Gartner tries to scare businesses adopting open source

The good news? Gartner says that 100 percent of businesses will be using open source within the next 12 months.

The good news? Gartner says that 100 percent of businesses will be using open source within the next 12 months. The bad news? Gartner doesn't really seem to understand open source licensing requirements, and is trying to scare companies into adding bureaucracy around open source adoption. According to Gartner, companies need to "adopt and enforce an OSS policy." Calling out open source for special policies only highlights that Gartner doesn't yet "get it" with regards to open source.

The press release says "Gartner found that 69 percent of companies surveyed still have no formal policy for evaluating and cataloguing OSS usage in their enterprise, opening up huge potential liabilities for intellectual-property violations."

Here's a simple rule of thumb to find out if your organization's use of open source requires a special policy: Are you modifying and distributing the software? If the answer is yes, then by all means your organization needs to have policies and oversight regarding the use and distribution of FOSS. If the answer is no, then you can stop staying up nights wondering if your organization is violating any licenses.

OSI-approved licenses are triggered by distribution, not by use. Deploying and using FOSS within an organization isn't like deploying proprietary software -- you don't need to worry how many "seats" or licenses you have, which is one of the many reasons that (as Gartner noted) nearly 100 percent of organizations deploy or plan to deploy open source software.

This isn't to say that it's a bad idea for organizations to have formal policies for oversight of software deployment and use overall, but the alarmist tone of  their release is wholly unnecessary. For a company like mine (Novell), it's vital to have a policy and oversight of the process because we actually ship products that incorporate open source software. If your organization makes modifications to open source for internal deployment, that should be tracked as well.

But, for an organization that only consumes open source, the use of open source software should be monitored by whatever mechanisms are used to track the use of software in general.

More importantly, if your organization only consumes open source, decision-makers shouldn't be losing sleep over cumbersome open source policies that are unneeded or opting for proprietary software out of a misguided impression that open source licensing is trickier to deal with than proprietary software. I've yet to hear of any company deploying open source (as opposed to shipping it in a product) that's run afoul of a FOSS license.