I learned something new in our recent Alfabet Portfolio Playbook webinar, “Playing it Safe with Open Source Software.”
I learned that, with “free and open-source software” (FOSS), “free” has nothing to do with cost. Obviously, I wasn’t the only one who didn’t know this, because my colleague felt it necessary to explain in the webinar.
“Free” pertains to “freedom” and is the tenet upon which open source software is based. The Free Software Foundation (FSF), founded in 1983 as a nonprofit “with a worldwide mission to promote computer user freedom,” describes these as the freedom to:
- Run the program as you wish, for any purpose
- Study how the program works, and change it so it does your computing as you wish
- Redistribute copies so you can help your neighbor
- Distribute copies of your modified versions to others
So “free” doesn’t mean no-cost, although there really are no license costs – one of the big benefits of FOSS. Yet, there can well be costs if an organization isn’t careful in its use of FOSS. Wide use and poor governance of free software throughout an organization can carry risk, like these:
- Legal risk: Copyright issues, patent claims, commercial distribution limitations.
- Security risk: Due to widespread knowledge of source code.
- Low standardization: Different departments might use different software to accomplish similar goals.
That FOSS carries legal risk with it was also new to me. There are many and varied licensing conditions associated with free software and you need to understand the implications of these when deploying and managing the software or you could be putting the organization at risk.
So usage of free software needs to be planned and managed just like any other software - also for the purpose of standardization to avoid the cost of inefficiency. Enterprise architecture management aims to streamline the IT landscape for agility and cost-efficiency. This needs to be done for non-licensed as well as licensed software.
The webinar advocates applying technology portfolio management techniques to FOSS to:
- Document license types, terms and conditions; organizational usage guidelines and component threats
- Evaluate planned and current usage
- Approve usage in application and project architectures through an appointed authority such as an open source review board
Then you can enjoy the freedom from risk. But freedom does have its price – mostly effort – like most good things in life.