Many CIOs and IT departments have yet to come to terms with open source and define their relationship to it. On the one hand, the press reports everyday about all sorts of companies saving a bundle with open source. Large players such as IBM and Novell are promoting open source projects and bundles that fit into their product strategy. Frequently the engineering and development staff is already using it to some extent. In many ways, the problem resembles the way that company web sites popped up spontaneously all over the Internet in the mid- to late 1990s.
The question we will address next is how that opportunity can be managed. What rules should govern progress toward greater adoption of open source in an organization? Which sorts of governance models are being used in which types of organizations?
The vast potential of open source comes with a variety of risks that are not present in commercial software. To avoid uncoordinated chaos, these risks must be managed with some sort of governance structure or policy that prevents unmonitored and unauthorized use of open source. This governance structure is generally different from policies that are used to control other technology, for the following reasons:
Open source is free of charge. Anybody can download an open source program and install it without paying a fee—and often they do it without any checks and balances. This means the purchasing ...