GRC Roll-up: Linux Foundation Assesses Open Source Compliance, MetaVis’s SharePoint Governance

By David Roe (@druadh20) Aug 11, 2010

With the growing use of open source code across corporations, there is considerable unease about use of the code and compliance. The Linux Foundation has decided to tackle this and is offering free tools to trace your sources. Meanwhile, new research from Symantec shows information retention is still a problem.

How Compliant is your Open Source Code?

We all know how popular open source has become across the corporate world, but how many corporations know exactly how compliant they are, or even where their source code is coming from?
If your company is in that category then the Linux Foundation has decided that enough is enough and companies need to know what exactly they are using.

The result is the recently announced Open Compliance Program which has six elements, one of which is a directory of corporate open source compliance officers and a mechanism for contacting a company's open source compliance officers, with the Foundation passing on the request.

It has also released a number of open source scanning tools to identify the origin and license of source code, and is urging other developers to contribute to them. They include:

Dependency Checker: Capable of identifying code combinations at the dynamic and static link level.
Bill of Material (BoM) Difference Checker: Capable of reporting differences between BoMs and therefore enabling companies to identify changed source code components.
The Code Janitor: This tool provides linguistic review capabilities to make sure developers did not leave comments in the source code about future products.

Executive Director of the Foundation Jim Zemlin said the goal is to simplify the management of open source licenses, to make them accessible and cheap, and to “prevent needless lawsuits”.

As Linux has proliferated up and down the product supply chain, so has the complexity of managing compliance … Our mission is to enable the expansion of free and open source software, so we created this program to give companies the information, tools and processes they need to get the most out of their investment, while maintaining compliance with the licenses governing the software.”

And all of it is free. If you want to find out more go to the Linux Foundation website, or the Open Compliance website.

GRC Market to Grow by 6.5% Annually

Getting back to governance, and for those that might be considering tackling the governance market, Chartis has forecast that the worldwide financial services op risk and GRC technology market will grow to US$ 2bn by 2013 and will grow annually by 6.5%.

According to the Operational risk & GRC software solutions 2010 report, the GRC technology market is still fragmented and selecting a system is still dependent on the specific needs, sophistication and geographical location of the buyer.

And significantly the overlap of op risk and GRC practices means there has been some convergence in software solutions, a trend Chartis believes will continue.

This report is an update to Chartis’ 2009 report on operational risk management systems. It includes an updated forecast for market size and sections discussing the convergence of OpRisk, GRC and ERM practices and technologies. You can buy the report from Chartis, or download an executive summary for free.