5 Steps for a Winning Open Source Compliance Program

Transcription

1 5 Steps for a Winning Open Source Compliance Program Kellan Ponikiewicz Peter Black Duck 2013

2 Speakers Peter Vescuso EVP of Marketing Black Duck Software Kellan Ponikiewicz IP Counsel Nuance Communications 2 Black Duck 2013

3 Agenda Market Trends Open Source at Nuance 5 Steps for Open Source Compliance Automating Open Source Management Q&A 3 Black Duck 2013

4 Software is eating the world. Marc Andreessen Black Duck 2013

5 and Open Source is increasing its appetite Black Duck KnowledgeBase 5 Black Duck 2013

6 Open Source is Ubiquitous By 2016, at least 95% of IT organizations will leverage nontrivial elements of open-source software technology in their mission-critical IT portfolios, including cases where they might not be aware of it an increase from 75% in Black Duck 2013

7 Open Source is Ubiquitous Open source makes up 30% or more of the code at major G2000 organizations 7 Black Duck 2013

8 Why is Open Source Important? 8 Black Duck

9 Open Source at Nuance Nuance Communications, Inc. All rights reserved. Page 9

10 Approximately 12,000 full-time employees Worldwide headquarters in Burlington, MA FY 2012 non-gaap revenue was ~$1.7 billion Nearly two-thirds of Fortune 100 companies rely on Nuance solutions The 8 largest handset and 10 largest auto makers use Nuance solutions Nuance solutions have shipped in more than 5 billion mobile phones and 70 million cars At Nuance, everything we do is focused on developing the most human, natural, intuitive ways to use your voice to take command of information Nuance Communications, Inc. All rights reserved. Page 10

11 Open Source at Nuance Nuance primarily uses open source in the following ways Development Release of sample code Integration with popular platforms Nuance Communications, Inc. All rights reserved. Page 11

12 5 Steps to Follow for Putting a Program in Place 1. Assess the business case for an open source program 2. Gain the support of upper level management 3. Determine the type of system needed 4. Outline a policy and general open source process 5. Communicate and train Nuance Communications, Inc. All rights reserved. Page 12

13 The Business Case for Regulating Open Source Sales Methods and Product Type(s) Typical Development Practices Industry Best Practices Nuance Communications, Inc. All rights reserved. Page 13

14 Getting Management Buy-In Buy-In depends a large part on identifying the risks posed by not acting Sales Process & Product Type Development Practices Industry Best Practices Customer Indemnification Requests Open Source Platform Development Stringent Security Requirements Customer Open Source Usage Requests Business Requirement to Contribute Reputation in the Open Source Community Nuance Communications, Inc. All rights reserved. Page 14

15 Open Source and Security Secure software development has many components, at least the following can be accomplished in part through open source governance Understand your Software Regular scans provide insight into code content Protect Sensitive Information Ensuring that developers follow open source guidelines can protect company trade secrets Develop Software with Secure Features Secure Software Development Education Use of open source software may introduce security issues Educating employees about open source can improve compliance with policies and procedures Nuance Communications, Inc. All rights reserved. Page 15

16 Determining the Appropriate System Not every system is the same. Putting in a manual system can be onerous. Black Duck can assist in determining the right type of system to put in place. Considerations when determining the appropriate system. Available personnel IT infrastructure Scope of proposed program Budget Nuance Communications, Inc. All rights reserved. Page 16

17 Policies and Process and Communication and Training Policies and Procedures Black Duck has services that can help with this Communicate New System Company-wide communication Train Relevant Employees Typically employees have pre-conceived notions about open source, it is often important to address this head on Nuance Communications, Inc. All rights reserved. Page 17

18 Policy Considerations Permitting code licensed under particular licenses is not a robust open source strategy, other items to consider Business need to use particular components or develop on particular platforms Attractiveness of products having certain functionality The propensity for open source projects to fork Nuance Communications, Inc. All rights reserved. Page 18

19 Black Duck Helps Dev Teams Build Better Software Faster with Open Source Discovery Management Empowerment SCANNING ACQUISITION COLLABORATION MATCHING APPROVALS VISIBILITY SECURITY CATALOGING METRICS ANALYSIS AUDITING OPTIMIZATION ASSESSMENT MONITORING INTEGRATION 19 Black Duck 2013

20 Black Duck offerings rest on the world s largest database of project code information Discovery Management Empowerment 1 MILLION PROJECTS 6000 SITES 2200 LICENSES 20 Black Duck 2013

21 The Black Duck Suite provides a complete solution for managing open source BLACK DUCK SUITE AUTOMATED GOVERNANCE AND COMPLIANCE WITH DEEP LICENSE DATA Discovery Management Empowerment 1 MILLION PROJECTS 6000 SITES 2200 LICENSES 21 Black Duck 2013

22 MANAGEMENT DEVELOPMENT The Black Duck Suite integrates with the application development lifecycle BLACK DUCK SUITE AUTOMATED GOVERNANCE AND COMPLIANCE WITH DEEP LICENSE DATA APPROVALS Who, When, and How. RISK Assessment COMPLIANCE Assessment AQUIRE Find, Evaluate, and Select w/knowledgebase MONITOR License, Vulnerability, Version, Approval AUDIT License, Vulnerability, Version, Approval FULLY AUTOMATED COMPLIANCE DEVELOP e.g., Eclipse CI + BUILD e.g., Rational, Git, Maven RELEASE Internal / External 22 Black Duck 2013

23 Audit services - a quick, cost effective way to obtain essential information for business decisions Open Source M&A Internal Security Code Quality 1 MILLION PROJECTS 6000 SITES 2200 LICENSES 23 Black Duck 2013

24 Questions? Webinars