We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byGillian Wickersham
Modified about 1 year ago
Multi-Source Development: Enabling Faster, Lower Cost Innovation with Open Source Software Black Duck Software September 22, 2009
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Introduction to Black Duck Software Mission Accelerate time-to-market and reduce development costs by providing products and services for finding, managing and deploying open source software in a multi-source development process, at-scale. Founded in 2002 and backed by top investors Over 600 customers worldwide Partnerships with global leaders
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Agenda Market Dynamics Development Challenges Multi-Source Development Meeting the Challenges: Best Practices Case Studies Summary
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Difficult Times Still Require Innovation Economic slowdown = budget cuts –Global IT spending is shrinking –Between 1/09 and 4/09 Gartner lowered their 2009 Global IT forecast by $270B Still need to innovate –Differentiation to respond to increased competition –Operational efficiencies to continue to execute Challenge: innovate more with less –How to lower the cost and risk of innovation, and accelerate time-to-solution?
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Lowering the Cost of Innovation: the Compelling Economics of Open Source Linux Example: Leverage of 14:1 –Open source community contributes $1.4 Billion –Red Hat spends $100 Million Customer saves 88% of development –19K lines of new code, 140K lines of open source –Savings of approx. $20,000 for every 1,000 lines of code of OSS used “The fundamental economics of software development leads you to open-source software” – David Rivas, Nokia VP for S60 Software “The fundamental economics of software development leads you to open-source software” – David Rivas, Nokia VP for S60 Software
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Potential of Open Source Gartner estimates the impact of open source: $37B in 2009 –Infrastructure Software: $30B –Application Software: $ 7B $77B by 2012: –Infrastructure software: $58 billion –Application software: $19 billion Source: Gartner November 2008
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. The Future of Software is Open Software development has changed forever –Internet, community development & OSS licensing –Componentization and re-use –Agile methods OSS has gone mainstream –85% of enterprises use OSS today –45% of OSS use is Running Mission-critical applications –70% of OSS contributors are corporate developers –Microsoft OSS code repository (CodePlex) Large pool of proven, reusable software –Over 200,000 OSS projects –5+ billion lines of code
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Top 20 Most Commonly Used Licenses in Open Source Projects Source: Black Duck Software Note: The table above illustrates the top 20 licenses that are used in open source projects, according to the Black Duck Software KnowledgeBase. This data is updated daily. This snapshot was taken on September 1, Visit: Top 10 licenses account or 93% of OSS projects Top 20 licenses account for 97% Rank by # of OSS projects using the license
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Development Challenges: What We’re Hearing Goals for reuse/standardization of up to 80%; build / fix / fit 20% Scale – ad hoc use of hundreds of OSS components has led to a management/tracking nightmare Increase agility, velocity of development Desire to take advantage of the benefits of open source but need to have oversight and control –Manual governance, compliance and approval processes are cumbersome/burdensome to developers, prone to error, often ignored $7800/yr to manage OSS components (Source: Black Duck)
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Challenges of Using Open Source at Scale Manual management methods are inadequate, prone to error…when open source usage proliferates –E.g., version proliferation raises complexity and likelihood of errors When managed poorly, use of open source can introduce risks and challenges: –Legal exposure due to unmet license obligations –Security vulnerabilities –Regulatory violations –Unsupported open source –Version proliferation
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved.Copyright © 2007 Black Duck Software, Inc. All Rights Reserved. Confidential and Proprietary. The Story of Cisco’s Software Supply-Chain Developers modified firmware turning a low-end ($60) device into a high-function router The story continues... embedded the code in one of its chipsets used GPL code to customize Broadcom’s standard Linux distribution bought for $500M in 2003 adopted this technology into its WRT54G wireless broadband router Source code made available by FSF accused Cisco of a license violation
Meeting the Challenges
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Multi-Source Development with Open Source is the “New Normal” YOUR COMPANY Software Application Open Source Software Internally Developed Code Outsourced Code Development Commercial 3 rd - Party Code Individuals Universities Corporate Developers Code Obligations
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Meeting the Challenges: Best Practices Best practices fall into three areas: 1.Standardization and reuse 2. Automated Collaboration 3.Compliance
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. 1. Standardization and Reuse Typical Problems –“Don’t know what I’ve got” – difficult to leverage knowledge across teams –Version proliferation –Unnecessary rework Reinventing the wheel when code already exists Seeking approval for previously approved components Best Practices –Create a catalog of approved components to promote/enforce standardization and reuse across the development organization Approval process integrates company policy to increase efficiency Enhance internal catalog with company specific attributes/metadata –Make better decisions early in dev process Automated code search –Automatically track “where used” Improves maintainability Remediating security and quality issues
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. 2. Automated Collaboration Typical Problems: gap exists within development; between development and other functions –Difficult for developers to be on the same page Sharing information, components –Difficult to get legal and other roles on same page with developers –Manual review/approval of OSS components “Status” of OSS review is difficult to know Code approvals taking days/weeks Best Practice: automate key interactions –Automate group interaction Manage and automate complex review/approval processes across multiple roles/functions/groups Capture communication between users during review/approval (Comments, questions, learnings) –Notifications across functions Real time security vulnerability alerts Notification of approved/disapproved components
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. 3. Compliance Typical Problems –Lack of controls on open source use Un-vetted code gets into code base Difficult to validate that approved code is what’s shipped –Risk/exposure from unmet license obligations –Risk/exposure from export restrictions on crypto code Best Practices –Automate component request/approval –Continuous Validation Auto-scan code to identify OSS components and license obligations Integrate into build process to streamline development Integrate into issue tracking (remediation, unknown code, defect/issue, etc.) –Automatic documentation and reporting BoM Show met/unmet license obligation to guide legal/dev staff
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Best Practice #0. Creating and Implementing an Open Source Policy Audit the company code base Evaluate open source use profiles Create open source policy Educate employees Monitor ongoing policy compliance –Trust, but verify Source: Navica
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Samples Contents of A Concise Open Source Software Policy
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Evaluating OSS Projects Current offering (maturity) Project governance Community participation License strategy Ecosystem Features, frequency and number of releases, bug fixes Leadership, structure, charter, goals, strategy Number of participants, activity level, frequency of commits Commercially friendly, viral, dual/multilicense Service, support, extensions, add-ons, training, consulting
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Case Studies –Landmark Graphics –Reliant Security –Attivio –QNX
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Case Study 1: Landmark Graphics Landmark Graphics supplies software to Oil and Gas industry across a broad variety of applications areas OSS Steward monitors policy compliance Prioritize standardization Restructured release process –Uses Black Duck Suite to monitor compliance –PM assumes responsibility for OSS –Remediate if/as violations are found Contributing back in limited cases Result: Rapid adoption of the latest models and technologies, with accurate identification of OSS dependencies
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Case Study 2: Reliant Security Reliant sells PCI compliant in-store systems that include many OSS subsystems. Set a clear policy for OSS use Tuned acquisition policies –OSS first mandate –Prioritized “ilities” –Loosely coupled design Adjusted dev processes –OSS use identified at design –Developer on the hook for provenance Result: Significant customer savings over commercial alternatives
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Case Study 3: Attivio Attivio’s unified information access platform extends enterprise search capabilities across documents, data and media. Result: Have been able to get to get to market faster and focus on true IP differentiators because of OSS. Simple OSS policy that is easy to understand OSS used for commodity architectural components Only using OSS components compatible with a commercial license Maintains a common folder of all approved OSS libraries Uses Black Duck Suite scan reports to prove active governance to sales prospects
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Case Study 4: QNX QNX produces m iddleware, development tools, and real-time operating system software for the embedded market Using OSS for over 15 years, in production products Customers needed a license guide to manage product use Categorize all code components with 3 levels of risk Sensitize developers about use of OSS Use Black Duck to automate creation of license guide and track OSS evolution Publishing their own source for many components (but not as OSS) Result: Have been able to get to get to market faster and take advantages of third party components to broaden portfolio
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Summary The pressure to do more with less is driving development organizations to multi-source development Using open source components at scale brings with it a variety of challenges Companies embracing open source have evolved best practices to tackle the challenges and thereby enjoy the benefits
Copyright © 2008 Black Duck Software, Inc. All Rights Reserved. Resources ROI Calculator –www.blackducksoftware.com/open-source-roi-calculatorwww.blackducksoftware.com/open-source-roi-calculator Search for open source code to reuse –www.koders.comwww.koders.com White Papers (ROI, Agile and OSS, Best Practices) –www.blackducksoftware.com/resources/whitepaperswww.blackducksoftware.com/resources/whitepapers Best Practices for Open Source Adoption with Jeff Hammond, Forrester Research –http://www.blackducksoftware.com/form/ Hv0 6http://www.blackducksoftware.com/form/ Hv0 6
E-Sourcing Today A Perspective on the Role and Scope of e- Sourcing and the State of the e-Sourcing Marketplace.
MDM Strategies for the Global 10,000 Atul Patel Director MDM SAP Asia Pacific & Japan
Managing IT Budgets in Uncertain Economic Times: IT Optimization.
Enabling Technology Innovation using Open Source Software Black Duck Software Tammi Pirri SNHU Presentation.
Compliance Technology Solutions NASACT Presentation Material Robert Garagiola – AERS National Technology Practice January 31 st, 2007.
2/15/ :27:52 PM 5864_ER_HEALTH 1 EPAs SOA Strategy Making a Difference in our Environment WSWG Update November 27, 2006.
Carnegie Mellon University CMUWorks - Staff Council Update March 15, 2012.
Intelligent Risk Management & Compliance Cost Reduction Creating a sustainable risk and compliance organization while reducing inefficiency and improving.
The Importance of Requirements Management. Why Requirements Management? Better project efficiency Better requirements validation More stakeholder engagement.
1 Services. 2 Agenda Overview –Managing the Transitions of The Networked Learning Environment Blackboard Consulting –Who We Are and What We Do Blackboard.
Nicki Sommer Principal Sales Consultant NCOAUG, August 15, 2008 Whats new in release 12 manufacturing?
1 Implementation of Application Portfolio Management Overview July 2006.
Information Technology Management (ITM101) Week 02: IT Standards & Governance Matthew W. Stephan: CISM, CISSP, CGEIT, CRISC, PMP.
Presented to: SOA Brown Bag #12 By: Paul Caron, SWIM T&E Lead Date: December 13, 2011 Federal Aviation Administration System Wide Information Management.
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice The Business Case for Configuration.
Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals.
IP Audit "We're in an object-oriented, outsourced, and open-sourced world, and organizations are anxious to take steps to ensure that the software they.
Start Page 1 of 33 EndPreviousNext © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential – For Cisco and Reseller Use Only Welcome to the.
A sneak peek. About Us IT company specializing in Products, Design & Development Founded in April 2000 Run by a team of IT professionals with diverse.
IBM Rational Requirements Management Tools Achieving better control over your requirements.
Invitation to Join Open Health Tools Draft by Skip McGaughey
World Wide Web Conference May Synopsis Business Cases for using the Web based technology There is an increasing rate of natural convergence between.
© 2016 SlidePlayer.com Inc. All rights reserved.