HP's 'Fossology' Offers Help In Open Source Governance - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
05:18 PM
Connect Directly

HP's 'Fossology' Offers Help In Open Source Governance

The company's licensing-assessment service is similar to code-analysis products from Palamida, Black Duck, and Coverity.

As a user of open source code, Hewlett-Packard wanted to know what licenses governed the code it was bringing in-house. So it produced a tool that could identify the licenses.

Instead of just visiting a project's site to see what license was listed, it analyzed the code itself, identified the declared licenses, and looked for key phrases that indicated other licenses were in use as well. The tool is being expanded into a multitool framework, called "Fossology," or instruments for studying free and open source software (FOSS). Early this year, HP made its code-analysis tool the focus of an open source project to expand its capabilities.

It's available for download at Fossology.com.

"Customers we talk to say, 'We know we're using a little bit of Apache and Linux.' Then we talk to the Web developers and they tell us every sales system on the Web site was built with open source, and it's running billions in transactions," said Karl Paetzel, HP's marketing manager for Linux and open source code, at the Open Source Business Conference on Wednesday.

For companies to stay clear of entangling licenses, they need to know what they're using. If they build an in-house system around code that was issued under the GPL, they need to know how many obligations that incurs if they distribute the code to any outside users, warned Paetzel.

Fossology.com represents much of what HP presents to prospects when it gives them a one-day presentation on how they might need to implement open source governance if they're becoming a bigger user of open source code.

In-house development efforts or, for that matter, code contributed to an open source project needs to be checked to see if it has an origin other than the one the submitter declares. "If somebody has produced code based on open source, we can detect that, even if they've changed the headers and variables," said Paetzel.

Two companies, Palamida and Black Duck, also have code analysis systems. Each can compare a piece of code to large repositories of known source code and see whether any of its lines have origin other than the claimed author. "From my perspective, those companies are the experts," said Paetzel, suggesting that compliance and other legal concerns might be better satisfied by relying on a professional service than a free online service.

Coverity is a source code analysis firm that looks for security exposures in a piece of code. It is operating under a $300,000 contract with the Department of Homeland Security to check the output of open source projects and alert them to any identified exposures.

HP also offers a second Web site, Fossbazaar.org, that hosts discussion groups and information resources on how to adopt and manage open source code. One element of its consulting services is open source governance, announced in late January.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Can Low Code Measure Up to Tomorrow's Programming Demands?
Joao-Pierre S. Ruth, Senior Writer,  11/16/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll