When we first wrote about this last year, we called what he was doing a "vertical application stack." But in an interview with ZDNet last week it became clear that negotiation is the name of his game.
Cohen didn't use the term "negotiated open source" in our interview, but did say his process is to sit down with stakeholders and create open source roadmaps based on what those stakeholders can agree to.
"There aren't a lot of developers trying to solve problems like GLBA on their own. But if you can get paid and work on an open source project they're interested."
GLBA, in this case, stands for the Gramm-Leach-Bliley Act, a sort of HIPAA for financial institutions governing their use of non-public personal information.
Banks were on the old OSDL's advisory council. CSI helped them define the scope of the work they needed for GLBA, then delivered a solution which cost a fraction of what a custom system might cost to implement.
CSI has also been working with state governments on a system for getting disease records in shape for CDC research. That work began with meetings between Novell and the government of Utah.
Large organizations aren't accustomed to talking with each other, but once they do they often find common problems which can be solved through an open source solution, Cohen said.
Negotiations are still dicier than with typical projects.
"We ask where they have been working together already, and define what they want to talk about. It's important for us that the line be drawn, between what they want to collaborate on and what they don't want to talk about.
"It helps us from a definition and scope standpoint. It also lets us know what they want many people using, and where they want risk mitigation."
The advantage of going through the process is that once a scope is defined and agreed to, there's plenty of money available to get the work done, Cohen said.
Thus work is created for programmers, big organizations save big bucks, and the whole thing knits together.