The risks of using FOSS

The Software 2008 show within Interop 2008 in Las Vegas, Nevada, this week was well attended. Approximately 18,000 attended, according to the Interop powers-that-be. (I think that this number was real considering the salmon-run from the hotel into the convention center each morning and the crowds during lunch. This reinforces my belief that Las Vegas is back as a technology industry destination.)

I was suffering from a nasty cold, but I enjoyed speaking on the “Open Source Governance: Recognizing & Dealing with the Risks of Free Software” panel. There were around 50 people in the audience, mostly from IT, development, and legal spheres of influence. It goes without saying that audiences expect content directly related to the title and description of the panel. Several audience members left when the discussion moved towards open source benefits and did not focus on the risks.

Free and open source software (FOSS) provides incredible economic, productivity, technology/IP and many other benefits. However, if FOSS proliferation is not managed properly, it can lead to legal, technical, and/or organizational issues which can have negative consequences for a business. An increasing number of companies have recognized these realities and are adopting processes, technologies, and expertise to both foster and govern the use of FOSS within their companies.

Any discussion of FOSS risks should include a prominently highlighted caveat that when risk management is done right, it is straightforward, not disruptive, and not expensive. It’s just part of the FOSS adoption process in all organizations, enterprises in general, and especially publicly held companies.