Open Source Insider

Oct 4 2011   11:34AM GMT

The open source code “provenance” audit concept

Adrian Bridgwater Adrian Bridgwater Profile: Adrian Bridgwater

Tags:
audit
Code
Components
License
License management
Open data
Open source
OpenLogic

Proprietary software vendors like to scaremonger over the use of open source software. They like to highlight the “inherent dynamism” that exists in open source libraries that are exposed to community development at all times.

These vendors also typically enjoy the chance to talk down open source’s “unsuitability” to certain work processes, which will necessitate static code libraries for reasons relating to compliance and governance.

Although licensed commercially supported versions of open source software almost always exist to satiate and satisfy the needs of the above, the fact remains that proprietary vendors talk down open source software.

But organisations have become much more proactive in recent years in auditing their code at the end of the development process to ensure open source license compliance — and as licensed open source code itself increases in usage, companies will need to examine their software at a more granular level to be able to pin down exactly where the code and components themselves have originated from.

So logically the software industry itself has developed tools to uncover the provenance of code and provide a means of auditing data and content throughout. One example in this space is OpenLogic, a company that produces its OLEX Enterprise Edition to enable development teams to scan code in an open source project and identify only the code or components that originated elsewhere.

In short, this software is designed to ensure the identification of all of the bundled projects, licenses and obligations of any open source software in usage.

According to OpenLogic, “Today, many enterprises are moving to audit open source code when it first enters the development process. In addition, many enterprises are beginning to release their own code as an open source project. In both situations, enterprises need a way to quickly audit an open source project to determine the provenance of the code and all licenses involved.”

Will this shut the proprietary vendors up a little? No, I doubt it don’t you? — Will this help the general adoption of open source software at the enterprise level? Let’s hope so right?

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: