Hewlett-Packard Co. announced an IT governance initiative and tools to help companies address the potential legal,...
financial and security risks involved in the adoption of free and open source software (FOSS).
HP, which distributes and contributes to the open source community, collaborated with other software vendors and the Linux Foundation to develop tools and management guidelines for open source software in a company's overall IT plan. This contribution of intellectual property is based on seven years of internal development and includes processes, policies and tools, the company said. The initiative is designed to "eliminate the barriers to adoption of open source software," said Christine Martino, the vice president of HP's open source and Linux organization.Open source runs rampant
"Across IT there is more free and open source software and middleware being deployed than ever, and it is here to stay," said Martino. "Open source software is different than traditional proprietary software, and most people don't know how much they have embedded in their hardware. Most IT governance processes don't contemplate free and open source software, so you aren't managing it."
"Users have uniformly told us that they don't know how much open source software they had, and their guesses were significantly lower than what they actually had," Martino said.
HP gave an example of a recent customer that had three times as many FOSS licenses as originally estimated -- 75 licenses rather than 25. This left customers with a choice: implement governance policies to allow the safe use of FOSS, or replace the software at an estimated cost of $80 million.
"There is a significant benefit for enterprises to understand how much of this software they have and be able to manage it. Companies are running huge risks -- financial and otherwise -- by not knowing what open source software they're using and therefore not knowing what license obligations and security violations come along with it," Martino said.
Companies adopting free and open source software have the opportunity to save money and improve their ability to operate by understanding the licensing requirements of their programs. Adopting appropriate governance measures will also ensure proper compliance, reported Eben Moglen, the founding director of Software Freedom Law Center in a statement from HP.
HP's FOSS contributions
HP has developed governance processes through open source tools and best practices to manage software on any server platform -- HP's servers or otherwise -- and started two online open source communities where services for IT governance will be provided, Martino said. The new tools are called FOSSology and FOSSBazaar.
FOSSology is based on the tools HP uses to manage its own internal use of free and open source software. It addresses deployment issues such as the acquisition, tracking and licensing of FOSS. FOSSology can help users discover FOSS and related licenses within IT organizations. The tool set is free and downloadable from FOSSology.org for immediate use under the General Public License (GPL) version two.
FOSSBazaar is part of a collaborative effort by the Linux Foundation and software vendors including Coverity Inc., DLA Piper, Google, Novell, Olliance Group LLC, OpenLogic Inc. and SourceForge Inc. FOSSBazaar provides online resources including white papers, self-assessment tools, blogs and discussion groups where users can share information, Martino said.
HP has been the top provider of Linux-based systems for nine years straight, according to the Framingham, Mass.-based research firm IDC. HP took the reins on the initiative "to be viewed as a leader and trusted adviser in the open source community" and to help break down barriers to Linux adoption, Martino said.The Open Source Health Check
Customers can extend and complement the content available from FOSSBazaar with HP Open Source Health Check services. In addition to creating a snapshot of current FOSS usage, the services assist customers with analyzing FOSS management and reducing the risk associated with it.
The HP Open Source Health Check includes the following:
- the Open Source Management (Governance) Workshop guides cross-organizational audiences through issues surrounding how to manage open source in the enterprise;
- the Open Source Exploration Service uses the HP FOSSology tool to discover open source components in legacy applications;
- the Open Source Governance Assessment Service provides gap analysis of existing open source management practices and industry-acknowledged best practices and recommendations to address these gaps; and
- the Open Source Total Cost of Ownership Analysis Service uses an HP-developed model to assess the cost benefits of moving to FOSS.
FOSSology and FOSSBazaar are completely free, but HP refused to issue pricing for its Health Check Services, which vary depending on the service.
Let us know what you think about the story; email Bridget Botelho, News Writer.
Also, check out our news blog at serverspecs.blogs.techtarget.com.