If you’re like most IT professionals, at some point you’ve probably heard mention of the terms “Open Source” and “Freeware”. These are attractive software products for a variety of use cases, and very often they can save firms significant expenditures compared to the “fully chargeable” licenses from competitors. However, as with many things in life, things are often not as rosy as they first appear.
Let’s examine what “freeware” or “open source” products are. Broadly stated, they are software programs which are made freely available for download and install, and for which no license fees are charged. Sounds great, right? No for the catch: there are several different licensing “models” that range from:
• only free for development work
• only free if used in a development role, strictly by the downloading organization, and never made available on a production basis
• to many others
So although at first blush such a product seems attractive to your development team (“this product is functionally similar to product X but costs us nothing to use”), there may be fine print in the license agreement that limits this free use to only certain uses or to certain user groups.
How is the product being used?
What exactly are the requirements of the license agreement for the product’s use case? What happens if the product is planned to be used in one of the restricted roles? What are the requirements not just for a license fee, but potentially for reporting usage? If the open source code is integrated or embedded into your organization’s internal code or commercial products – which are then sold or distributed to your own customers as part of a solution – is there a requirement to credit the open source code? Pay for it?
What about service and support?
Another in the realm of hidden costs that is also potentially significant: service and support. In fact, while there are many products for which licenses are free, many of these do not come with any kind of (free) support. In such a situation, your organization could be left without access to valuable technical assistance, or required to pay for access to a team of specialists to assist when the product throws a curveball. Although public resources such as knowledgebase articles and user groups may be free, access to living human beings very often is not. And if a service agreement is purchased, it may be tied to a metric that will need to be tracked – like the number of users, the number of installations, etc.
Why is tracking freeware important?
So far, this blog post may seem like a simple alert that there are hidden costs related to open source/freeware products. While this is true – and a worthwhile reminder to pass along to your software teams when they propose the use of these products – this isn’t the main point I’m trying to make. Here is the real point: because “freeware” often isn’t free, it’s just as important to carefully track its use as part of your day-to-day SAM activities.
When you see an entry for open source/freeware product in your discovery tool’s reports, for example, be sure you know whether it’s truly safe to mark it as “not licensable”. There’s a natural tendency to say “this is freeware” and pass right by when calculating your license position. But it is worth being just as careful to track the open source/freeware segment of your software estate as you would any other commercial product. At the very least, be sure you understand how the product is being used, and the details of the licensing agreement. Don’t forget: “Freeware” encompasses as broad a range of products as commercial software – including such things as browser add-ons and fonts that are often overlooked.
Finally, there another important angle we may not always consider in our SAM role, because of our focus on license compliance and tracking. While discussing this with a colleague, he reminded me of the increasingly critical security implications around any software installed in the environment. There are cases of cyber threats implanted by open source origins that have caused severe problems for many organizations – for example, the Marai botnet in 2016 that caused outages for the New York Times, CNN, Netflix and others. “Freeware is free for a reason,” he observes. “The makers want to get a foothold in your organization – and who knows what traps or worms they are embedding.” This means it is good policy to be tracking every piece of software we discover – no matter what.
In truth, the more you know about what’s in your software estate and how it’s being used, the better your ability to manage costs and stay compliant, now and in the future. If you’re not already including open source/freeware products in your comprehensive SAM process, consider adding these products to the list of items you track, and give them similar close attention as you would your commercial software products.
Perhaps some of you reading this article have tips and tricks that have worked for you when keeping track of open source/freeware products in your organization? I’d be interested to read your insights into how to improve understanding of these products and their use in your enterprise!