With the growing use of open source code across corporations, there is considerable unease about use of the code and compliance. The Linux Foundation has decided to tackle this and is offering free tools to trace your sources. Meanwhile, new research from Symantec shows information retention is still a problem.
How Compliant is your Open Source Code?
We all know how popular open source has become across the corporate world, but how many corporations know exactly how compliant they are, or even where their source code is coming from?
If your company is in that category then the Linux Foundation has decided that enough is enough and companies need to know what exactly they are using.
The result is the recently announced Open Compliance Program which has six elements, one of which is a directory of corporate open source compliance officers and a mechanism for contacting a company's open source compliance officers, with the Foundation passing on the request.
It has also released a number of open source scanning tools to identify the origin and license of source code, and is urging other developers to contribute to them. They include:
- Dependency Checker: Capable of identifying code combinations at the dynamic and static link level.
- Bill of Material (BoM) Difference Checker: Capable of reporting differences between BoMs and therefore enabling companies to identify changed source code components.
- The Code Janitor: This tool provides linguistic review capabilities to make sure developers did not leave comments in the source code about future products.
Executive Director of the Foundation Jim Zemlin said the goal is to simplify the management of open source licenses, to make them accessible and cheap, and to “prevent needless lawsuits”.
As Linux has proliferated up and down the product supply chain, so has the complexity of managing compliance . . . Our mission is to enable the expansion of free and open source software, so we created this program to give companies the information, tools and processes they need to get the most out of their investment, while maintaining compliance with the licenses governing the software.”
And all of it is free. If you want to find out more go to the Linux Foundation website, or the Open Compliance website.
GRC Market to Grow by 6.5% Annually
Getting back to governance, and for those that might be considering tackling the governance market, Chartis has forecast that the worldwide financial services op risk and GRC technology market will grow to US$ 2bn by 2013 and will grow annually by 6.5%.
According to the Operational risk & GRC software solutions 2010 report, the GRC technology market is still fragmented and selecting a system is still dependent on the specific needs, sophistication and geographical location of the buyer.
And significantly the overlap of op risk and GRC practices means there has been some convergence in software solutions, a trend Chartis believes will continue.
This report is an update to Chartis’ 2009 report on operational risk management systems. It includes an updated forecast for market size and sections discussing the convergence of OpRisk, GRC and ERM practices and technologies. You can buy the report from Chartis, or download an executive summary for free.
MetaVis SharePoint Site Governance
MetaVis (news, site) has also been looking at governance recently, this time with SharePoint. If you missed it recently, MetaVis has added a new capability to its suite of SharePoint migration tools, helping your organization implement better governance over SharePoint implementations.
The new feature is called MetaVis Live Compare and shows users the differences between the content, taxonomy, IA, security and permissions of two sites.
But it's not just about seeing the differences. You can also use this tool to apply any changes required to bring your SharePoint sites in compliance with policies and improve the quality of your search results -- something many organizations struggle with.
Live Compare is a client side tool, so there is no installation of software on the server at all. It's a part of the MetaVis Architecture Suite, which includes a number of tools for managing your both your SharePoint content and metadata migrations.
Data Retention Still a Problem
Surprise, surprise, the main finding is that a majority of enterprises are not following their own advice when it comes to information management. It shows that:
- 87% of respondents believe in the value of a formal information retention plan
- Only 46% actually have one
- 70% of enterprises use their backup software to implement legal holds
- 25% preserve the entire backup set indefinitely with 45% of backup storage comeing from legal holds alone
It also shows that nearly half of the enterprises surveyed are improperly using their backup and recovery software for archiving.
The survey was conducted in June 2010 and is based on responses from 1,680 senior IT and legal executives in 26 countries. There really is a lot here so worth checking out.
Iron Mountain Opens Information Consultancy
Iron Mountain has created an new consulting arm called Iron Mountain Consulting (news, site) that will advise companies on how to lower the cost of managing information and records, meet industry regulations, prepare for e-Discovery, manage complex litigation and avoid data or IT systems disasters.
The company says that the new consultancy will design, build and execute legally-defensible, but pragmatic, records management and retention policies and best practices providing services in:
- Records Management, including records classification schema
- Information Management, including risk assessment, information and systems mapping
- eDiscovery Management, including litigation readiness planning, complex matter guidance.
The consulting team will employ 70 people ranging from IT to legal. If you want to find out more you can find it on the Iron Mountain website.