Open source projects continue to become increasingly prevalent, and while most would likely agree the United States is leading the push behind the trend, it’s important to note the technology is spreading across the globe. There’s certainly lots of media coverage pertaining to how open source software is being created and used in the United States and in Europe. But the practice is also becoming more and more popular around the globe, so we thought it’d be a good time to take a look at trends relating to open source around areas of the world that don’t receive as much publicity, including Asia and Africa.
Speaking at OSCon in Portland, Oregon earlier this year, engineers Minwoo Park and Sungju Jin spoke about trends evident in the East Asian open source community, consisting of China, South Korea and Japan. Open source is a relatively new phenomenon in this area of the world, and the speakers estimated the Asian open source community is roughly a decade behind the United States.
While Japan and South Korea boast vibrant economies and open Internet, China faces a variety of barriers for open source adoption, including piracy, language and the fact the Chinese government censors a lot of the Internet. Despite those barriers, there is positive momentum for open source, the men said.
In order for the community to continue growing—and there’s a lot of potential, with a substantial percentage of the world’s population living in the area—the U.S. open source community needs to be open minded about cultural differences and also patient with language barriers, the men said.
According to software developer Raindolf Owusu, there are isolated pockets of expertise when it comes to programming in Africa. But they work independently, competing rather than collaborating. In addition to making it harder for these programmers to work together on a large project, such competition leaves the door open for well-organized foreign teams to come in and compete effectively.
Owusu envisions Africa as an open source community, with programmers from all countries working together as professionals for the greater good.
There is no doubt there is interest in open source in Africa. For example, the Society in Africa for Free and Open Source Software (SAFOSS)—which seeks to create a vibrant community there—has more than 21,700 likes on Facebook. In addition to that, earlier this year the Egyptian government announced it was beginning a transition to open source software in order to reduce expenses. Furthermore, the West African Health Organization (WAHO) recently partnered with other organizations in the area in an effort to improve health information systems with the use of open source technology.
“The absence of accurate, readily available health information is one of the greatest challenges in West Africa,” says Professor Kayode Odusote of the WAHO. “Using open source technologies to foster innovation, adaptability and ownership of health information systems can save countless lives.”
On the quest to maximize flexibility and productivity, development organizations are increasingly turning to Agile practices and the use of open source software (OSS). Agile methodologies certainly fosters collaboration among teams, which leads to rapid development and lower development costs. A recent survey showed that 85% of respondents felt that Agile increased productivity and 79% said it resulted in a faster time to market. Using OSS can speed up development as well. Instead reinventing the wheel, developers find solutions to their problems with readily available code. It would seem that Agile and OSS go hand in hand to increase developer productivity.
Open Source Software Adoption Process
With the increased use of open source software comes an increase in the number of organizations that are implementing an automated Open Source Software Adoption Process (OSSAP), to make open source license management more accurate and efficient. Adding an OSS license management layer to existing development processes may seem like a daunting task, but there are simple ways to integrate the essentials of OSSAP into existing Agile practices.
Making OSSAP Agile
Since most Agile processes already feature most of the product development cycle in the sprints throughout development, it makes sense to execute OSSAP practices throughout development as well. Dealing with licensing concerns as they occur will allow the end product to be free of license violations and will allow your team to meet their deadlines.
- Define an OSS license policy – Before managing the OSS your team brings into your product, it is necessary to put an OSS license policy in place. Development managers, executives and legal counsel can all be involved in the creation of the policy, which defines the types of OSS packages that are acceptable or unacceptable for use in the organization. Comprehensive policy creation usually follows the following steps:
(1) Establish “types of uses”, i.e. tools being used in development of code that will not be distributed vs. deliverable code that will be distributed.
(2) Defined acceptable licensing terms for each of these types.
(3) Define the list of acceptable licenses for each type, based on step 2.
(4) Build a catalog of projects used, and make sure that they follow the policy. This can also be done iteratively, in each sprint.
Any OSS content detected at future points in development will be compared against this policy. The policy should also include what steps need to be taken if a policy violation is detected.
- Sprint planning/code approval – The easiest way to avoid licensing violations is to prevent them from occurring in the first place. At the beginning of every sprint, or in preparation for the next sprint, developers can request OSS packages for pre-approval. After examination of the package and consultation of the licensing policy, it can be approved or rejected by a stakeholder before it is even brought into the project.
- Day-to-day development/real-time analysis - As developers are assembling code, various automated tools can be used to monitor OSS usage and check for violations. Tools are available to scan code at the developer's desktop as code is brought into their workstation or every time code is checked into a library. Any code that is not pre-approved will be flagged. Detecting a license violation as it occurs can reduce the effort involved in correcting it.
- End of sprint/build analysis – at the end of every sprint, code can be analyzed to make sure it complies with the licensing policy and is free from license violations. This scan should be included as part of the done criteria for the sprint.
- End of release/final analysis – as the release is completed final scan can be performed to double check that no violations will ship with the final build and can scan any artifacts that may not have made it into the developer’s work station to be scanned. A bill of materials detailing all OSS and third party content can be included with the final build.
Managing open source licenses does not need to be an arduous task. Catching OSS license policy violations as they arise will cut down on the time and cost involved in fixing the issues and will help get products into the market faster. Using preventative processes and the appropriate tools lets you reap the benefits of Agile and OSS, while keeping your OSS license policy in check.
To learn more watch our webinar on managing open source software in an agile environment.
…in this week’s open source news
Can We Charge For GPL Licensed Code?
Yes. We Can! But then again Tech Republic felt they had to give an in-depth answer to the question “Can you charge fees for software licensed under the GPL”. We said it before and Tech Republic agrees with us.
OSS Gaining Ground At The Department Of Defense
The need to cut costs and share information are a few of the driving factors behind the increased adoption of open source software at the US Department of Defence (DOD). Like a growing number of government organizations, the DOD believes OSS will provide the scalability and reliability they need. They give a pretty convincing reasoning here.
Is TrueCrypt Truly Open?
There are questions arising over the open source hard disk encryption software, TrueCrypt. A publicly-funded independent group is evaluating the security aspects of the implementation since the source code is available- that is the good news. But there are serious concerns about the license, which is NOT one of the many approved by OSI. Simon Phipps of Infoworld has a good critique of the subject here.
The Case For Open Source Security
In another story around the security of open source vs. proprietary code, a recent security patch in the open source VistA EHR software added another win to the open source side. Find out how open collaboration helped uncover and patch a major security issue here.
Making Android More Secure
I guess we are feeling rather insecure these days. On the topic of open source security, Google has added Android to its recently announced vulnerability bounty program. Caroline Donnelly of IT Pro has a good review here.
Protecode Compact Is Product Of The Week
Protecode Compact (the most recent release of which came out recently) was featured in last week’s Network World Products of the Week. See the article here and view a quick overview video here.
As infotainment systems are destined to become standard in automobiles of the future, car manufacturers are becoming increasingly aware that such systems will compete against the consumer electronics market, with comparatively inexpensive smartphones and tablets serving as viable alternatives to that technology. Some infotainment systems sell for as much as $2,000, and because they essentially serve the same function as a smartphone, drivers are likely to be hesitant to spend that much money, according to Rudolf Streif, director of embedded solutions for the Linux Foundation.
In order to save money, car manufacturers are turning toward open source solutions—like Linux—to serve as the foundation on which infotainment systems can be built.
“You are essentially leveraging an $11 billion investment which is available at no royalty cost to you,” Streif explains.
Car manufacturers are increasingly turning toward open source software packages because they provide 80 percent or more of the functionality necessary to enable features like real-time video from cameras mounted on cars, connectivity, telephony and address book management. While there are some concerns amongst manufacturers regarding quality assurance and open source license compliance, Streif believes such problems can be easily overcome.
“Successful transformation from closed-industry ecosystems with proprietary software solutions to Linux and open source have happened with enterprise computing and communications carrier industries before,” Streif says.
Looking ahead, Streif sees the future of the automobile as an exciting one thanks in part to the embracement of open source solutions. Imagine a windshield turning into a night-vision display in order to enhance visibility once the sun goes down. Or the integration of your calendar and navigation systems so that your car automatically drives you to your next appointment. Should you be running late because of traffic, the system might then suggest you send an email to let your contact know you’re running late. Such possibilities come that much closer to reality when open source solutions are integrated into the automobile industry.
Healthcare costs continue to rise, and forward-thinking decision makers across the industry are constantly on the lookout for innovative solutions that can help curb costs while increasing productivity. With this in mind, decision makers in the healthcare industry are experiencing a shift away from proprietary software and are instead embracing open source solutions in order to provide cost-effective, customizable business tools. Such tools protect secure data and provide the flexibility necessary to remain successful in a complex business landscape.
In the United States, the Department for Health and Human Services (HHS) recently incentivized the creation of electronic medical records (EMRs), which provide complete profiles that empower patients to take on an active role in their health. Such EMRs give patients and doctors better access to information. Due to the fact that they are so basic yet so vital, electronic files containing the medical history of patients are the building blocks of the healthcare industry. The HHS envisions the increasing prevalence of EMRs as one way in which to improve the quality of healthcare in the country. The United Kingdom is also taking steps to open source their EMRs.
In the past, healthcare providers were hesitant to development and maintain EMRs because doing such was only possible through costly proprietary software. But with the introduction of open source solutions in the industry, price is no longer a barrier.
Open source software is vendor-neutral, which means that businesses can switch vendors whenever they want to without having to change software. It also means that the software is constantly being developed and improved upon, so decision makers do not have to worry about more innovative solutions coming to the market. In addition to vendor neutrality, business owners that deploy open source solutions stand to benefit from the fact that open source solutions allow for EMRs to easily be shared amongst different providers and different departments within a single business. Open source solutions are also highly customizable, so providers that employ them can set them up to meet unique business needs.
Because open source code can be written, edited and built upon constantly, it is likely healthcare providers can find themselves with software that was written by a variety of coders. Such software might have multiple licenses associated with it. As the code changes hands, it’s important for companies to stay on top of that licensing by employing best-in-class open source software license management solutions. Such solutions ensure that missions-critical solutions deployed across a company are being used correctly, giving decision makers the peace of mind knowing their operation can continue running smoothly.
…plus more in this week’s open source news
Is Anti-Piracy An Oxymoron?
Amid recent reports of license violations on the healthcare.gov site, it turns out that the code used on the websites of two vocal anti-piracy groups, the Recording Industry Association of America (RIAA) and the British Phonographic Industry (BPI), was in violation of the MIT license- specifically failure to retain the copyright notice required by the MIT license. More here.
Clearing Up Cloudy Licensing Language
Open source licensing can be confusing. Simon Phipps wants to clear up some of this confusion by changing some licensing terms. He proposes describing licenses by the level of reciprocity involved. So instead of “copyleft”, “weak copyleft”, “permissive” and so on, terms such as “reciprocal”, or “file-scoped reciprocal”, or “non-reciprocal” labels could be used to describe licenses. So much more clear, right? Read the full story here.
When to Pay for Open Source Support
Should you pay for open source support, or should you rely on the (free) open source community for support? Factors such as differences between communities that form around different open source products, fear of failure, regulatory issues and licensing concerns, and the cost and time involved with supporting the product in-house come into play. A good article from Linux Insider outlines the considerations.
Crowdsourcing OSS Development
Bribe.io has come up with a cute idea: having OSS users pay developers to fix bugs and add new features to their favourite open source software. The users can vote on which features they want to see by adding to the sum being offered to develop it. Read the full story here.
Open Source Leads To Innovation
According to Werner Vogels , the CTO of Amazon, open source code has “quality that rivals, or in some cases, is actually better than commercial software.” Also, he echoes the sentiment that open source code allows start-ups to focus on innovation. See his full statement here.
Facebook Opens Up
So, how do you search a database of content and metadata from more than 1.2 billion users? With a big, fat database query engine called Presto. Facebook has open sourced the code for Presto and hopes that by making the code available, other data driven organizations (guess who) will adopt and help refine it. Here’s the story and you can find the code for Presto on GitHub.
Though it’s been around for quite some time, in the past, businesses had been skeptical of adopting open source solutions due to concerns about safety, perceived lack of support and simply because that wasn’t the way things were done. But these days, open source solutions are becoming increasingly popular as decision makers realize that they stack up strongly—if not better—than their proprietary counterparts and often cost considerably less, if anything at all.
According to recent research, investment in open source projects shot up 49 percent from 2010 to 2011 from $452.8 million to $674.9 million. In 2008, there were 1.2 million open-source related software jobs in the United States. That number is projected to increase to 1.47 million by 2018. These trends all indicate that the future is bright for open source.
Open source products are developed by a community, and because of that, any security vulnerabilities or bugs in the code get patched quickly, as many different sets of eyes are looking at it. Whereas in a proprietary environment, upgrades happen at the company’s pace, the open source community can be rabid at times, fixing problems that sprout up seemingly in real time.
According to the 2013 Future of the Cloud survey, more than 60 percent of respondents said open source is driving innovation, particularly in the cloud, big data and mobile sectors. In a recent interview, Michael Skok of North Bridge Venture Partners explained why the future of open source technology is increasingly optimistic.
“I predict that open source will continue to lead innovation in all the major areas where software is advancing and it will therefore continue to take more and more of the significant component of value that would have been traditionally assigned to proprietary solutions,” Skok said. “If I were to get aggressive about this prediction, I think we’ll see major traditional proprietary vendors … having to pay more attention to open source both as a source of innovation and as the new model for development and delivery of their software or risk becoming laggards.”
Because of the amount of minds working on it, some would argue that open source is simply better quality than proprietary. Open source also provides freedom from vendor lock-in and flexibility with the ability to scale at little cost. It is because of these reasons that open source projects continue to gain interest and momentum, forcing proprietary vendors to begin to rethink their strategies in order to remain competitive.
With open source software becoming increasingly prominent—according to a 2013 North Bridge Venture Partners survey, 62 percent of respondents believe more than half of the software acquired in the business world will be open source in five years—no company is immune from having to deploy open source management solutions.
The recent news that the United States federal government didn’t use proper open source licenses in the code for the Accessible Care Act’s virtual exchanges goes to show that no matter the size of an organization, best-in-class open source software license management is needed in order to prevent such an instance from occurring.
Which is precisely where the Protecode Compact comes into play. Released in September, the open source software license management solution offers policy-based deep scanning accuracy, granting businesses the freedom to not have to worry about manual license tracking.
While the solution is a great match for small- to medium-sized businesses, it’s also perfect at the large enterprise level, where the decision-making process can be very slow, but open source software license management can be an urgent matter in the case of product launches or mergers and acquisitions. Enterprises can choose to adopt the solution for a single department, allowing budget approval to move much faster. And once other departments see its benefits, companies can seamlessly evolve it to the System 4TM scalable enterprise solution.
By employing the Protecode Compact across the enterprise, significant cost savings can be realized. The use of a single solution also means support is easier, as you’re dealing with one product instead of several. And that one product means standardized reporting formats, meaning interoperability is not an issue.
Are you a decision maker at the enterprise level looking for a solution that effectively manages open source licenses? Click here to learn more about the Protecode Compact.
Just because open source software is freely available doesn’t mean that it’s part of the public domain.
This is according to attorney Mark Radcliffe, who serves as general counsel to the Open Source Initiative. When asked whether public domain software was indeed open source, Radcliffe said it was not.
“Truly public domain software is no longer protected by copyright, thus it cannot have a license which would impose the terms necessary to comply with any of the open source licenses,” he said.
Generally speaking, software in the public domain and open source software differs as follows: All versions of open source software are freely available, whereas software that starts off in the public domain can eventually become proprietary software. Public domain software does not hold a copyright, and open source software generally contains a license that gives permission for use, duplication and redistribution of the software. Software that has been made public, is not Public Domain software and still belongs to its writer (the default copyright owner) unless it is specifically declared as Public Domain software (actually, released under a Public Domain license).
While some will undoubtedly continue to argue that public domain is open source and vice versa, it appears licensors of open source software would debunk that sentiment.
One must look no further than Jacobsen v. Katzer, where the appellant, Robert Jacobsen, alleged that Matthew Katzer had infringed upon his open source code that was freely available for download on his website. Jacobsen said that Katzer’s company violated the licensing agreement when using some of that code for its own commercial product.
The courts ultimately ruled in Jacobsen’s favor, deciding that “copyright holders who engage in open source licensing have the right to control the modification and distribution of copyrighted material.” What does this mean? That inside the framework of this decision, those who license open source software can rest assured that their copyrights will be enforced. This ruling separates their work from that of the public domain.
Following the settlement, Katzer and his company, Kamind Associates, ended up having to pay Jacobsen $100,000, money that wouldn’t have had to be spent if the company tested its product’s open source license compliance. It appears as though one of Katzer’s employees had used some of Jacobsen’s code unbeknownst to the rest of the company. By performing an open source license compliance check on the company’s software before it was released, it’s possible the whole lawsuit could have been avoided.
Learn about more court cases invloving open source license infringement.
And other stories in this week’s open source news…
SPDX Adoption Grows
The Linux Foundation’s SPDX Workgroup announced that U-Boot, a popular open source boot loader for embedded devices is adopting the standard to simplify their capture of license information. They also announced the release of version 1.2 of its Software Package Data Exchange (SPDX) standard at LinuxCon Europe this week.
Understanding Increasingly Intricate License Compliance
As open source adoption grows and difficulties around licensing nuances increase, Jim Zemlin of the Linux Foundation believes that more lawyers with technical knowledge are needed. The growing complexity of open source licensing was a hot topic at LinxuCon Europe this week. Aside from more technically knowledgeable lawyers, standardizing copyright agreements could make license compliance easier for companies using open source in their products. Companies could also implement a list of open source licenses that are approved (also known as a licensing policy) for use in their organization and only use projects with listed licenses. Read the full story here.
Fail Whale Hunting With Open Source
Also at LinuxCon Europe this week, Twitter’s head of open source computing, Chris Aniszczyk, discussed how Twitter used open source to upgrade its infrastructure to better handle service disruptions (or fail whales, as Twitter calls them) and save money. Aniszczyk said that open source “is where you find the best software these days”, while also stating the importance of giving back to the open source community. Read more here.
Healthcare.gov Remains Open
Before the launch of healthcare.gov, the Department of Health and Human Services declared that it would be “open by default” and the code would be released on Github. After the rocky launch and some license compliance issues, the front-end code was on GitHub until Monday when it was pulled due to influx of complaints, much of them dealing with the closed back-end code. But developers quickly put a forked version of the code back on GitHub, so users can still suggest improvements to the code. Read the full story here.
Even More Proof of Open Source in the Enterprise
India-based IT service provider Wipro has seen an increase in the adoption of open source software among its enterprise clients. The increase is seen most strongly in the big data arena, where open source tools like Hadoop and Cassandra are gaining a lot of traction. They are also seeing the growth of open source in data analytics. Read the full story here.
Neuer Artikel von Protecode …
Protecode had an article published in ELEKTRONIKPRAXIS on the importance of including a license in your open source project. Read “Verwenden Sie fremde Software nie ohne Lizenz!” here.