Can you Lather, Rinse, and Repeat Your Way to Open Source Compliance?

This humorous and timeless phrase references a set of instructions that, if taken literally, would result in an endless loop of repeating steps, at least until you run out of shampoo or patience!

Some days, when I talk with prospects, this is how they feel when it comes to their open source compliance efforts.  Does it really have to be an endless set of policies, procedures,  and audits?  Much like the phrase above, you have to apply some rational thought and human intervention to the overall process, and the steps you take along the path.

Those of you who have been in software for any length of time, recognize the feeling that development efforts are never-ending.

When describing the software business to non-technical friends, I tell them the good news and the bad news of software are the same:  it is never done.

It is a great way to innovate, and an excellent business model, but you must learn to manage expectations, milestones and feedback along the way or you or will quickly become disillusioned.

I was reminded of how true this concept remains in Larry Obrien’s recent column entitled, Map Reduce Turn by Turn.

The premise is really quite simple.  Start with an initial effort whether it is a pass through your Big Data set, a new version of a software product, or your open source compliance efforts.  Think of this initial effort as  the “Lather” step.

After that first pass (Map), review the data set (Reduce), summarize, and draw some initial conclusions from the data. 

These steps are repeated as you learn more about your data and environment.  As Larry points out in his article, Map/Reduce is really Map and Reduce, then Map some more, Reduce some more, and so on until achieving a reasonable or desired result: the proverbial “Rinse and Repeat.”

Take open source licenses as an example.  “Map” them out, and you will see lots of variety, and also lots of commonality.  Your first “Reduce” step may be to categorize these items, e.g., “copyleft” or “permissive.”  You could then create a set of initial policies based on those categories.  As you learn more about the licenses you have via code scans and audits, you learn more about their effect on our compliance activities.  That triggers additional mapping activities, followed by additional reduce activities.

The key is to remember that your ultimate compliance goals will emerge from a series of incremental steps along a continuum.  It is perfectly OK to work from a good starting point, and then incrementally improve along the way, based on your goals and experiences.

I would love to hear about your experiences along the way as you “Lather, Rinse and Repeat” your way to your open source compliance goals.


Copyright © 2013 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022