The open source code "provenance" audit concept

Proprietary software vendors like to scaremonger over the use of open source software. They like to highlight the “inherent dynamism” that exists in open source libraries that are exposed to community development at all times.

These vendors also typically enjoy the chance to talk down open source’s “unsuitability” to certain work processes, which will necessitate static code libraries for reasons relating to compliance and governance.

Although licensed commercially supported versions of open source software almost always exist to satiate and satisfy the needs of the above, the fact remains that proprietary vendors talk down open source software.

But organisations have become much more proactive in recent years in auditing their code at the end of the development process to ensure open source license compliance — and as licensed open source code itself increases in usage, companies will need to examine their software at a more granular level to be able to pin down exactly where the code and components themselves have originated from.

So logically the software industry itself has developed tools to uncover the provenance of code and provide a means of auditing data and content throughout. One example in this space is OpenLogic, a company that produces its OLEX Enterprise Edition to enable development teams to scan code in an open source project and identify only the code or components that originated elsewhere.

In short, this software is designed to ensure the identification of all of the bundled projects, licenses and obligations of any open source software in usage.

According to OpenLogic, “Today, many enterprises are moving to audit open source code when it first enters the development process. In addition, many enterprises are beginning to release their own code as an open source project. In both situations, enterprises need a way to quickly audit an open source project to determine the provenance of the code and all licenses involved.”

Will this shut the proprietary vendors up a little? No, I doubt it don’t you? — Will this help the general adoption of open source software at the enterprise level? Let’s hope so right?