Open Source: Pick Your Projects With Care

Matthew Sarrel, eWEEK USA 2012. Ziff Davis Enterprise Inc. All Rights Reserved,

Open source really is taking over the enterprise, says Matthew Sarrel. But you still have to choose carefully which projects to do, and how to develop them

The process of finding the right OSS project typically begins with a developer searching online for a code component that will meet a specific need. The process of searching for code, compiling a list of projects, evaluating the projects and their associated communities, and downloading and testing the code can be an arduous task because code (and different versions of it) can be scattered across the globe.

One resource that can make this process easier is the Website Ohloh.net, which houses a comprehensive database of 300,000 OSS projects. Each project has complete information regarding licensing, cryptography, security and the vitality of the community. Measuring the vitality is important because it won’t help your developers very much if they have to start maintaining someone else’s dead code. Insight into the sustainability of the project can be found in factors such as the number of committers, the names and histories of each committer, the number of contributors and their experience, plus the growth in the number of community members and the frequency of builds.

The site, which was recently acquired by Black Duck Software, is set to merge with Black Duck’s existing Koders.com site to provide all the information a developer needs to make an informed decision about open-source components. In the words of Black Duck President and CEO Tim Yeaton, the combined site will have the “richest metadata aggregated in one place that developers can use to understand each project.”

Understanding the community

Understanding the community clustered around a particular project is key, because it’s from this group of users and contributors that open-source projects draw their strength. As a consultant, I’ve always asked my clients if they want to put all their eggs in one basket and be at the mercy of a single vendor for operating system, application and custom application licensing, support and updates. While a broad-based community can’t replace the professional support organisations maintained by enterprise-oriented software vendors, community resources can provide a powerful complement. What’s more, the most popular open-source projects—the components of the LAMP stack, for instance — tend to boast multiple commercial providers alongside considerable community resources.