February 17, 2019

Managing Open Source Usage in Off-Shore, Outsourced Development: Best Practices - page 3

The Opportunities and Challenges of Open Source Software

  • June 30, 2005
  • By Kevin Bedell

Once you've signed the contracts and development is begins, it's up to your project management staff and processes to make sure the development partner holds up their end of the bargain.

Best practices for this phase of the project can be summed up with the phrase "trust, but verify!" You need to give your development partner the flexibility to get the job done in the best way they can (within the guidelines you established during the contracting phase of the project), but in the end you need to verify that they followed the rules.

Verification that the code delivered meets the guidelines established in the contract can be done several ways (and may include multiple parts). Some best practices are:

  • Require a written "Statement of Open Source Usage." This is a document from the vendor identifying which open source components they used. You'll need them to provide (at a minimum) the following information: open source component name and version number, a URL identifying where they acquired it, the licensing terms associated with the component, and where and how the component was used.
  • Require at least one Open Source Delivery Audit for an early interim deliverable on the project. This will serve to both help clarify the usage requirements for the vendor as well as ensure you catch any significant problems early enough in the project life cycle as to have time to remedy them before the final deliverable.
  • Require a final Open Source Delivery Audit as part of the final delivery before sign-off and acceptance. This is your last chance to make sure the vendor is in compliance with your terms.

Most Popular LinuxPlanet Stories