Open Source Software Compliance: How Hughes Systique has imbibed Open Source into its DNA

Introduction

Open-source software has evolved as an important component of the development strategy of Hughes Systique, a global technology solutions provider. Open Source Software (OSS) during its development journey has garnered many scrutinizers, critics, followers, and adopters. Nevertheless, a wide range of OSS can deliver high quality, feature-rich solutions that address specific business needs.

OSS offers many compelling advantages for businesses from radically lowering costs, faster to market, to boosting productivity and enhancing competitiveness.

This white paper seeks to answer the following questions:

• Define what is meant by open source software (or simply “open source”)
• Highlight the Present Challenges faced in using Open Source Software
• Highlight how HSC has overcome Open source software Problem

Evolution of Open Source Software

Open Source Software refers to the source code that is available for use, modification, and distribution with the original rights, as defined by the Open Source Initiative (OSI). OSS may be freely installed, used, modified, copied, and distributed. There is no initial purchase fee, nor are there any ongoing fees for continued use. With over 78 % of the companies running on Open Source Software, it will not be incorrect to say that most of us are living in an Open Source World. The OSI open source definition calls for Open Source Software to:

• Allow the redistribution of the solution and manuals, including the source code
• Allow the solution to be modified in part or in full and be used in other solutions
• Permit the integrity of the Author Source Code and prevent discrimination against persons, groups or fields of endeavor
• Not be specific to a product – allow for redistribution of the software through manual and automated processes without the need for additional licenses
• Not restrict other software that is distributed along with the licensed software

Business Challenges in Implementing OSS

For implementing an efficient OSS development environment, HSC realized that it was also required to establish the following criteria:

• A clear Open Source Software policy and an efficient governance process that allows for timely and well-informed decisions
• The Open Source approval process for evaluating licensing issues and software obligations before using any OSS
• A dedicated team within the organization involved in the process
• Automation tools that allow the process to scale

Often fear, uncertainty, and doubt are major factors that come in mind when a company first considers using Open Source Software. A recent survey of open source users by Gartner revealed that despite the rapidly accelerating adoption of open source software – more than double of what it was five years ago only one-third of organizations have a corporate policy to govern the use of OSS. HSC had to overcome the additional challenge that involved clarifying the following situations that were created in the minds of organizations regarding the use of Open Source Software:

1. Increase in ongoing cost: Certain organizations assume that ongoing cost is a problem in using OSS. They believe that maintenance and support costs for open source products tend to be higher than vendor-designed products.
2. Lack of adequate support: They may also think, that they will not get adequate support because open source depends on the community to resolve and fix issues, the issue is addressed when the community has the time to review the problem.
3. Need for more manpower: They might think that they need more manpower for managing Open Source Software including things like license ambiguity/litigation etc.

At HSC, one of the major challenges faced was Scan Methodology i.e. the code scanning and report sharing needs to be done using HSC approved tool on a monthly basis to ensure OSS Compliance. Another major issue faced at HSC was the absence of a knowledge base.

To overcome these issues, people either avoid using Open Source Software or in certain cases development teams have generally been neglectful when it comes to ensuring that the open source components, they use in their products meet basic security standards. As discussed before, they, in turn, start behaving like an Ostrich by orchestrating the Head in the Sand Phenomenon. The best approach with regards to Open Source Software is to use it efficiently and manage it properly. As the saying goes:

The risk of open source software lies not in the usage of open source, but in its management.

HSC Approach to Overcome the Challenges:

HSC overcame the challenge of using Open Source Software in the following ways

1. Implementing an Open Source Software Policy:HSC has a well-defined, documented and approved Open Source Security Policy. This policy clearly defined the scope, objectives as well as also the roles and responsibilities without any ambiguities.
2. Approved Open Source Components:Over a period, HSC Project Teams managed a repository of Approved Open Source Components hence making it easier for New Projects to incorporate approved components to achieve faster project execution.
3. Training and Documentation:HSC has always ensured that employee training and education is carried out on a regular basis. This is essential for compliance and acceptance of open source policies and procedures

4. Open Source Compliance Team (OSCT):HSC has established a cross-functional open source compliance team, which continuously reviews and updates the open source software policy. There is also a dedicated team for maintaining open source software

5. Timely Reporting:HSC has an Open Source Software Scan report review scheduled Bi-monthly. As per the discussions in the meeting, the necessary actions are subsequently taken as and when required.

Outcome

HSC implemented the Palamida (now known as Flexera) software which helped ensure that the open source software could be used more efficiently as part of a company strategy to achieve a faster time to market and increase innovation. By using open source in a well-managed way, HSC could focus its internal resources on developing valuable new features for their customers.

Because of its proven economic and productivity benefits, open source software in the enterprise is here to stay. The good news is that open source provides critical functionality to developers, and is free to download, examine, and modify. Also, common security bugs can be identified and remediated early in a project life. However, adopting OSS without considering several key aspects including license obligations, user experience, security and operational sustainability (support, availability of software patches/updates, etc.)  may lead to unnecessary dependencies both from a business as well as a technology perspective.

Business Benefits

By automating OSS governance policy with the Palamida software, HSC could achieve numerous business benefits. Some of them are listed below:

• Accelerated time to market by automating management and review of open source software
• Increased compliance through developers selecting and using safe, tested and compliant code
• Reduced rework to the software by identifying license obligations early in the development process

References

1. Palamida
2. History of free and open-source software
3. Software is meant to be free.’ A Brief History of Open Source
4. SAP Quietly Builds on Long History with Open Source Software