How to convince Management
Often when talking to our customers from the corporate areas, we recognize a reasonable acceptance for the topic in the developers levels. There is an awareness for the “copyright”-aspects of software. On the one hand this is due to the many years of beating the drum for that topic, that most engaged developers experienced meanwhile. On the other hand it is due to many of them publishing software by themselves.
Unfortunately these experiences are moving in the background in the same way as financial aspects appear in the foreground. The more people focus on financial and commercial aspects of a product or service, the less room for respect of creative freedom seems to exist. This does not mean, that managers tend to underestimate the quality of work they receive in open source products nor shall it put the league of managers in the corner of ignorant work bots. But whenever you are facing deadlines for delivery and/or have to align budget constrains with a competitive feature list, open source compliance remains the 2nd priority to look for.
Not looking for open source compliance might be a bad mistake…
This might be a bad mistake! Open Source Compliance is not an option, it is a must! The key aspect of open source compliance is the generation of a “Software Bill of Materials”. The closer your solution is to a piece of hardware, the more it will be relevant as it is most likely that the software will be distributed with this piece of hardware. Missing out on compliance – even by accident – might be seen a as criminal act. Not addressing compliance aspects in a commercial organisation is a sort of fraud.
…especially due to the fact, that it can be heavily automated!
Thus management is well suited taking care of compliance. Especially due to the fact, that it meanwhile can be heavily automated. Integrate the generation of SBOMs with your CI/CD chain, derive the context of your solution and resolve the resulting requirements can be fully automated at almost no costs by using free and open source tooling. Learn about available options in the article on the “Open Source Compliance Tooling Capability Model”.
However, if you will have to convince your management to care for more compliance or want to learn on how to setup and establish a compliance program, download the slides attached to this post or reach out to one of our consultants.