Hewlett-Packard released two very interesting web sites last week, fossology.org and fossbazaar.org . While Fossology is a project aiming to develop data analysis tools on FOSS, fossbazaar is more of a portal on FOSS governance and adoption strategy for organizations.
I really like this kind of initiatives, although fossbazaar.org obviously dwells a bit too much on my company’s business. As a result, Ars Aperta will soon invest in the manufacturing and sale of printers, both laser and colour in order to meet HP’s move on its core business. Wait! Who wrote this? Go out of my body, ghost of MS executive! Go!
Of course, I’m kidding. Nobody’s interested in printers. More seriously, there is something both useful and annoying in fossbazaar.org . The site and its content, wether it’s hosted or linking to third-party web sites, is targeted at I.T. managers and executives. It provides them with some strategic insight, makes them ask the right questions (although not all of them). Yet it falls short of being disruptive, in the sense that it does provide the audience with the full picture on FOSS adoption and use inside organizations.
The documents, advices and methodologies shown and advertised on the site are similar for the most part to what Ars Aperta provides its customers with. Yet, fossbazaar.org does only cover a few aspects of a comprehensive strategy for the use and the adoption of FOSS in organizations, namely, the legal risk of adoption and the governance of FOSS usage.
In doing so, it gains the merit of being granular for “checks and balances” but misses the whole context and reasons for adoption and usage of FOSS, let alone the lack of official reasons making up for the rampant use of FOSS by an IT department leaving its CIO and the other executives blissfuly unaware of who uses what in their business. This, in turns, may not be easily solved by the creation of a review board or the setup of adoption and usage policies.
Another aspect of the issue is the different perception of the legal matters for software in the entreprise. In Europe at least, local cultures and business practices create a very different legal environment than in North America. While legal matters are of course taken very seriously, the perception that a software vendor could sue a company that does not compete with it (and thus being a real or a potential customer) is thin, to put things mildly. The legal culture, not to say the legal folklore in Europe is quite different from the one in North America, and litigation does very often set a point of no-return, not just between the defendant and the plaintiff, but also between the plaintiff and the industry at large. You’d thus better have some very sound and strong legal reasons to even consider litigation.
The other reason is the actual business processes surrounding the adoption of FOSS by large or small organizations. In France for instance, most of the Free and Open Source Software is “acquired” or rather enabled through a service agreement between the organization and a service provider. The sale of a software license or a support contract directly from a software vendor is less common. When purchasing such services from medium or large service companies (many of which are French) the customer expects to be legally covered wether directly or indirectly by having a clause written in the agreement or checking that the provider has the adequate insurances or partnerships with software vendors.
What can happen though in large organizations is the realization that FOSS is already in use for several years, and that the CIO’s office is under siege by hungry sales reps trying to sneak around with MS Vista or SharePoint. At that stage situations do, of course, vary. An audit may often be recommended and made, but hardly because of doubts on the legal compliance of the software stack.The audit would assess which Free and Open Source software is being used and the span of its deployment .
You can then either have the setup of a review committee and the drafting of a comprehensive listing of the software being used in the organization, or more simply the payment of official support contracts (either for whole stacks of software or for some packages in particular) to a service provider or a software vendor. But at no point in the process the legal matters involving software licensing were a determining factor for the organization.
What misses from my description is, as I wrote earlier, the whole context that is important for an organization. This page from our website may help you understand our take on these matters more accurately. As long-time practioners as consultants and contributors in Free Software communities, the people at Ars Aperta tend to bring the adoption and use of FOSS into a broader perspective than the legal compliance of and the IP issues related to source code, as important as these matters might be sometimes. We tend to work with our customers on the underlying reasons of their choice, analyzing their needs as well as what the rest of the industry does, and we also focus on their organization’s agenda. Then we can safely proceed along the lines of what is described on fossbazaar.org and according to the customer’s needs.
But now comes the time where I’ll be politically incorrect for a few lines: You can create as many open source review boards you want, it does not mean you will be able to benefit the most from FOSS or that FOSS will be the most effective way to go for your information infrastructure. In short, you have to understand how FOSS projects work and how you can pull some added value from them, and then think on how you can bring them added value. Bringing them added value (i.e. contributing) is a not bad word. It does not even mean investing in them or sponsoring. Sometimes it’s just about talking to the guy in the third cubicle around the corner, who’s contributing to a key FOSS project and has been doing so for several years. Maybe this guy has more knowledge about the source code and the actual benefits of the software, let alone the maturity of the project behind the software than any of your consultants/lawyers/board members have.
I have been contributing to OpenOffice.org for too long to think you can properly evaluate Free and Open Source Software with metrics and methodologies. The numbers just do not make for the whole understanding of the value it might deliver to an organization. This is where Ars Aperta’s Community Relationship Management comes in the picture. What this new “CRM” means is that Ars Aperta can act as the bridge between the FOSS project(s) and the organization in order to allow the two of them to gain a better understanding and create value.
One might think that a client would have nothing to gain from allowing any given FOSS project to create value on its back. But it would have nothing to lose either, and at the time of the relationship economy, having a priviledged relationship with the project or even the company that power your everyday’s business can be a good idea (especially when this part costs you nothing).
Where does this community relationship management fit in the FossBazaar? Not aside the IP analysis of the source code. Such a task can be relevant for M&A, but don’t go to an install party advertising what you’re doing. That would simply show how disconnected you are from FOSS.
And in the end, that’s this kind of problems that surprize me with FossBazaar.org . It’s a great place for theoretical ressources on FOSS governance and management. But it does basically stop at that level. There is nothing that tells you to go out and talk to the projects; worse, it lets you believe you can effectively assess FOSS with ready-made methodologies working with PHP from an obsure floor of your company’s building. I have too much consideration for the people at HP to believe that’s truly how they operate with FOSS. Our world is much more complex, and people at HP are too smart to believe fossbazaar.org is the only way to FOSS governance.
After all, it’s not because I’ve read the Art of War by Sun Tzu several times that I’d be a great general.