Hibernate are used in many commercial software solutions. Non-compliance with the license terms can have dramatic consequences. To avoid these open source licensing consequences, a software vendor has to install an open source licensing policy and practice. But what are the negative aspects and side effects of open source licenses? Open source licensing is also a relevant part of due diligence efforts in the software industry as explained in this book:

Potential disadvantages of open source usage

Use of open source in commercial software can show the following disadvantages:

• Missing commercial services, like support and service level agreements impact the ability to run in commercial environments;

• Commercialization of software might be blocked;

• Missing or incomplete license attributes, like e.g. for sublicensing software or running software in an on demand environment;

• Missing warranty and liability;

• Non-compliance with license terms might lead to litigations.

Open Source licenses and software supply chains

Usage and licensing rights are transferred between players in the software supply chain. Software passed along the supply chain might contain open source software, too. Due to the copyleft effect in certain licenses, the non-compliance of one supplier might impact all other software companies down the supply chain.
So software vendors should diligently check which open source components are contained in the software supplied to them and which license terms apply.
The use of tools eases the work on this problem. You can use open source scanners to find open source code and the corresponding license terms. Please find more information in the book “Best practices for commercial use of open source software”.

Open Source Software License Due Diligence

Often, commercial software contains open source components. In the due diligence for acquiring a commercial software company, you have to check if the company complies with the licenses for open source software contained in their products (open source due diligence). The following figure shows typical components of commercial software that are analyzed during due diligence. They are coming from service providers, from suppliers for OEM software, freeware and open source software and they are created by employees, too.

Next in due diligence we look at the utilization of open source software. In the following figure the software vendor distributes the software products to resellers and to direct customers. The key fact that triggers open source license compliance is often distribution. With the distribution, the open source license terms apply and have to be complied with. Often open source license terms require that the source code is revealed and/or the software has to be provided free of charge. This is of course a critical issue in the due diligence of commercial software.
Software vendors´ core business is monetization of usage rights granted to customers. Open source software and corresponding licenses have to be diligently analyzed in open source due diligence.

You have to ensure that

• all current and planned utilizations of open source software are covered and that

• no open source license terms are violated.

Open Source Software Governance

Open Source Governance is the risk management process for using open source software in commercial software products. So what is the risk in using open source software?

Open source usage has several risks, like:

• Operational risk: Missing commercial services, like support, might impact the ability to serve customers well in commercial environments;

• Commercial risk: Monetization of software products might be blocked by open source licenses; Missing warranty and liability terms for software increase the warranty and liability risk for the commercial software vendor; Limitation of business models and delivery models might occur if the open source license does not explicitly allow or even forbid them.

• License attribute risk: Missing or incomplete license attributes, like e.g. for sublicensing software or running software in a cloud environment; Non-compliance with license terms might lead to litigations.

• Patent litigation risk: open source software might violate intellectual property rights like patents and this poses a legal risk.

Establishing open source governance

Proactive management of open source usage and open source licensing is paramount for commercial software vendors. From design to shipment of software solutions, open source governance is demanded. Please find more information in the book “Best practices for commercial use of open source software”.

Before you start with open source governance, you have to define your open source policy containing:

• Strategic topics:

  • Risk level accepted by the management

  • Overall investment in organization, processes and tools for open source compliance
    

• Tactical topics:

  • Level of management to approve open source usage

  • Frequence and intensity of governance

  • Software license tracking: Open source scan tool selection

  • Size of open source governance functions
    

• Operational topics:

  • List of acceptable open source licenses based on risk level

  • Budget for Open Source Scan Tools

  • A process for governance of used open source components.

We see two types of open source governance: reactive and active. Reactive open source governance just reacts to open source components used in a commercial software and provides an evaluation if an open source use is acceptable or not. As a result, the open source component can be used or has to be removed from the product.

An active approach to open source governance is to provide access to open source componentsfrom within development tools. The development tools allow open source components, that the company allows under the open source policy. Please find more information in the book “Best practices for commercial use of open source software”.

Strategy selection

The best innovation and growth strategy is to combine organic and inorganic growth. SAP has successfully applied organic innovation and growth resulting e.g. in SAP HANA, SAP S/4 HANA as well as inorganic innovation and growth via acquisitions like Qualtrics and Calliduscloud. 

Build, buy, partner

  For me, the most important distinction between build or buy is the window  of opportunity that you have.  In technology markets, there are frequent changes of market direction. If you’re lucky, you had started  your solution  in time to build something that is en vogue  right now. But if you’re not lucky, you need to acquire capabilities that the market needs today.  But is this the only option you have?

Opportunity and risk in building  and acquiring solutions

To be frank,    with the current state of technology due diligence on to be acquired companies there is no difference in risk to build or to buy.  When building products, you trust your developers to build something great. The a priori likelihood of success is 50%. Same likelihood applies for acquiring technology. In addition, acquired technology exists, has customers, success and failure history. So, what is the impact of this statement on build decisions? 

Build decisions

Build decisions are made based on anticipated market trends. So don´t be suprised when you find out that you made the wrong decision. It is perfectly natural to take wrong decisions. But how can you fix such a wrong decision? I have two proposals: The first one is to start massive marketing to convince customers and markets that what you built is the right thing. Tough. The second option is to buy your way into front and center of the market.  What are these the only options you have?

 Outsource your worries

 What we need to look at is in another alternative.  You could leverage an existing open source solution with a license that permits commercial use to jumpstart your building efforts.   And you build differentiating, proprietary technology on top.

 If the open source community behind that solution is being active enough, you will save massive effort for support and maintenance of the solution.  

It also makes financial  and strategic sense to spend your money wisely on functionality where you can differentiate your offering from the competitors’ offerings.

Why don´t you choose one of the following topics to continue: