Black Duck Blog

Eran Strod
Director of Product Marketing
estrod@blackducksoftware.com
If you manage a large software organization, should code reduction be the first bullet in your 2010 strategy?

According to Finnish computer scientist Jussi Koskinen, the cost of software maintenance can account for >50 to >90% of an overall software development budget. With code bases doubling every seven years, maintenance is the budget buster of software development.

So a 200 person software organization, that pays developers $100,000 per year, is spending $20M annually on software development. $10M to $18M of this is devoted to code maintenance. Each 1% reduction in the size of the code base represents $100,000 to $180,000 of resources that you can cut from the budget or devote to higher-value added endeavors.

Code reduction can be achieved by taking the following steps:
1. Inventory every software component of every project including versions (there are automated solutions that will do this efficiently and accurately)
2. Publish this inventory in an internal catalog so that globally distributed teams can collaborate better
3. Remove redundancy (i.e., multiple versions of the same code, or different versions of the same component, etc.)
4. Task the architecture team with finding opportunities to standardize around common components
5. Replace proprietary (internal) components with open source thus sharing maintenance with external communities
6. Institute an approval process that controls software component adoption so that projects are managed with judicious guidance and oversight. There are automated solutions for this as well. Workflow automation can also help lighten the load of robust processes.

With concerted effort and a strategic outlook you can enable your resources to achieve more with each dollar invested in software development. In one real-world case, a development organization found that they were using nine different databases. They worked with project teams to reduce this to three, enjoying a significant reduction in maintenance overhead. How much redundancy do you think exists in software organizations?

Peter Vescuso
Executive Vice President of Marketing and Business Development
pvescuso@blackducksoftware.com
InformationWeek’s Serdar Yegulalp makes the case that ‘outing’ a company (such as Microsoft) that inadvertently uses open source in a commercial product is not a constructive thing. Matt Asay points out on his blog on CNET that “We shouldn’t expect open-source adoption to be flawless or painless” and companies — even large, well run software companies — will make mistakes. Microsoft made a mistake and ran into strong criticism this week when they acknowledged that a Windows 7 tool had GPLv2 code and that they had not met the license obligations. It makes for interesting headlines and generates a fair amount of hand-wringing, but does nothing to advance the cause of open source, which is really about community development and cooperation. Microsoft will not likely get much credit for how they handled this issue from the ideologues out there, but I think they’ve done a good job: acknowledged the mistake, removed the objectionable code, and announced their intention to meet the obligations by making the source and binary files available. Not bad I say. And maybe not the response Microsoft would have made in the recent past.

A customer of Black Duck’s, Extreme Networks, faced a similar challenge in 2008.  In a webinar we broadcast on Nov 17th, Diane Honda, VP and General Counsel for Extreme, explained how they managed a lawsuit from the Software Freedom Law Center over a GPL violation while they were in the process of rolling out Black Duck to manage compliance. They worked with the SFLC to resolve the issue. As Diane explained, and unlike the Microsoft situation where the open source code came in through a contract developer and was not known, Extreme knew they were using open source, believed they were in compliance, but the SFLC believed they fell short. Extreme worked with the SFLC to reach a mutually agreeable solution.

The thing about open source is there are many ways it can find its way into a product or code base. It’s rarely because a developer is malicious or careless; it’s more often due to ignorance of the license obligations or the lack of technology to detect its presence (manual methods are prone to error). Cheers to what open source has done to spur innovation, and jeers to those who pillory companies in public forums when they make an honest mistake and work to correct it.

Eran Strod
Director of Product Marketing
estrod@blackducksoftware.com
By far the best session at the 451 Group Client Conference that I attended last week was a panel led by analyst Matthew Aslett titled “Open Source To the Rescue?” When the 451 Group started their open source practice some years back, they named it “Commercial Adoption of Open Source” or CAOS which was a clever play on the state of extreme disorder and confusion that existed within enterprises trying to use and engage with open source at that time. Today, no one remembers what all the fuss was about. As Matt pointed out in his talk, open source is ubiquitous and pervasive; the Economist has declared that “Open-source software has won the argument.”

What is interesting is that mixed models now dominate. In addition to product and services business models that are built around open source, we are seeing wide embracement of open source components as pieces and parts of larger development efforts. In a recent Black Duck study, we found that in our sample of 175 customer applications that on average 22% of the 700 MB of code is open source. This means that the open source revolution is not just an IT operations phenomenon (think Linux, Apache, Firefox, Samba, …) – it has breached the wall and penetrated software development organizations (think log4J, BIRT, Mono, … )

That is not news for some, but what is different today is that development managers are now able to clearly articulate when they use open source and when they choose to keep software proprietary. Matt brought forth one quote from JP Rangaswami, Chief scientist, BT Group:

“If the problem is truly generic, then we use open source to be able to solve it…
If the problem is contained to a limited marketplace, we use closed source.”

If I could add anything here, it would be this – out of any given problem there are generic pieces and high-value add pieces. Open source provides a ready supply of databases, libraries, frameworks, stacks and other basic building blocks that can serve as the scaffolding for higher-level business innovation. While some think of open source as a way to help enterprises ride out the current economic recession, its real power is in driving the cost out of application development and thus fueling successive generations of new and innovative solutions.

Peter Vescuso
Executive Vice President of Marketing and Business Development
pvescuso@blackducksoftware.com
Matt Asay points out something that many may have missed – Google’s power in the industry does not derive from its software or IP as much as it does from its operational excellence. We’d add one more attribute to that analysis – packaging. Google dominates the industry by packaging information. Whether through search, advertising or through the strategic release of its software – minus the search algorithms, of course – Google has cast a wide net. Many competitors are struggling to find a way around, or out of, that net.

One way to avoid being caught is by offering something of value. Packaging information is a valuable service in a world where we suffer from information overload. The packaging of information about open source projects can address the same issues for software development and open source communities. Our most recent study looked at a sample of customer data to determine how much OSS code is present in a typical application. It turns out to be quite a large number – 22 percent. When you look more deeply at the cost savings that re-use of OSS represents, the numbers become even more compelling. A standard CoCoMo analysis puts the savings of code re-use as evaluated in our study sample at $26 million.

Leveraging open source code in a multi-source development environment is clearly the way to go for companies looking to deliver value to their customers. There is a shift underway in the software world, away from developing all your own software, towards providing value and service to your customers by giving them the code they need, with the functionality they need, at the best price and in the shortest time possible. We call this the new pragmatism.

Pragmatic organizations do they right thing for their customers (and their long-term viability) by delivering value. We’re always looking for information about OSS code. Check out our OSS Resources page – where we’ve done our best to ‘package’ information on open source projects to make it easier for companies to use open source code, most often in multi-source development environments combining in-house code, third-party code and OSS. Let me know what types of information you find useful.

Phil Odence
Vice President of Business Development
podence@blackducksoftware.com
Just wrapped up participation in the IBM Rational Software Developer Conference in Düsseldorf. Rational “takes its show on the road” every year offering scaled down versions of its annual Orlando event in a couple of dozen cities across the globe and this event was focused on German customers. Most of the IBM messages were consistent with those from Orlando with a theme of measurement and reporting as the way to drive software development. New were some interesting developments around tools for and available in the Cloud, perhaps a harbinger of the theme of next year’s conference.

We had a booth in the exhibit area and also I presented a paper, Ensure Quality and IP License Compliance in Software Development, so there was good opportunity to talk to Rational customers and employees (and on the side to exercise my rusty German). According to the Annual Open Source Survey published by Actuate earlier this year, 60% of German “business and IT professionals” report that they are already using open source versus 41% in the US and second only to France. (Those numbers have to be way low, but at the same time the relative ranking is interesting.) With that backdrop and my understanding of the inherent pragmatism of the German culture, my expectation was that there would be a level of sophistication with respect to open source beyond what we see in the U.S.

One of the slides in my presentation was based on Jeff Hammond’s Six Stages of Open Source Adoption. I found myself mentally binning customers as I spoke to them in those respective stages and was struck wide range of positions represented. One of my first conversations with an engineering manager in a company that develops airline software, “Ve are using no open source in my projects.” (Yes, that stage is called Denial.) Draeger Medical was much further along having accepted open source and the “responsibility for whatever is in our code,” and keenly concerned with how to “sensibly” control. Siemens was the company probably furthest along, no surprise as they are a big user of Black Duck products.

In the end, I didn’t sense that German companies were any farther along than their US counterparts in policies, processes and automating management open source. On the other hand, the IBM field people and resellers we spoke with were very interested in helping customers in this area (none more so than Bodo Koerber who runs NE Europe for Rational) and if sales people are good at anything it is sensing opportunity. So my conclusion and expectation is that German developers are ripe to transform the way they are developing software using open source. With more exposure to current best practices and tools, good old German pragmatism will help to lead the way to the new pragmatism of leveraging and managing open source.