Presentation is loading. Please wait.

Presentation is loading. Please wait.

Multi-Source Development: Enabling Faster, Lower Cost Innovation with Open Source Software Black Duck Software September 22, 2009.

Similar presentations


Presentation on theme: "Multi-Source Development: Enabling Faster, Lower Cost Innovation with Open Source Software Black Duck Software September 22, 2009."— Presentation transcript:

1 Multi-Source Development: Enabling Faster, Lower Cost Innovation with Open Source Software Black Duck Software September 22, 2009

2 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Introduction to Black Duck Software Mission Accelerate time-to-market and reduce development costs by providing products and services for finding, managing and deploying open source software in a multi-source development process, at-scale. Founded in 2002 and backed by top investors Over 600 customers worldwide Partnerships with global leaders

3 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Agenda  Market Dynamics  Development Challenges  Multi-Source Development  Meeting the Challenges: Best Practices  Case Studies  Summary

4 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Difficult Times Still Require Innovation  Economic slowdown = budget cuts –Global IT spending is shrinking –Between 1/09 and 4/09 Gartner lowered their 2009 Global IT forecast by $270B  Still need to innovate –Differentiation to respond to increased competition –Operational efficiencies to continue to execute  Challenge: innovate more with less –How to lower the cost and risk of innovation, and accelerate time-to-solution?

5 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Lowering the Cost of Innovation: the Compelling Economics of Open Source  Linux Example: Leverage of 14:1 –Open source community contributes $1.4 Billion –Red Hat spends $100 Million  Customer saves 88% of development –19K lines of new code, 140K lines of open source –Savings of approx. $20,000 for every 1,000 lines of code of OSS used “The fundamental economics of software development leads you to open-source software” – David Rivas, Nokia VP for S60 Software “The fundamental economics of software development leads you to open-source software” – David Rivas, Nokia VP for S60 Software

6 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Potential of Open Source Gartner estimates the impact of open source:  $37B in 2009 –Infrastructure Software: $30B –Application Software: $ 7B  $77B by 2012: –Infrastructure software: $58 billion –Application software: $19 billion Source: Gartner November 2008

7 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. The Future of Software is Open  Software development has changed forever –Internet, community development & OSS licensing –Componentization and re-use –Agile methods  OSS has gone mainstream –85% of enterprises use OSS today –45% of OSS use is Running Mission-critical applications –70% of OSS contributors are corporate developers –Microsoft OSS code repository (CodePlex)  Large pool of proven, reusable software –Over 200,000 OSS projects –5+ billion lines of code

8 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Top Programming Languages Used By Open Source Projects (Share is calculated based on lines of code) Source: Black Duck Software. Note: The table above illustrates the top languages used in open source projects. This data is updated daily. This snapshot was taken on September 1, Visit: 80% of open source is C, C++, Java, Shell and JavaScript Of the top 5, only JavaScript is gaining in share – up over 2 points Overall static languages losing share to dynamic languages

9 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Top 20 Most Commonly Used Licenses in Open Source Projects Source: Black Duck Software Note: The table above illustrates the top 20 licenses that are used in open source projects, according to the Black Duck Software KnowledgeBase. This data is updated daily. This snapshot was taken on September 1, Visit: Top 10 licenses account or 93% of OSS projects Top 20 licenses account for 97% Rank by # of OSS projects using the license

10 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Development Challenges: What We’re Hearing  Goals for reuse/standardization of up to 80%; build / fix / fit 20%  Scale – ad hoc use of hundreds of OSS components has led to a management/tracking nightmare  Increase agility, velocity of development  Desire to take advantage of the benefits of open source but need to have oversight and control –Manual governance, compliance and approval processes are cumbersome/burdensome to developers, prone to error, often ignored  $7800/yr to manage OSS components (Source: Black Duck)

11 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Challenges of Using Open Source at Scale  Manual management methods are inadequate, prone to error…when open source usage proliferates –E.g., version proliferation raises complexity and likelihood of errors  When managed poorly, use of open source can introduce risks and challenges: –Legal exposure due to unmet license obligations –Security vulnerabilities –Regulatory violations –Unsupported open source –Version proliferation

12 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved.Copyright © 2007 Black Duck Software, Inc. All Rights Reserved. Confidential and Proprietary. The Story of Cisco’s Software Supply-Chain Developers modified firmware turning a low-end ($60) device into a high-function router The story continues... embedded the code in one of its chipsets used GPL code to customize Broadcom’s standard Linux distribution bought for $500M in 2003 adopted this technology into its WRT54G wireless broadband router Source code made available by FSF accused Cisco of a license violation

13 Meeting the Challenges

14 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Multi-Source Development with Open Source is the “New Normal” YOUR COMPANY Software Application Open Source Software Internally Developed Code Outsourced Code Development Commercial 3 rd - Party Code  Individuals  Universities  Corporate Developers Code Obligations

15 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Meeting the Challenges: Best Practices  Best practices fall into three areas: 1.Standardization and reuse 2. Automated Collaboration 3.Compliance

16 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. 1. Standardization and Reuse  Typical Problems –“Don’t know what I’ve got” – difficult to leverage knowledge across teams –Version proliferation –Unnecessary rework  Reinventing the wheel when code already exists  Seeking approval for previously approved components  Best Practices –Create a catalog of approved components to promote/enforce standardization and reuse across the development organization  Approval process integrates company policy to increase efficiency  Enhance internal catalog with company specific attributes/metadata –Make better decisions early in dev process  Automated code search –Automatically track “where used”  Improves maintainability  Remediating security and quality issues

17 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. 2. Automated Collaboration  Typical Problems: gap exists within development; between development and other functions –Difficult for developers to be on the same page  Sharing information, components –Difficult to get legal and other roles on same page with developers –Manual review/approval of OSS components  “Status” of OSS review is difficult to know  Code approvals taking days/weeks  Best Practice: automate key interactions –Automate group interaction  Manage and automate complex review/approval processes across multiple roles/functions/groups  Capture communication between users during review/approval (Comments, questions, learnings) –Notifications across functions  Real time security vulnerability alerts  Notification of approved/disapproved components

18 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. 3. Compliance  Typical Problems –Lack of controls on open source use  Un-vetted code gets into code base  Difficult to validate that approved code is what’s shipped –Risk/exposure from unmet license obligations –Risk/exposure from export restrictions on crypto code  Best Practices –Automate component request/approval –Continuous Validation  Auto-scan code to identify OSS components and license obligations  Integrate into build process to streamline development  Integrate into issue tracking (remediation, unknown code, defect/issue, etc.) –Automatic documentation and reporting  BoM  Show met/unmet license obligation to guide legal/dev staff

19 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Best Practice #0. Creating and Implementing an Open Source Policy  Audit the company code base  Evaluate open source use profiles  Create open source policy  Educate employees  Monitor ongoing policy compliance –Trust, but verify Source: Navica

20 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Samples Contents of A Concise Open Source Software Policy

21 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Evaluating OSS Projects Current offering (maturity) Project governance Community participation License strategy Ecosystem Features, frequency and number of releases, bug fixes Leadership, structure, charter, goals, strategy Number of participants, activity level, frequency of commits Commercially friendly, viral, dual/multilicense Service, support, extensions, add-ons, training, consulting

22 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Case Studies –Landmark Graphics –Reliant Security –Attivio –QNX

23 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Case Study 1: Landmark Graphics Landmark Graphics supplies software to Oil and Gas industry across a broad variety of applications areas  OSS Steward monitors policy compliance  Prioritize standardization  Restructured release process –Uses Black Duck Suite to monitor compliance –PM assumes responsibility for OSS –Remediate if/as violations are found  Contributing back in limited cases Result: Rapid adoption of the latest models and technologies, with accurate identification of OSS dependencies

24 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Case Study 2: Reliant Security Reliant sells PCI compliant in-store systems that include many OSS subsystems.  Set a clear policy for OSS use  Tuned acquisition policies –OSS first mandate –Prioritized “ilities” –Loosely coupled design  Adjusted dev processes –OSS use identified at design –Developer on the hook for provenance Result: Significant customer savings over commercial alternatives

25 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Case Study 3: Attivio Attivio’s unified information access platform extends enterprise search capabilities across documents, data and media. Result: Have been able to get to get to market faster and focus on true IP differentiators because of OSS. Simple OSS policy that is easy to understand OSS used for commodity architectural components Only using OSS components compatible with a commercial license Maintains a common folder of all approved OSS libraries Uses Black Duck Suite scan reports to prove active governance to sales prospects

26 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Case Study 4: QNX QNX produces m iddleware, development tools, and real-time operating system software for the embedded market  Using OSS for over 15 years, in production products  Customers needed a license guide to manage product use  Categorize all code components with 3 levels of risk  Sensitize developers about use of OSS  Use Black Duck to automate creation of license guide and track OSS evolution  Publishing their own source for many components (but not as OSS) Result: Have been able to get to get to market faster and take advantages of third party components to broaden portfolio

27 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Summary  The pressure to do more with less is driving development organizations to multi-source development  Using open source components at scale brings with it a variety of challenges  Companies embracing open source have evolved best practices to tackle the challenges and thereby enjoy the benefits

28 Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Resources  ROI Calculator –www.blackducksoftware.com/open-source-roi-calculatorwww.blackducksoftware.com/open-source-roi-calculator  Search for open source code to reuse –www.koders.comwww.koders.com  White Papers (ROI, Agile and OSS, Best Practices) –www.blackducksoftware.com/resources/whitepaperswww.blackducksoftware.com/resources/whitepapers  Best Practices for Open Source Adoption with Jeff Hammond, Forrester Research –http://www.blackducksoftware.com/form/ Hv0 6http://www.blackducksoftware.com/form/ Hv0 6


Download ppt "Multi-Source Development: Enabling Faster, Lower Cost Innovation with Open Source Software Black Duck Software September 22, 2009."

Similar presentations


Ads by Google