Maximizing Open Source Compliance with Package Pre-Approval
As open source software matures, organizations have gone from asking should we use open source, to how do we best manage open source adoption and compliance?
Controlled adoption of open source and other third party software includes avoiding package proliferation, maintaining control of the quality, understanding known open source security vulnerabilities, and managing compliance with license obligations.
The Starting Point: An Open Source Policy
As an initial measure many organizations have, at the very least, implemented an open source policy. The policy regulates the open source governance process, and covers topics such as who the stakeholders are within the organization and outlines acceptable attributes such as open source licenses and communities.
An open source policy also includes a workflow for requesting and approving open source packages that can be used in specific projects or within the whole organization, and defines the course of action once an open source policy violation is suspected.