Open Source To Get Rating System

The very qualities that have made open-source software such a sensation--its rogue nature, the fact that it's free and abundantly available, and the ease with which it can be tweaked and extended--also are the reasons that it hasn't become more pervasive in business environments. Quite simply, there's too much choice and too much uncertainty for IT managers to take risks on open-source applications that they don't know much about and that are constantly changing.

Carnegie Mellon University, Intel, and open-source software certifier SpikeSource are looking to change that by making it easier for IT departments to determine which open-source tools they should adopt.

The triumvirate revealed plans last week for Business Readiness Ratings, a proposed standard model for evaluating open-source software. The ratings would be determined in open-source fashion, by gathering feedback from the fast-growing community of open-source developers and letting that feedback serve as a guide for others who are assessing the readiness of open-source tools for potential adoption within their companies.

Selection of open-source business tools has been largely an ad hoc process that's sometimes based on considerations as arbitrary as how many posts a certain tool has generated on an open-source message board, SpikeSource CEO Kim Polese says. Often, such adoption leads to apps that don't get a lot of use because of some weakness that wasn't immediately apparent.

The Business Readiness Ratings, for which information can be found at www.openbrr.org, will point developers to tools they can use to tune their code to overcome weaknesses in open-source apps. "Open-source developers more than anything want to see their users using what they're writing," Polese says. "This is a way to ensure that."

The model also could be used to evaluate commercial software by applying a dozen evaluation categories ranging from functionality and scalability to security and documentation to products being considered. But the focus is squarely on open-source software, which is characterized by a more-chaotic and less-supported marketplace that needs quality assurance.

Given the opportunity to increase adoption within businesses, some open-source software makers may try to manipulate the process by contributing lots of positive feedback about the tools they're pushing. But Polese believes the nature of a community-oriented ratings model will snuff out any hint of impropriety. "Generally, you find accurate results when you've got a large number of people weighing in," she says.

The Business Readiness Ratings initiative is expected to be ready as a resource for IT departments and open-source developers by year's end. The project's sponsors, who are accumulating public feedback, will spend the next few months recruiting more community participation and collecting evidence that their model works. The sponsors expect to stick with the framework they've established, but in the true spirit of open source they're willing to tweak it if their community tells them to do so. "We have no preset notion of how the model will look," Polese says.

For Deloitte & Touche USA LLP, open-source applications don't play a major role because there are very few such options for the professional-services industry. But CIO Larry Quinlan says he continuously scours the open-source scene for viable apps and that he expects open source to figure in the company's future. When that time comes, he expects the Business Readiness Rating to come in handy--to a point. He says a stamp of approval from the open-source community wouldn't give him insight into how the company actually would use an application. "It wouldn't help us select a product, but it would help us weed out products that didn't hold potential," Quinlan says. "We would have to apply business logic after using this as the first level."