open source in enterprises apache2009 beijing jack cai
TRANSCRIPT
Open Source in Enterprises
蔡俊杰(Jack Cai)IBM China Development Lab
仅为个人思想,不代表IBM立场或观点
Agenda
n Open source & Enterprisen Using open source software¡ Risks & Suggestions
n Joining open source development¡ Risks & Suggestions
85%
15%
OSS is pervasive in enterprises
n Actaute survey [1]
Oct. 2009n Gartner survey[2]
Nov. 2008
【1】http://www.actuate.com/download/OpenSourceSurvey/oss2009.pdf【2】http://www.gartner.com/it/page.jsp?id=801412
Enterprises are pervasive in OS
n Two good examples¡ Linux kernel
contribution break-down [1]
n 186 companies contributed to v2.6.24
¡ Microsoft turnaroundn Platinum Sponsor of
ASF in 2008 & 2009n Contributed code to a
number of open source projects, including Linux Kernel in July 2009!
CompanyPersonalUnknown
MicrosoftMicrosoft【1】https://www.linuxfoundation.org/publications/linuxkerneldevelopment.php
Enterprise roles in OSn User
¡ Run for daily operation¡ Incorporate into product/service
n Development contributor¡ Code donation¡ Employee participation
n Leadern Service provider
¡ Technical support¡ Consultancy: legal, process, risk
assessment, …¡ Education/Training¡ Solution/Integration
n Sponsor¡ Fund, facility/infrastructure,
software, …
Agenda
n Open source & Enterprisen Using open source softwaren Joining open source development
OSS Benefit & Cost
n High qualityn Zero license feen Openness/Freedomn Flexibilityn Transparency
n Service availabilityn Skill requirementn Migration costn Training costn Legal risk
Mitigating the system risks
n Set up a governance system¡ Determine the strategy (position, risk
preference, etc.)¡ Set up adoption review/approve process¡ Set up daily management system
n A central approved list/repository¡ Conduct education
Legal risk in using OSS
n Copyright¡ Uncertain “pedigree”, SCO case¡ Contamination
n Patent¡ Possible patent infringement, MS v.s
Linux casen License¡ Copy-left, Cisco Linksys case
Mitigating the legal risks
n Do due-diligence investigation¡ Source code scan¡ Author background investigation
n Get professional legal advicen Buy service
Evaluating OSS maturity
n Outstanding leadersn Diversified communityn Wide user basen Active developmentn Mature vulnerability managementn Well-written documentation
Usage pattern
n Run for internal use¡ Most cases
n Run to provide service to 3rd parties¡ Most Internet service companies,
including Googlen Redistribute to 3rd parties¡ Product¡ Solution Caution!
Customization pattern
n Take and fork¡ IBM Lotus Symphony
n Collaborative development¡ IBM & Eclipse¡ IBM WebSphere Community Edition &
Apache Geronimon Some point in-between¡ Google: Apache Harmony, Linux
Agenda
n Open source & Enterprisen Using open source softwaren Joining open source development
Motivations
n Redistributingn Providing servicen Driving standardsn Disrupting competitionn Building eco-systemn User centered design
Legal risks in joining OSS dev
n Contamination & Virus effectn Patent exposure
n Mitigation suggestion¡ Draw a fine line between proprietary code
and open source code, set up review/approve process as required
¡ Conduct necessary education
Infrastructure support
4. Smart Merge
External community code repo
Internal code repo
Developer workstations
1. Check in/out
3. Check in/out
2. Create Patch
Merge Log and Continuous Integration
5. Notify
Open SourceCommunity
Internal open source
n Run projects inside an enterprise in an open source way¡ 20% project?¡ Innovation incubation
Community-driven Commercial development
n Open development¡ Source code available¡ Transparent development¡ User interaction
n Commercial licensen Examples¡ Project Zero (http://www.projectzero.org/)¡ Rational Jazz (http://jazz.net/)
Summary
n Open source is pervasive in enterprises, and enterprises have become the key driver of open source.
n Use open source with caution.n Join in open source development with
caution.
Our open source book, coming soon
Q & A