RealTime IT News

HP Launches Open Source Governance Initiative

HP is among the biggest backers of Free and Open Source Software (FOSS) in the world. As such they've developed their own best practices and tools to help their customers understand what Open Source licenses their applications contain as well as helping to maintain compliance with the terms of the various licenses.

In a set of new initiatives HP is now taking its experience and its open source license governance tools and open sourcing them in an effort to raise awareness and build a broader community for open source governance.

"Open Source is unavoidable today and a lot of developers are bringing it into the enterprise in some cases without a lot of visibility from other folks that would normally evaluate a contract," Karl Paetzel, worldwide marketing manager for HP's Open Source and Linux Organization, told InternetNews.com. "So instead of doing something under the radar we're helping to institute a resource to help make sure development is in line with company guidelines."

The new effort includes the FOSSology project which will help identify what open source licenses are being used and the FOSSBazaar community which will focus on best practices. Paetzel noted that among HP's own customers they've found that many typically have more open source applications in use then they thought and they also have more license obligations than they were aware of.

"We've got a lot of experience in FOSS governance and started to get more questions," Paetzel said . "Things like 'I don't know how much open source I have' or 'we don't know what our license obligations are'. So we started offering services based on our own experience and we've had some interesting engagements."

Paetzel noted that a key part of governance is first identifying what open source code is being used as well as identifying all the various licenses associated with it. As an example Paetzel commented that the OpenOffice.org (OOo) office suite primarily uses the LGPL license though there are numerous others as well including the MIT license.

"It's difficult for our legal folks to figure it all out so we have tools to automatically identify what's included," Paetzel said.

The FOSSology tools project Web site is the open source instance of HP's tools. The site itself was soft launched several weeks ago to allow HP's research partners access. Letting others work with HP's tools is a key goal of the effort. Paetzel explained that since the FOSSology project is about having an extensible framework, the fact that it's open will enable others to expand it in ways that HP itself had not thought off.

The FOSSBazaar effort

The second effort being launched by HP is the FOSSBazaar effort, which will actually be run as a workgroup within The Linux Foundation. HP has already solicited the participation of Coverity, DLA Piper, Google, Novell, Olliance Group, OpenLogic and SourceForge to join the effort.

"FOSSBazaar we feel will house the discussion around policies and best practices," Paetzel said. "I think the discussion for this is going to be more business, legal and procurement people."

The issue of Open Source compliance has become a hot one recently with the Software Freedom Law Center (SFLC) bringing legal suits on behalf of developers against a trio of companies including Verizon that were not in compliance. Paetzel noted that HP has had its share of compliance related issues and that's where their tools have helped them.

"At HP when dealing with OEM development partners there have been cases where we comply but some partners haven't," Paetzel said.

The GPL license changes made to the code are supposed to be contributed back to the community. In the case that Paetzel noted, the OEM partner had made modifications but had not contributed the changes back to the community as the license demands.

"Our process uncovered the issue and we informed them," Paetzel.

He added though that in one case a partner refused to contribute their changes back because they said the changes were proprietary. HP didn't end up using that particular partner's product and as such HP avoided a situation where it could have been out of compliance.

The openness of the FOSSology and FOSSBazaar projects is also why Paetzel doesn't see any particular competitive threats. There are a few vendors including Black Duck and Palamida that currently offer services related to license governance and identification. Paetzel noted that anyone is able to get involved in FOSSology or FOSSBazaar if they want too.

"They are more than welcome to contribute and really this is about raising awareness that will help everybody use open source, " Paetzel said.