it’s no myth: compliance is good business
TRANSCRIPT
© Black Duck 2012
It’s No Myth:Compliance Is Good
BusinessLinux Collaboration Summit, 16 April 2013
Phil Odence, VP Business DevelopmentBlack Duck@black_duck_sw
2 © Black Duck 2013
Black Duck’s Perspective
• Known for services; primarily a software company• Not an open source company per se
• Very involved, but most products under commercial licenses
• Serving (primarily) commercial companies• Software, Systems, Enterprise IT Organizations
• Helping companies manage their use of open source
@black_duck_sw
3 © Black Duck 2013
Agenda
Goal: To provide a bird’s eye view of open source/FOSS usage and compliance in companies
• Evolving Relationship Between Commercial Companies and FOSS •Why open source? •Why comply?•Are they really?•What’s next?
@black_duck_sw
4 © Black Duck 2013
First of all…
“Software is Eating the World.”Marc Andreessen (Netscape Founder)
August ’11, Wall Street Journal
And there’s a growing appetite for open source…
@black_duck_sw
5 © Black Duck 2013
…with the plate is heaping
Source: Ohloh/Black Duck KnowledgeBase
2.7 billion filesNearly 1M de-duplicated projects10+ million staff years of development5000+ sites2,200+ unique software licenses
2006 2008 2010 2012 2014 -
500,000.00
1,000,000.00
1,500,000.00
2,000,000.00
2,500,000.00
FOSS Projects
ProjectedGames
MobileBig Data
Social
NetworksUI
Cloud
@black_duck_sw
6 © Black Duck 2013
OSS Adoption: Jeff Hammond circa early 2009
@black_duck_sw
7 © Black Duck 2013
Olliance Consulting* Management Maturity Framework
Developer driven
Business strategy driven
Ad Hoc Use
Built-in Complianc
e
InformalGuidelines
Strategic OSS Use,
Community Leadership
Explicit Policy,
Tracking & Audting
Process Automation, Community Participation
Open S
ourc
e A
dopti
on
*now a division of Black Duck
@black_duck_sw
8 © Black Duck 2013
Industry OSS Adoption ala Geoff Moore
Innovators Majority
Open S
ourc
e A
dopti
on
@black_duck_sw
9 © Black Duck 2013
Jeff Hammond circa late 2010
• OSS goal to means• 80% developers used• Reduced management gap• Don’t ask/tell to strategic• Waned concern about
mission critical apps
@black_duck_sw
10 © Black Duck 2013
The Chasm is the Stuff of Myth
Closed source is the evil empire
You are a bunch of wookies
If anyone knows we are using open source we’ll have to give up all our code
They just want a free
ride
There’s no way to make money if I give away my software.
No one cares about licenses unless they are
getting sued Those guys don’t get it.
•Chasm: Greek χάος means emptiness, vast void, abyss. Same as for “chaos”•Out of which grew the Chaoskamph myths • Explaining the clash between order and chaos in the world’s creation
• paraphrasing Wikipdia
@black_duck_sw
12 © Black Duck 2013
Faster, Better, Cheaper
Jeffrey Hammond, Forrester
Open source is a ‘silver bullet’ that allows simultaneous improvement along all three dimensions of the software
‘iron triangle’ of cost, schedule, features.
OSS
Cost
Features
Schedule
@black_duck_sw
13 © Black Duck 2013
A bunch of good reasons…
“Open source is ubiquitous, it’s unavoidable….having a policy against open source is impractical and places you at a competitive disadvantage”
• Key Benefits• Flexibility
• Modify, mix, reuse code• Innovation
• Leverage FOSS and community• Cost Optimization
• Reduce or eliminate acquisition costs
Source: Mark Driver, Gartner Group
It’s only #3
@black_duck_sw
14 © Black Duck 2013
30%
80%
AverageBest in class
Company Benefit: Less is More
@black_duck_sw
15 © Black Duck 2013
Real World Example
“Over 80% of the software in our handsets is open source”
Carl-Eric Mols, Head of OSS, Sony Mobile Communications
@black_duck_sw
16 © Black Duck 2013
Another:Large Commercial UK Bank Trading Application
Delivered a new trading app but only had to do 28% of the work!
@black_duck_sw
17 © Black Duck 2013
…and then there’s customer acceptance
• DoD CIO Letter…• To effectively achieve its missions, the
Department of Defense must develop and update its software-based capabilities faster than ever, to anticipate new threats and respond to continuously changing requirements. The use of Open Source Software (OSS) can provide advantages in this regard.
• Unfortunately, there have been misconceptions and misinterpretations of the existing laws, policies and regulations that deal with software and apply to OSS, that have hampered effective DoD use and development of OSS
• I have asked the Director, Enterprise Services & Integration, to work with your staffs and identify other barriers to the effective use of open source software within the Department, so we can continue to increase the benefits from the use of OSS
FOSS
@black_duck_sw
18 © Black Duck 2013
So…
• The myth: • It’s all about the “free beer”
• The reality: • It’s about:
• Flexibility• Innovation• Co-opetition and Community• Recruiting• Support from customers• And, yes, Cost
@black_duck_sw
20 © Black Duck 2013
Software today is Multi-Source
THE ENTERPRISE – TOOLS, PROCESSES
Your Software Application
Internally Developed Code
Commercial 3rd-Party Code
San Mateo
Cambridge
Paris Bangalore
Outsourced Code Development
OSS Communities
Global 2000 organizations increasingly leverage code from a vast array of sources — including internally built, open source, outsourced, commercially built, and customized applications.
- Melinda Ballou, IDC (sponsored by Black Duck
@black_duck_sw
21 © Black Duck 2013
The Fundamental Challenge
“How ya gonna keep ’em down on the farm…?”
Internet900K+ Projects5000+ Sites10Bs LOCs
@black_duck_sw
22 © Black Duck 2013
Management challenges aren’t just legal
• Key Benefits• Flexibility
• Modify, mix, reuse code
• Innovation• Leverage FOSS
and community• Cost Optimization
• Reduce or eliminate acquisition costs
• Challenges• Technical Failure
• Operational exposure• Needs to be
audited, managed
• Security Risks• Business
exposure• IP Risks
• Legal exposure
“Open source is ubiquitous, it’s unavoidable….having a policy against open source is impractical and places you at a competitive disadvantage”
Source: Mark Driver, Gartner Group
It’s only #3
@black_duck_sw
23 © Black Duck 2013
Managing Open Source = Proper SW Dev Mgmt
• “There are plenty of other reasons beyond licensing that I want to understand what’s in our code”
• CIO, Large Financial Services Firm
• Security• Quality• Supportability• Community
• Sarbanes Oxley Act Section 404 says you gotta know what software you got and who owns it• Fortune 500 tech companies- material risk in
10Ks@black_duck_sw
24 © Black Duck 2013
And, if they want to get bought someday…
2009 2010 2011 2012
M&A AuditsUS Tech Deals
OSS Compliance have become routine question in tech M&A
Source: Black Duck / 451 Group
@black_duck_sw
25 © Black Duck 2013
Free’s not all that free
OSS
Risk(all
sorts)
ComplianceProductivit
y
Phil’s (other) iron triangle
No compliance means productive but risky
Overly heavy compliance reduces risk, but may squash productivity
@black_duck_sw
26 © Black Duck 2013
So…
• The myth: •Companies don’t care•And only pay attention to extreme measures
• The reality: • Legal fear is a motivator•But companies’ overall risk management agendas align reasonably with open source governance• It’s just not all that simple@black_duck_sw
27 © Black Duck 2012
Who complies?Myth: OK, but most companies don’t complyAnd, they may talk the talk, but…
28 © Black Duck 2013
Companies invest heavily in compliance
@black_duck_sw
29 © Black Duck 2013
In the form of sophisticated governance processes
@black_duck_sw
30 © Black Duck 2013
…best practices, training, transformation
@black_duck_sw
31 © Black Duck 2013
..,dedicated review boards and programs
Open Source Program Office
• Responsible for all open source activities and strategy across the company• Provides continuous training and consulting to HP product and
project teams• Encourages contribution to the open source community• Sponsors numerous open source foundations (e.g. ASF, Linux
Foundation, OpenStack) and events• Typically review 10 to 20 proposals per week from teams wanting
to use and/or contribute to open source• Develops in-house tools to support the review and tracking of
open source across the company• Promptly handle any compliance inquiries that come to our
attention
http://opensource.hp.com
@black_duck_sw
32 © Black Duck 2013
….correct and corresponding code infrastructure
“The Internet of objects would encode 50 to 100 trillion objects, and be able to follow the movement of those objects. Human beings surrounded by 1000 to 5000 trackable objects”
@black_duck_sw
33 © Black Duck 2013
OK, but do they waddle the waddle?
@black_duck_sw
34 © Black Duck 2013
Giving back is a “higher order skill”
Engineering driven
Business strategy driven
Ad Hoc Use
Built-in Complianc
e
InformalGuidelines
Strategic OSS Use,
Community Leadership
Open S
ourc
e A
dopti
on
*now a division of Black Duck
@black_duck_sw
Explicit Policy,
Tracking & Audting
Process Automation, Community Participation
35 © Black Duck 2013
Companies certainly rock the Kernel
• 75% Kernel developers are paid• 800 companies have contributed over time;
200 active as of 2012• Red Hat, Intel, Novell, IBM, Texas Instruments,
Broadcom, Nokia, Samsung, Oracle and Google
• Jon Corbet’s 2012 annual report
@black_duck_sw
36 © Black Duck 2013
Financial Services
Automotive
Mobile
AerospacePolarsys
Healthcare
Community and Co-opetition
MozillaEclipse
Openstack
The
Foundation
The Apache Foundation
Networking
@black_duck_sw
37 © Black Duck 2013
Automotive may boast the most logos
Ford contributes AppLink code to GENIVI Alliance
GENIVI License Review
Team
@black_duck_sw
38 © Black Duck 2013
And … I’m just sayin’
Microsoft is into open…
@black_duck_sw
39 © Black Duck 2013
Close to our hearts
@black_duck_sw
40 © Black Duck 2013
So…
• The myth: •Companies don’t comply•And even if they do they don’t participate
• The reality: • Some don’t•Many do• The world’s best companies invest heavily•And, more and more they are walking the walk
@black_duck_sw
42 © Black Duck 2013
Conclusion
• The Companies/FOSS has evolved• Corporate usage has crossed the chasm• Companies have good business reasons to
manage/comply• The best companies do comply• And are finding good business reasons to give
back
@black_duck_sw
43 © Black Duck 2013
There may remain a philosophical schism, but...
Software is all about delivering shareholder value
Software is all about
“free”
Rather than question motivation, focus on results
@black_duck_sw
44 © Black Duck 2013
Check out where it’s going
• Key trend toward internal OSS methods – 80%• Open source will make up >50% deployed code – 62%• “Lower Cost” – drops to #7 in importance• Attracting talent – #1 reason to engage• Company’s co-epetition will increase – 57%
•2013 Future of Open Source Survey Results show new trends in OSS
•First ever webinar results panel is now available to view on-demand!
•#FutureOSS
@black_duck_sw