Open source governance is part of IT governance and focuses on the specific issues related to the acquisition, use and management of OSS, and ensuring it is done in alignment with a company’s stated objectives, policies and risk profile.
In many companies, the use of open source components in IT application development has historically been forbidden, largely uncontrolled or both, but that has not prevented it from being widely used and deployed. Developers enjoy the freedom and creativity of leveraging the abundance of open source code available on the Internet, often without a formal acquisition process. In fact, even with tepid management support, open source has reached a tipping point: in January 2011, Gartner surveyed 547 IT leaders and reported that software deployed by IT organizations has an equal amount of open source and internally developed code. Technology innovators are using 60 to 80 percent open source in their code, and as they realize significantly more benefit from the code, adoption increases.
The difference in open source use represents a large potential reduction of development investment that could be realized as cost savings, but more typically, customers shift that potential – with flat or declining development budgets – to areas that create competitive value. In addition to internal use of open source, most outsource development organizations thrive on the use of open source code, which creates additional entry points and increases the complexity and exposure for Enterprises.
Since open source has traditionally been uncontrolled despite it wide use and deployment, the need for management, visibility and control has grown to the point where formal governance processes are required. Mark Driver, Gartner’s lead analyst on open source, recently reflected on this development: “Open source is ubiquitous, it’s unavoidable…having a policy against open source is impractical and places you at a competitive disadvantage.” In fact, Gartner predicts that “by 2014, 50 percent of Global 2000 organizations will experience technology, cost and security challenges through a lack of open source governance.” The urgency is growing for management to catch up with the reality of how software is built today.