|By Lacey Thoms||
|January 14, 2016 01:49 PM EST|
As software complexity increases so does its management. The healthcare field is no exception, and by its nature is driven by large amounts of data which require complex IT systems to manage it. Historically, organizations would have purchased platforms to manage these solutions they are expensive and lock users into solutions. Increasingly, organizations are turning to commercial third party code, code brought in from outsourcers and contractors, and open source software (OSS) to accelerate development and reduce costs.
Clearly, there are huge benefits to be gained from this approach but it is not without its risks. Governing the quality, security, licensing and intellectual property (IP) ownership attributes are imperative in avoiding risks and potential downstream costs of using third party software.
The process of managing third party content in a code base can be time-consuming and resource intensive. This highlights a need for a governance program to underpin Open Source initiatives. A study of common practices deployed at software organizations has revealed a pattern consisting of a number of necessary steps. Originally coined as an Open Source Software Adoption Process (OSSAP), this process is equally applicable to any third party software that is deployed and used in a project within any organization. Eight steps are identified in a structured open source adoption process.
1) Establishing a Licensing Policy - identifying acceptable attributes of a third party software, and highlighting remedial actions that should be taken.
2) Software Package Pre-Approval – this is a workflow process that allows technology teams to request open source and other external packages to be approved for use on a certain project.
3) Existing Portfolio Assessment – this establishes a baseline and is performed using automated tools to create a detailed view of the code already present in the software organization.
4) 3rd Party Software Assessment – an inventory of all code delivered to the project by contractors and outsourcing suppliers.
5) Scheduled Software Scan - regular scanning and examination of the project code library.
6) Real Time Library Check-In - optional real-time assessment of code as it is checked into the organization’s Source Control Management (SCM) system.
7) Real Time Automated Scan - optional real-time automated scanner residing on the developer’s workstation.
8) Pre-Shipment Software Assessment – the final build assessment, usually through an automated process tied into the build process.
By adopting an Open Source Software Adoption Process for code management, there is a significant opportunity to advance the caliber of healthcare by applying intelligent software solutions to electronic health records, delivery of consumer health information, and the provision of mobile and virtual health services. Leveraging open source software accelerates the identification and development of healthcare applications, creates a level playing field for all ecosystem communities, and allows the sharing and re-use of efforts across a wide range of healthcare domains and geographies.
Read our white paper for a more in-depth look at the changing eHealth landscape?
- Open Source Software License Obligations in Cloud Applications
- Leveraging Open Source and Avoiding Risks in Small Tech Companies
- Governments Waltzing on OSS, Trusting Your Search Engine for Privacy, GPL Houses and Apache Cars
- What Developers Need to Know About Open Source Vulnerability Management
- The Basics of Open Source Software By @Protecode | @CloudExpo [#Cloud]
- Hortonworks President: Open Source Is the ‘Single Fastest Way To Innovate’
- Is Open Source Becoming the De Facto Standard in the Data Center?
- Open Source & the Internet of Things: A Growing Companionship | @ThingsExpo [#IoT]
- Legal battles, security concerns, myth busting plus learning and governing with open source
- Defining ‘Freedom’ in the Open Source Software Space | @CloudExpo #Cloud