Automated tools streamline OSS governance, promote policy adoption
As part of the new OSS usage policy, O-Soft officials implemented Black Duck, Synopsys’ solution for open source compliance management. “Black Duck was known industrywide, and due to the volume of code we had to deal with, we knew that we needed an automated solution,” Hattori explains.
Black Duck automatically scans, discovers, and identifies the provenance of software code by integrating with other existing development tools. The valuable information obtained from Black Duck scans helped the committee to get buy-in from corporate stakeholders. And “backed by some members of the committee who turned into ardent advocates, we got a critical boost in promoting the new policy among developers,” she adds.
“We have many overseas subsidiaries, so it was difficult to know where software was developed and whether it contained OSS. Thanks to Black Duck, it became much easier to determine where unintended OSS is used. The risk of license infringement has been reduced significantly,” Hattori says. Black Duck scans are now required before products ship.
A knowledge-sharing approach ensures developers understand usage policies
Software development within each product line is subject to different standards. So the OSS usage guidelines for each group were customized to reflect these standard requirements, such as appointing a person to be responsible for OSS oversight, inspecting outsourced software for unintended OSS, and so on. To facilitate the sharing of these standards internally, O-Soft created a corporate knowledge database called the OSS Knowledge Site. The site includes report formats, guides, templates, and materials to be used for in-house education on OSS usage guidelines.
The OSS Knowledge Site, accessible to developers across Olympus, provides licensing information, use cases, and solution information about corporate OSS usage. The company also provides training materials to promote dissemination of the corporate policy among overseas subsidiaries.
Training and education are key to compliance
O-Soft’s advice for companies navigating the development of OSS usage policies is to start small, with the goal of expanding compliance throughout the organization. Training and education are also key, according to Asari and Hattori. “It is very important to understand each team’s skills and take a down-to-earth approach. For example, sales and those who are not acquainted with software may not even understand what open source is, so it has to be explained. It is also very important not to just end up emphasizing risks, because that can discourage the use of OSS. While developer support is essential, if you can also involve marketing, sales, and call center agents in training activities, you can propel OSS governance,” Hattori says.