System design with open-source software has many advantages. Most notably among them is that development organizations can build systems faster, more flexibly, and more economically by tapping into this vast, free resource (Editor's note: Embedded.com offers its own library of open-source software).
In this economy, it's difficult to conceive of a scenario where anyone would start a development project with the plan to write it entirely from scratch. Numerous examples of open-source components including databases, kernels, stacks, report generators, XML parsers, utilities, tools, and platforms are available. They're free and can easily be combined with other code to bring a system to market faster and more cost effectively. Developers can easily find code just using Google or by searching specialized sites such as Koders.com, a search engine for open-source code.
Although using open-source software can lower schedule risk and development costs, there are challenges. These include security vulnerabilities, complying with license obligations, version-control issues, code leakage, export regulations, and other policy issues. These challenges all represent significant business risks. Organizations confronted with the unmanaged use of open-source code are often ignoring the problem (“don't ask, don't tell”) or relying on manual code reviews and potentially lengthy audits to ensure that a code base is compliant.
Development organizations must have robust processes to ensure that open-source use is managed appropriately to avoid discovering issues at release time or worse, after a product ships. Developers need to create a partnership between software engineers and purchasing, IT, security, legal, product management, and other internal groups, that all have a stake in code development. Furthermore, code must be regularly audited to discover unapproved code that leaks into the code base through undocumented “cut-and-pastes” and other forms of unmanaged reuse. The manual methods for implementing best practices (filling out forms, maintaining lists, manual code review) are extraordinarily time consuming and present an artificial veneer of risk mitigation. Automation can help and there are several third-party solutions that can help streamline processes.
With development staffs and budgets squeezed, automated systems offer process efficiencies that can help a team plan a development project from the beginning with the assumption that open-source code will be used and successfully manage the integration of code from many sources into a coherent and compliant system. By automating the management of open-source code, system-development organizations can cut costs and meet schedule targets while adhering to strict policies, protecting the organization's investment, and delivering results, all while managing the very real risks and issues associated with open-source software.
Eran Strod is the director of product marketing for Black Duck Software. He also manages the Koders.com site, a search engine for open source. Strod can be reached at .