Open source software is gaining serious traction throughout many industries. A 2016 survey conducted by Black Duck Software found virtually all companies rely on open source software in their product development. This indicates that open source is widely adopted and is becoming a strategic part of every company’s software portfolio. As we reap the benefits of open source software and make it an essential part of our development process, what does it take to achieve production-quality, well-supported open source software?
Here are four vital steps for achieving open source success in your company.
1. Open Source Licensing
First and foremost, open source offers users the freedom to access technology tools. Because of this ease of access, there is a general misconception that open source is free. On the contrary, open source software comes with license obligations. For example, a GPL license means you have the freedom to use, copy and modify the software. However, if you sell your software or distribute it, a copy of your source code must be made available to the public under the same GPL license.
As such, choosing the right open source license that aligns with business goals is critical. At VMware, we take a proactive approach toward open source. We start out by learning and understanding the philosophy behind open source. Then, we focus on ensuring the open source license is compatible with the needs of our customers.
2. Use Open Source Responsibly
With the freedom to access great technology tools, what obligations do we have as users of open source software? Eleanor Roosevelt has this great quote: “With freedom comes responsibility.”
By harnessing the collaborative prowess of the open source community, we don’t have to build everything from scratch. Shared development allows the community to build great solutions with shared benefits. This enables us to accelerate product time-to-market and simultaneously reduce development costs.
The responsibility hinges on having a long-term strategic plan to support and maintain the software. Besides complying to the license terms and mitigating security risks, it is essential to have a delivery infrastructure with well-documented steps to ensure software updates are deployed to customers in a reliable, repeatable fashion.
3. Open Source Community Collaboration
Since there is no formal technical support process from the open source community, and to ensure the best quality and support, VMware participates in active, vibrant open source projects that depend on a collaborative community. We have ongoing community review for projects so multiple eyeballs can look at a project’s code and provide critical peer review. This accelerates the discovery of defects, and oftentimes, issues are discovered and fixed before we know them.
Contrast this to dormant open source projects where nobody is improving and maintaining the code. Under these circumstances, you have to find and fix your own issues. This can be super challenging, especially if you were not involved in the development of the code from the beginning.
For successful open source production, think about the leap one has to take going from a developer sandbox to a production environment. At VMware, we carefully select and use the highest quality open source components at every stage of the development cycle. Augment that with the in-house expertise of a dedicated team of quality and security engineers, and this allows us to deliver the most robust software to our customers, complete with assurance of quality and reliability.
4. Open Source Compliance
From a risk mitigation standpoint, open source compliance is not just a legal exercise, nor is it just security risk management. We address open source compliance via the collaborative partnership of cross-functional teams. All facets of the company contribute to the management of open source usage to ensure proper compliance. Here’s how each team contributes to open source compliance:
- Technical Education Team: Education is a key part of our compliance process. The Technical Education team provides online resources and classroom training to educate new employees about proper usage of open source software. In addition, ongoing training is carried out to ensure employees have a good understanding of the policies governing the use of open source software, including process updates and tool improvements.
- Tools Engineering Team: To facilitate the open source review process, tooling is a key part of our compliance infrastructure as well, offering streamlined opportunities via integration with the software development process. The Tools Engineering team automates as much as possible to maximize developer productivity. They monitor and measure against set targets, and provide visibility and transparency of the end results, including clarity around how decisions are made. These self-checking, self-correcting mechanisms allow us to build the right mindset and culture around using open source.
- Product Security Team: Addresses security needs in the initial product planning stages so that security is built into the product to begin with. Considering security up front is a fundamental aspect of secure development. Within each Product Team, functional groups such as Product Development, Quality Engineering, Release Engineering and Technical Support work closely with Product Management to choose the product release cadence that meets customer needs.
- Legal: Elucidates the license obligations of open source to ensure we choose the right open source component during product development.
- IT: Provides online resources to support the use of open source software—repositories, wikis, application frameworks and bug/issue tracking tools, to name a few.
Conclusion
At first glance, an open source solution has the potential to reduce license costs and lower capital expense. However, the operational aspects of deploying open source software in production can be complex, with structural and strategic implications that must be factored into consideration. Once you implement a strategic, long-term support plan that mitigates risks proactively, open source software has the potential to lower your total cost of ownership and simultaneously improve business agility.
Which of these viewpoints resonates with you? What best practices come to mind when you ensure the production quality of open source software, and how you implement these four steps in your organization for open source success? Let us know in the comments!
