More and more is being written about governance and license compliance and open source. The FUD of lawsuits continues unabated. Simon Phipps has an excellent post on trying to break out of the conversational frame that some use around compliance and governance.
One of the difficult problems is providing people a frame to understand which questions may be important for them to consider. In discussions several years ago, colleagues and I were trying to put together some form of open source maturity model so we could help clients understand where they were and what they needed to do next. We got caught wrestling with previous frames of reference like Golden’s OSMM and ideas like the Software Engineering Institute Capability Maturity Model. But it didn’t matter how we started the discussion, we rapidly realized there was no step that graduated to a next step. We all knew counter examples to any ordering we applied.
We had our epiphantastic moment when we stopped trying to order things on a spectrum of “growing” experience and instead treated open source participants based on what they were doing. It’s a Venn diagram, not a linear spectrum (or a two-axis quadrant). People fall into one of three groups with respect to what they do with open source:
Many people and organizations sit in more than one group. It’s a Venn diagram with overlapping circles.
If you think about the actions (make, use, buy) from a single software project’s community then Makers are clearly Users of the software in the communities in which they participate. If you think about the actions from a single organization’s perspective then a User of the open source software may also be a Buyer. There are situations where IT shops buy Red Hat servers for production, but work with Fedora or CentOS servers in development and test. A Maker of one project may be a User of a different project, and a Buyer of a solution in different place again.
The distinction of Make, Use and Buy, however, allows an organization to think about what are the right questions for things like governance and license compliance. As Simon points out, license compliance only becomes important if you’re distributing software, i.e. you’re a maker of something. Even then it’s very license dependent. Using the Make-Use-Buy idea as a positive framing, an organization can organize its relationship to open source projects based on appropriate activities. The centre for open source activities becomes a centre of knowledge to save time and money, rather than a policy centre to avoid improbable lawsuits through burdensome practices.
Imagine an intranet open source software resource centre that has a simple structure:
Open source software as a re-use strategy (“use”, “share” and “borrow”) in conjunction with traditional “buy” versus “build” economics is a powerful strategy for solutions development in any organization. Understanding how one interacts with different projects and products adds clarity to the strategy and gives people the relevant guidance and framing they need when thinking about solutions. Frame the discussion right and it becomes a force for positive change.
Stephen is the Technical Director of the Outercurve Foundation, a not-for-profit foundation with the goal of bringing software developers and open source community members together to participate in open source projects.
Stephen has worked in the IT industry since 1980 as both customer and vendor. He was most recently a consultant on software business development and open source strategy. His customers included Microsoft, the Eclipse Foundation, the Linux Foundation. He's an adviser to Ohloh (acquired by SourceForge), Bitrock, Continuent, and eBox.
He organized the agenda, speakers and sponsors for the inaugural Beijing Open Source Software Forum as part of the 2007 Software Innovation Summit in Beijing. Stephen was VP Open Source Development Strategy at Optaros, a business manager at Microsoft on open source, and VP R+D and founder at Softway Systems, a venture-backed company that developed a UNIX portability environment for NT before being acquired by Microsoft. He was a long time participant and officer at the IEEE and ISO POSIX standards groups, representing both USENIX and EurOpen (E.U.U.G.) and a regular speaker and writer on open systems standards since 1991.
His personal blog: Once More unto the Breach.
Follow Stephen on Twitter @stephenrwalli