Linked by David Adams on Tue 29th Jan 2008 17:56 UTC
GNU, GPL, Open Source Large companies typically don't have any idea how much Open Source software they have running on their various systems. This can pose a management and legal problem, so HP has developed software, called FOSSology and FOSSBazaar to help track down errant OSS installs. A Techtarget article notes, "HP gave an example of a recent customer that had three times as many FOSS licenses as originally estimated -- 75 licenses rather than 25. This left customers with a choice: implement governance policies to allow the safe use of FOSS, or replace the software at an estimated cost of $80 million."
Thread beginning with comment 298232
To read all comments associated with this story, please click here.
If you say so...
by rexstuff on Tue 29th Jan 2008 18:43 UTC
rexstuff
Member since:
2007-04-06

"...to help companies address the potential legal, financial and security risks involved in the
adoption of free and open source software."

Right.

Reply Score: 8

RE: If you say so...
by james_parker on Tue 29th Jan 2008 19:34 in reply to "If you say so..."
james_parker Member since:
2005-06-29

"...to help companies address the potential legal, financial and security risks involved in the
adoption of free and open source software."

Right.


I don't think anyone will quibble about security risks running unknown copies of open source; if it's unknown, it is likely not going to be upgraded when security flaws are discovered and fixed.

As for financial and legal risks, there are, in fact, legally encumbered binaries (at least in some jurisdictions) which cannot be copied under the license terms. While this can be overcome by building equivalent binaries from the source (which does require some work), not doing so could result in risks, however small in practice.

Reply Parent Score: 4

RE[2]: If you say so...
by sbergman27 on Wed 30th Jan 2008 01:39 in reply to "RE: If you say so..."
sbergman27 Member since:
2005-07-24

I don't think anyone will quibble about security risks running unknown copies of open source; if it's unknown, it is likely not going to be upgraded when security flaws are discovered and fixed.


While unknown copies of proprietary programs are, by contrast, not subject to these issues.

Edited 2008-01-30 01:40 UTC

Reply Parent Score: 3

RE[2]: If you say so...
by Soulbender on Wed 30th Jan 2008 03:00 in reply to "RE: If you say so..."
Soulbender Member since:
2005-08-18

I don't think anyone will quibble about security risks running unknown copies of open source;


Please explain how this is different from running unknown software that isn't open source.

Reply Parent Score: 2