Open Source in Enterprises

蔡俊杰（Jack Cai）IBM China Development Lab

仅为个人思想，不代表IBM立场或观点

Agenda

n Open source & Enterprisen Using open source software¡ Risks & Suggestions

n Joining open source development¡ Risks & Suggestions

85%

15%

OSS is pervasive in enterprises

n Actaute survey [1]

Oct. 2009n Gartner survey[2]

Nov. 2008

【1】http://www.actuate.com/download/OpenSourceSurvey/oss2009.pdf【2】http://www.gartner.com/it/page.jsp?id=801412

Enterprises are pervasive in OS

n Two good examples¡ Linux kernel

contribution break-down [1]

n 186 companies contributed to v2.6.24

¡ Microsoft turnaroundn Platinum Sponsor of

ASF in 2008 & 2009n Contributed code to a

number of open source projects, including Linux Kernel in July 2009!

CompanyPersonalUnknown

MicrosoftMicrosoft【1】https://www.linuxfoundation.org/publications/linuxkerneldevelopment.php

Enterprise roles in OSn User

¡ Run for daily operation¡ Incorporate into product/service

n Development contributor¡ Code donation¡ Employee participation

n Leadern Service provider

¡ Technical support¡ Consultancy: legal, process, risk

assessment, …¡ Education/Training¡ Solution/Integration

n Sponsor¡ Fund, facility/infrastructure,

software, …

Agenda

n Open source & Enterprisen Using open source softwaren Joining open source development

OSS Benefit & Cost

n High qualityn Zero license feen Openness/Freedomn Flexibilityn Transparency

n Service availabilityn Skill requirementn Migration costn Training costn Legal risk

Mitigating the system risks

n Set up a governance system¡ Determine the strategy (position, risk

preference, etc.)¡ Set up adoption review/approve process¡ Set up daily management system

n A central approved list/repository¡ Conduct education

Legal risk in using OSS

n Copyright¡ Uncertain “pedigree”, SCO case¡ Contamination

n Patent¡ Possible patent infringement, MS v.s

Linux casen License¡ Copy-left, Cisco Linksys case

Mitigating the legal risks

n Do due-diligence investigation¡ Source code scan¡ Author background investigation

n Get professional legal advicen Buy service

Evaluating OSS maturity

n Outstanding leadersn Diversified communityn Wide user basen Active developmentn Mature vulnerability managementn Well-written documentation

Usage pattern

n Run for internal use¡ Most cases

n Run to provide service to 3rd parties¡ Most Internet service companies,

including Googlen Redistribute to 3rd parties¡ Product¡ Solution Caution!

Customization pattern

n Take and fork¡ IBM Lotus Symphony

n Collaborative development¡ IBM & Eclipse¡ IBM WebSphere Community Edition &

Apache Geronimon Some point in-between¡ Google: Apache Harmony, Linux

Agenda

n Open source & Enterprisen Using open source softwaren Joining open source development

Motivations

n Redistributingn Providing servicen Driving standardsn Disrupting competitionn Building eco-systemn User centered design

Legal risks in joining OSS dev

n Contamination & Virus effectn Patent exposure

n Mitigation suggestion¡ Draw a fine line between proprietary code

and open source code, set up review/approve process as required

¡ Conduct necessary education

Infrastructure support

4. Smart Merge

External community code repo

Internal code repo

Developer workstations

1. Check in/out

3. Check in/out

2. Create Patch

Merge Log and Continuous Integration

5. Notify

Open SourceCommunity

Internal open source

n Run projects inside an enterprise in an open source way¡ 20% project?¡ Innovation incubation

Community-driven Commercial development

n Open development¡ Source code available¡ Transparent development¡ User interaction

n Commercial licensen Examples¡ Project Zero (http://www.projectzero.org/)¡ Rational Jazz (http://jazz.net/)

Summary

n Open source is pervasive in enterprises, and enterprises have become the key driver of open source.

n Use open source with caution.n Join in open source development with

caution.

Our open source book, coming soon

Q & A