Picking the right open source projects

As usage grows, so too does your responsibility to minimize risk when selecting products and using source code

As open source usage becomes mainstream, it's important to ensure you're working with a product your company can rely on in the future and that the use complies with open source licensing. That's not as easy as it sounds: Open source support provider OpenLogic reports more than 330,000 open source software packages for enterprises to choose from. Finding the appropriate open source project, with the right license and the assurance of a viable future for the project, can be difficult.

Selecting the correct open source product

OpenLogic certifies and provides direct support subscriptions for more than 500 of these open source packages. Its criteria include a viable community, well-understood licensing, documentation, and active maintenance by the project leader.

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

But others can help narrow your open source options. For example, new to the open source project evaluation arena is SOS Open Source, an automated methodology from open source strategist Roberto Galoppini. His tool enables companies to determine the level of risk associated with any given open source software. SOS Open Source uses 24 metrics and information collected from open source project directories, forges, and meta-forges.

Galoppini says that SOS Open Source is keenly focused on the project strength, measured by the stability and maturity of the project and whether the project is backed by a predictably viable community. Related to the quality of community, Galoppini's methodology also measures the level of community or vendor support available. Finally, the methodology attempts to rate the possibility of project evolution, whether by the current project committers or third parties.

Ensuring compliance with open source licensing

But what if your developers are already using open source without your knowledge? Well, there's an app for that. Among others, Black Duck Software, OpenLogic, and Protecode offer services that can crawl through your enterprise and report on the use of open source software. In fact, these vendors can even crawl through the source code in your internally developed applications to ensure that open source libraries or code fragments are not being used in contravention of their associated licenses.

If your company hasn't already set an open source usage policy, there's no better time than the present to start down that path.

Follow me on Twitter at SavioRodrigues. P.S.: I should state: "The postings on this site are my own and don't necessarily represent IBM's positions, strategies, or opinions."

This article, "Picking the right open source projects," was originally published at InfoWorld.com. Read more of Rodrigues et al.'s Open Sources blog and follow the latest developments in open source and mobile computing at InfoWorld.com.