Open-source can be risky business

For CIOs, the governance of open source can be very tricky. Governance of open-source technology is critical; without knowing how it was obtained and how it's being used, companies can get sued over its use. There are also downtime risks; organizations need to know how to deal with open-source technology when it fails. Another risk is compliance. With workflow in place to enforce open-source polices, organizations can ensure that they have the proper controls in place to satisfy any applicable regulatory requirements. There are products available to help, however, such as those from OpenLogic and SourceLabs. These products offer open-source support or maintain certified repositories of open-source technology. They also pinpoint problematic open-source products and include basic governance and workflows that help companies track what's being used and how it's used. But some believe these products aren't enough. Policies and practices have to go with the software.

Read more about managing open-source in the enterprise:
- read the article at ComputerWeekly

ALSO:
- read this on how open-source has grown up
- and this on the danger of open-source