What managers don’t know about their developers using open source components

In Jeffrey Hammond’s recent article on Dr. Dobb’s (What Developers Think, January 16, 2010), his survey results highlighted something we have known for some time based on the developers and companies that we talk to:
Managers don’t know everything their developers are using or doing.
His survey showed that:

  • 80% of developers say they use open source components for development or application deployment
  • 40% of managers/executives say their companies use open source software

Only half the managers know what their developers are doing? Now, combine this with the Gartner 2008 survey that claimed 85% of companies are using open source. So we know, even based on our own Google Analytics reports that show us that most Fortune 1000 companies are coming to our site and downloading free community software from us, that most companies ARE using open source components.
Why the disconnect?
It could be the legally naïve or simply inexperienced developer that is finding cool technology that is free and open source and integrating it into proprietary company software. They may think they’re doing their company a favor by being able to work faster because they didn’t have to build something from scratch. They can use components that are already built by smart developers in the community. Moreover, they may be patting themselves on the back for sourcing it for free in this budget-conscious economy. Why bother telling your manager when you’re under pressure to get things done faster, cheaper and you don’t want your job outsourced? To the developer, open source == fast, good, and free. That’s it.
What’s the danger?
The article points out some of the first instances of using open source components, such as operating systems and databases. However, the #1 open source infrastructure tool used by developers (57%) is open source programming languages (such as Python, PHP, Perl, Ruby). And most developers wouldn’t think about proper licensing of a language or extensions used in application development. After all, open source == free, right?
Not necessarily. License terms often let you use it for free for certain types of applications. But once you start distributing your application to customers or partners, you’re not covered or within your rights.
Plus, you’re opening yourself up to legal risk for being sued for copyright or patent infringement from community contributors. And the bigger the company, the deeper the pockets, the bigger the risk.
Knowing is Half the Battle
Some developers are already aware of ensuring proper licensing for any 3rd party component added to their software. But managers need to ensure they know when any open source component is being added to their company software. Whether that software is used internally or sold to customers, managers and executives can then make the decision on proper licensing.
Where to Start
Various companies, including commercial vendors like ActiveState, provide tools to “sniff out” open source or commercial open source components that may be included in your software. Start there. Then talk to the commercial vendors and your lawyers about covering yourself with proper licensing.

Recent Posts

Tech Debt Best Practices: Minimizing Opportunity Cost & Security Risk

Tech debt is an unavoidable consequence of modern application development, leading to security and performance concerns as older open-source codebases become more vulnerable and outdated. Unfortunately, the opportunity cost of an upgrade often means organizations are left to manage growing risk the best they can. But it doesn’t have to be this way.

Read More
Scroll to Top