Enterprise Open Source Governance and Scanning Tool

Need for an Open Source Scanning tool and the RFP template to select the most effective tool

In the previous article (link), we discussed ‘what is Open Source Software (OSS)?’, ‘why it is important for your enterprise?’, and ‘what are the operational risks posed by OSS?’

By this point, you have hopefully started using OSS extensively in your enterprises, and we will focus on the steps needed to effectively manage OSS, including setting up of an Open Source Program Office / Open Source Review Board (OSRB), Governance Framework and Scanning Tool.

Open Source Program Office (OSPO)

OSPO is the “central place where all open source activities are handled for consistent communication inside/outside the company.” — HP Open Source Governance (link).

It is an interdisciplinary team involving IT, Legal and Procurement with the following scope:

• Drive vision and support for Enterprise OSS adoption.
• Define and evolve the OSS Governance / Compliance framework.
• Maintain inventory of pre-approved OSS tools and components.
• Review and approve (or deny) new OSS tools and licenses.
• Provide internal support on OSS usage and implementation projects.
• Develop OSS Competency by evangelizing OSS capabilities and…