YOUR FEEDBACK
Werner Keil wrote: Java 6 update 10. If I'd be running Apple, I'd probably really drop dead...
Sep. 5, 2008 09:36 AM
AJAXWorld RIA Conference
$300 Savings Expire September 12th. Register Today and SAVE!
Did you read today's front page stories & breaking news?

SYS-CON.TV: JBoss's Seam: Eliminate Complexity and Build Next-Generation Web 2.0 Applications

2008 East
DIAMOND SPONSOR:
Data Direct
Frontiers in Data Access: The Coming Wave in Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
Intel
Virtualization – Path to Predictive Enterprise
Green Hills
IT Security in a Hostile World
JBoss / freedom oss
Practical SOA Approach
GOLD SPONSORS:
Software AG
The Art & Science of SOA: How Governance Enables Adoption
PlateSpin
Effective Planning for Virtual Infrastructure Growth
Fujitsu
Automated Business Process Discovery & Virtualization Service
Ceedo
Workspace Virtualization
Click For 2007 West
Event Webcasts

2008 East
PLATINUM SPONSORS:
Appcelerator
Think Fast: Accelerate AJAX Development with Appcelerator
GOLD SPONSORS:
DreamFace Interactive
The Ultimate Framework for Creating Personalized Web 2.0 Mashups
ICEsoft
AJAX and Social Computing for the Enterprise
Kaazing
Enterprise Comet: Real–Time, Real–Time, or Real–Time Web 2.0?
Nexaweb
Now Playing: Desktop Apps in the Browser!
Sun
jMaki as an AJAX Mashup Framework
POWER PANELS:
The Business Value
of RIAs
What Lies Beyond AJAX?
KEYNOTES:
Douglas Crockford
Can We Fix the Web?
Anthony Franco
2008: The Year of the RIA
Click For 2007 Event Webcasts
SYS-CON.TV
SYS-CON.TV WEBCASTS
JACKBE The Big A(architecture in AJAX)
INSTANTIATIONS Eclipse Rich Internet Platform with Taylor and Milinkovich
YAHOO! Applying AJAX to Speed User's Journey
ENERJY WEBCAST Java Code Quality Management
APP SERVER SHOOT-OUT with Microsoft, IBM, JBoss, Sun, BEA, and Oracle
TOP LINKS YOU MUST CLICK ON


Best Practices
The Importance of Open Source Governance in Mitigating Risk
Best practices for managing risk when developing an effective open source policy

By: Steven L. Grandchamp
Nov. 27, 2007 01:00 PM

Programmers naturally gravitate toward the best software packages and components for development. They are increasingly choosing a broad range of enterprise-grade open source packages from Apache and Tomcat to Axis and Eclipse. But imagine for a moment this all-too-common scenario: a programmer at a Global 2000 is faced with a looming deadline and after a little bit of research, picks an open source package that he thinks will meet his technical needs and enable him to get his job done more quickly and effectively. Although the open source package may have all of the functionality needed, the programmer doesn't take into account some of the broader, longer-term issues that can have a significant impact on the enterprise, such as:

  • How will we get support for this package once it goes into production?
  • Will we be able to get the service levels we need for support?
  • How might the license impact our company?
  • What will we need to do to stay in compliance with the license?
  • What IP protections do we need to put in place?
  • Will the project still be active over the years to come?
  • How will we manage potential changes to source code?
While open source software provides a functional, flexible, and cost-effective option to enterprises, organizations need an effective, scalable policy for evaluating, managing, and governing the use of open source. Govern open source strategically, and you'll find a venerable gold mine of open source solutions at your disposal. Ignore these open source governance issues, and you take unnecessary legal, financial, and operational risks.

Why Open Source Is Worth Considering
The popularity of open source continues to grow as a wide range of innovative open source software components enable business agility and increase ROI. The functionality and flexibility of open source cannot only decrease time-to-market of new solutions, but help extend the life of legacy applications.

Today, companies don't need to give up the value-add services of commercial software when they choose to use open source solutions. There are now a variety of commercial open source companies that offer support, indemnification, and maintenance for popular enterprise open source packages, making it easier to leverage these open source solutions into your homegrown applications.

Making Open Source Successful
As open source becomes more ubiquitous, business and IT executives must identify ways to confidently incorporate a variety of open source packages to meet business demand. Creating an effective open source policy to govern the adoption and use of open source in an organization will mitigate any potential legal, financial, and operational risks and is a critical step towards making open source successful in your organization. As companies use more open source software, they are more likely to create an open source policy. For example, according to a recent survey conducted by OpenLogic, 83% of the organizations polled that are currently using more than 25 open source projects have an open source policy, are developing a policy, or plan to create one.

However, many companies aren't aware of the extent of their open source use. As with our programmer, most open source packages are downloaded by programmers, bypassing the normal procurement controls. Enterprises have often dozens to hundreds of open source solutions deployed without an appropriate level of review.

Writing an open source policy will establish a framework for communication between business management, legal teams, IT managers, and developers about how open source will be deployed in their organization. First, a policy can help direct and monitor IT plans by ensuring that investments in IT generate the desired business value and ROI. Second, when a policy is enforced, it will mitigate and manage legal risks including intellectual property infringements and license violations. Lastly, a policy will ensure that companies can continue to meet operational cost and uptime requirements whenever open source is deployed.

You Can't Get Something for Nothing
The first thing to consider when creating an open source policy are the choices your business may face in balancing risk reduction with business demand. For example, though the flexibility, functionality, and quality of open source may help businesses maintain a competitive business advantage; enterprises often consider open source solutions merely to reduce costs.

What business and IT executives need to keep in mind is this: software is software. All software, both open and closed source, comes with responsibilities and requirements that businesses can't ignore. Whether proprietary or open source, management teams must devote resources to developing, deploying, managing, and supporting all of their software assets. Although businesses can cut costs significantly when moving to open source solutions, it's critical to invest in open source governance to avoid unnecessary legal disputes, unexpected costs, or unforeseen operational issues. In other words, you can't get something for nothing. Even though the procurement of open source most often begins with a free download, you need to be vigilant about what software you're using and how it's being used.

How Open Source Software Is Different
Although open source software is "just software," there are a few critical differences you need to consider for governance purposes. First, open source packages carry open source licenses that have unique characteristics. Second, open source packages are typically created by a number of independent authors, which can raise potential intellectual property concerns. Finally, open source is typically procured differently than commercial proprietary software, which may dictate adapting existing processes.

Although the most widely known open source license is the GNU General Public License (GPL), the Open Source Initiative (OSI) has approved over 50 open source licenses. And many free or open source packages use licenses that haven't been approved by the OSI. In either case, legal staff must familiarize themselves with the terms of open source licenses being considered to determine that the license is compatible with the particular use that the enterprise is planning. The enterprise must also put audit and control processes in place to assure that the organization complies with all of the terms of those licenses. There are cases of enterprises paying out-of-court settlements to open source copyright holders due to violations of open source licenses, so license review and compliance is a critical piece of your open source governance plan.

Another major concern of companies using open source is intellectual property violations. Since open source packages are typically created by a number of independent authors, there's some risk that an author might have inadvertently or purposely infringed on another party's intellectual property. There have been a few highly publicized lawsuits or legal actions around intellectual property infringements by open source packages. Although many of those legal actions may be without merit, companies that use open source are concerned about the potential cost of defending these suits. One option for mitigating this legal risk is through indemnification. There are several open source solution providers that offer indemnification for the packages they support, giving clients some financial protection in the case of a legal action.


Published Nov. 27, 2007— Reads 4,759
Copyright © 2008 SYS-CON Media. All Rights Reserved.
About Steven L. Grandchamp
Steven Grandchamp is the CEO of OpenLogic, Inc., a provider of open source solutions that enable enterprises to acquire, support and control open source software. He has over 25 years of experience in the software industry, serving in executive roles at Information Management Research, American Fundware, and was a founding partner of Formation Technologies Inc.

YOUR FEEDBACK
Jeff McCabe wrote: As far as Flash goes... I've been thoroughly disappointed with Adobe since the purchase of Macromedia's wonderful software. With all of these new versions, features, and security protocols, it has become a dead-end app. The entire point of the prgm was to be able to deliver high-end apps over the web with maximum compatibility. Now, with the advent of the latest security protocols, it is nearly impossible to give users access to websites that communicate internally with flash applications. I can't embed a flash app on my organization's webpage because only high-end users will know what to do when the software prompts them to add a URL in their "sandbox." Bah! to Adobe for spoiling good software. Hooray for marketing for stepping up ColdFusion as a solution, though. Which brings me back to Bah! to pricing schemes. I guess that's how Adobe is funding their MM purchase?
anonymous wrote: We have an AJAX app used by 55,000 corporate users all over the world. Never had a problem with Javascript support. Works great.
Michael Avrukin wrote: Have you looked at the SpryFramework from Adobe? It addresses some of the issues you've brought up http://labs.adobe.com/technologies/spry/
Jeff McCabe wrote: I agree that these issues need to be addressed. I think everyone is just waiting for the next person to think of a solution to these issues.
Jeff McCabe wrote: I agree that these issues need to be addressed. I think everyone is just waiting for the next person to think of a solution to these issues.
Shahzad Badar wrote: I think Mr Coach Wei would be right for his points but as he mentioned that 10% browsers stopped javasscript support then why for 10% we should ignore 90%.and if AJAX got attention 10% will be forced to add javascript support as happened with java. second, i think AJAX is going to be matured day by day so developer cummunity will be trying to create such functionalities through AJAX and I think its not a big deed.
Ivan Handler wrote: As someone responsible for creating business applications for state government, I don't see these problems as significant. Many of our applications go through offices where we either control the technology or can specify the requirements for users who wish access to our applications. Making sure javascript is turned on is a fairly mild requirement as is IE 6.0+, FF 1.5+, etc. I think the problems may be more significant for those trying to write pages that are somehow "universal." I am not very sympathetic to this in the first place since the web is already too big to allow for anything approaching that anyway. This is where it is important to know your market, understand how to serve the largest segment you can. There are many people who are going to limit their browsers for a variety of reasons. Accept it and move on. If what becomes available via Ajax (such as all of the G...
obinna kalu wrote: Here is my thought about the first "big" issue raised in this article, that AJAX adopters need to worry about. Firstly, permit me to say the issue does not count as a BIG issue. oh Yes, it is something to consider when choosing to implement an AJAX-style web application. However, it isn't that much of a big issue that should greatly influence the decision whether to do AJAX or not. It is like thinking that, since some % of people do not have computers or internet access then businesses should not bother putting-up e-commerce systems. oh no, sir. Any web app today that is worth spending a dime on, will be doing a deservice to its users if it is not AJAX-style or similar technique (i.e. any that sends across as much client-side code as possible/reasonable - java applet, java app delivered via jumpstart, adobe flex, laszlo etc) and is still doing the old click-and-wait-for-whole-page-reload...
Tal Cohen wrote: The 10% number is entirely not credible. Practically all visitors of that site (w3schools) are developers, who are advanced users that know how to turn off JS by default and enable it selectively where needed (esp. with FireFox extensions that make it trivial). Note that the same stats page specifies that 1 in 4 users browses with FireFox -- how credible is that!?
Tal Cohen wrote: The 10% number is entirely not credible. Practically all visitors of that site (w3schools) are developers, who are advanced users that know how to turn off JS by default and enable it selectively where needed (esp. with FireFox extensions that make it trivial). Note that the same stats page specifies that 1 in 4 users browses with FireFox -- how credible is that!?
Tal Cohen wrote: The 10% number is entirely not credible. Practically all visitors of that site (w3schools) are developers, who are advanced users that know how to turn off JS by default and enable it selectively where needed (esp. with FireFox extensions that make it trivial). Note that the same stats page specifies that 1 in 4 users browses with FireFox -- how credible is that!?
Will Merydith wrote: Your whole issue is wrapped around the 10% that have Javascript turned off? That not number is insignificant in terms of hindering adoption.
Paul Davis wrote: I find it ironic that "10%" of people can turn off JavaScript, but the population as a whole can't figure out how to install a Flash plugin (which is freaking automatic...) because "Techies can do it but i doubt normal computer users will be able to do that" - I hardly think those normal people can turn off JavaScript or even know where/how/what to do to do so. Either it is someone who has a disability and JS simply makes it impossible for them to access the web - or it is corporate IT or it is paranoid throwbacks from early web day geeks. Beyond the accessability issue, it doesn't matter. As for making it accessable, preplanning can do that and it isn't that difficult. Both of your issues aren't relevant enough to pull back on Ajax, especially the 10% turned off javascript line, it is like a sure sign you're position is lacking any real meat.
Robert McDaniels wrote: "Flash is probably somewhere 80%-90% coverage out of box." Do you have any facts or references that support this? "the marketing message from Adobe about 'Flash covers 97% browsers' is not credible, given that no new PC, or browser, comes with Flash" Flash downloads are driven by content. Many of the most popular sites on the web (Google Video, YouTube, etc.) offer Flash content that drives downloads. "you have to download and install Flash on your own. Techies can do it but i doubt normal computer users will be able to do that" The Flash install is approx 1MB, a non-issue for even dial-up users. The install takes place right in the browser in seconds. Some IE users may have to enable ActiveX controls (which the browser prompts them to do). There is nothing technical about installing Flash. Even the authors unsupported estimates of an install base support that it is no problem for...
Derrick wrote: I disagree. Don't worry about the 10% that have JavaScript turned off. Just keep producing compelling new RIA web apps that require AJAX. You got to make the slackers feel like they're being left behind at the train station. That's the only way they'll ever get around to enabling JavaScript and joining the 21st century.
John Stone wrote: Learn English first, then write an editorial.
Agile Ajax wrote: Trackback Added: AJAX and the Network Effect; Via Ajaxian, Coach Wei over at AjaxWorld Magazine has an article expressing reservations about AJAX and what might hinder it's adoption: 1. 10% browsers have Javascript support turned off (see statistics at http://www.w3schools.com/browsers/browsers_stats.asp). It means that 10% users can not
Agile Ajax wrote: Trackback Added: AJAX and the Network Effect; Via Ajaxian, Coach Wei over at AjaxWorld Magazine has an article expressing reservations about AJAX and what might hinder it's adoption: 1. 10% browsers have Javascript support turned off (see statistics at http://www.w3schools.com/browsers/browsers_stats.asp). It means that 10% users can not
Rajgopal wrote: The single biggest problem that preventing wide spread Ajax adoption is lack of simple and complete solutions to build Ajax or Rich Internet applications. This webpage makes fun of the situation and proposes a simple solution. http://www.cbsdf.com/ps_blog/why-other-frameworks.htm http://www.cbsdf.com/technologies/DHTML-Widgets/Widget-samples.htm What do you think?
Becky Gibson wrote: There is work going on the make the Dojo widgets accessible. The Dynamic Web Content Accessibility Techniques (http://www.w3.org/WAI/PF/#roadmap) which provide full keyboard and screen reader support are being applied to the widgets.
ENTERPRISE OPEN SOURCE MAGAZINE LATEST STORIES . . .
By Enterprise Open Source News Desk
Alfresco Software announced that Adobe has implemented Alfresco’s document sharing and collaboration capabilities as part of the file sharing features in Acrobat.com. Adobe chose Alfresco as its content repository for its clustered high-availability, security, and highly capable tec...
By Enterprise Open Source News Desk
Open Systems has announced that TRAVERSE v10.5 has been certified to run on Microsoft's SQL Server 2008 database server. SQL Server 2008 promises a dynamic platform for business-critical applications and enterprise-class data management, and is available in seven editions, ranging from...
By RIA News Desk
qooxdoo is a comprehensive and innovative AJAX application framework. Leveraging object-oriented JavaScript allows developers to build cross-browser applications. No HTML, CSS or DOM knowledge is needed. It includes a platform-independent development tool chain, a state-of-the-art GUI ...
By Prabhu Balashanmugam; Yanbing Lu
Three-letter acronyms (TLAs) are hardly new in Information Technology: EAI, ESB, SOA, BPM, BAM, ETL, MDM; the list goes on and on. This article is about yet another three-letter acronym, EDA, which stands for Event-Driven Architecture. EDA is not a brand new technology, but rather a pr...
By Theresa Bui-Friday
Imagine the CIO of a consumer bank who thinks he is running 50 Oracle databases, but now finds out that in fact he has 100 databases installed behind his firewall. He doesn't have any idea where the other 50 came from. He doesn’t know the name of the vendor(s) supporting them. And he...
By James Irwin
I was shocked. We were in the brainstorming phase of developing a new collaboration portal and the possibilities were flying. It was exciting to see people from many disciplines enthusiastic about working together more effectively through improved communication, document management, an...
SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS
SUBSCRIBE TO OUR RSS FEEDS & GET YOUR SYS-CON NEWS LIVE!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021

SYS-CON FEATURED WHITEPAPERS

MOST READ THIS WEEK
By Maureen O'Gara
By Maureen O'Gara
By Rafael Laguna de la Vera
By Enterprise Open Source News Desk
By Enterprise Open Source News Desk
By John Lilly
By Enterprise Open Source News Desk
By Theresa Bui-Friday
By Dominic Sartorio
By James Irwin
By Maureen O'Gara
By SOA World Magazine News Desk
ADS BY GOOGLE