Constructing a Corporate Open Source Policy?

Stokey asks: "I work for a global finance firm, (60000+ employees and presence in 25+ countries) in the Group IT department. Pressure is building from the businesses to cut costs and Open Source software has been pushed onto the discussion table. I am trying to educate IT Directors where I can with correct definitions, breaking down assumptions, and will most likely end up writing the group wide Open Source policy. The challenges are well known: risk, cost, support, licensing, benefits, training, and so forth. I am looking for help in putting together a pack that can be handed to our IT Directors forum which contains a policy, TCO (Total Cost of Ownership) reviews, and risk reviews by companies that have done it. After asking what Gartner has to say, the next question will be 'So who else has done this?'. Can Slashdot assist?" What information do you think should be included to sell Open Source to management at the top-level of any corporation or business?

I'm sure several of you have run into this situation before, so I figure this may be as good of a place as any to suggest what information might be appropriate to place in such a policy, especially for future IT workers who find themselves in this position. If people are serious in getting Open Source further into the enterprise than it has already is, such information will be necessary to convince the powers-that-be on the things that we already know: Open Source can be as good as, or better than, commercial software for business tasks. Things like licensing descriptions, common misconceptions, and what Open Source really is would be an absolute must. What other information do you think would be absolutely necessary to include into such policy?

Don't think of it as open source

[superpulpsicle]

I don't know why people think of a product as open source or not when doing deployment. Just think of it as linux or windows or mac or whatever the product is with whatever the feature you need.

How silly would it be to say to any manager, yeah... we're not deploying this because I can see the #includes and functions. That's essentially what people are saying, when they say no to open source.

Re:Don't think of it as open source

no, they are saying "I don't trust that a non-commercial entity can provide ongoing support nor do I trust a product without several names I can immediately call to get my request routed to the correct division for support"

Ignorant statements like yours show why the OSS community is having trouble getting its message across. Get it through your skull: Nobody cares whether or not they can see the fucking #includes.

They care whether or not it will work and, when the inevitable problem happens, how quickly it can be resolved by a subject matter expert, not by one of their in house geeks reading the fucking source.

Re:Don't think of it as open source

[wo1verin3]

>>no, they are saying "I don't trust that a non-
>>commercial entity can provide ongoing support
>>nor do I trust a product without several names >>I can immediately call to get my request routed
>>to the correct division for support"

Do you of many non-commercial entities that trade publically? Going open source doesn't mean you're going non-commercial. It means you have the option to go this route, or not go this route.

Re:Don't think of it as open source

[LurkerXXX]

Mod parent up.

Wow, we can use all this great software we found on Sourceforge for our corporate enterprise. Then when it's abandoned like so many projects are on sourceforge... what? Oh great, we can 'read the code'. What do we do now? We can either wait for some bored group of kind souls to take it over, or we now have to hire ourselves a permanent staff of 50 code monkeys to keep the code patched and updated? Great. That's going to do wonders for the bottom line.

Having access to the "source" does you no good unless you are personally going to set up the staff up to make use of that fact. Ford motor company doesn't want to spend millions and millions of dollars maintaining their own operating system for use inhouse. They pay some company to provide the OS and share the costs involved with tens of thousands of other companies that also want to buy that software.

Seeing #includes is nice, but having a company standing behind and maintaining the software is what is needed.

Re:Don't think of it as open source

[13Echo]

Having access to the source does ALL of us some good. Even if you don't make use of the source specifically it is available for EVERYONE to have the opportunity to improve it. Thus, simply being able to receive updates of improved OSS software. What does this mean? It means that you won't have to wait 6 months for a patch on a critical exploit... Try six minutes or six hours.

Re:Don't think of it as open source

[Avihson]

Biting this troll, I ask:
Why is it better to pay for a support contract to use another companies geeks than your own? The other geeks are looking out for their corporate bottom line, not your bottom line. They have no vested interest in your success or failure. Every customer is just like the other.

In-house geeks should have a bit of loyalty to the provider of their next paycheck, they are focused on one company, and since they are already on the payroll, use these talents.

As a 3rd tier support geek, I spent many a fruitless hour on hold to the commercial-entities. It was more cost efffective to send us to vendor training than to rely on the vendor's helpdesk. Many of the issues ended up being resolved on the vendor's public forums. Why should the corporation pay big bucks for what is essentially a vendor supplied forum reader.

The step from in-house Cisco, Lucent, Openview/HP-UX and MS support to adding in-house linux, mySQL, and mrtg support was a natural, easy step. Searching the Microsoft KnowledgeBase or searching google for a SQL server error takes about the same time and effort - having to parse the google responses balances out the hoops MS makes you jump through.

The Subject matter experts tend to be those who use the product daily, not those who just read canned answers from the helpdesk ticket system. Sourcecode has nothing to do with it.

Re:Don't think of it as open source

[mr_lithic]

I have been using an abandoned project for the past 15 years. It is a bulletproof little disc app that was abandoned by its creator and distributed as freeware.

In addition, I have based our entire helpdesk on an abandoned project which is the best, most stable, platform independent helpdesk app out there. It has a huge user base and large number of forums for help and support. But no one currently developing code for it.

Are either of these apps useless because they are abandoned?

Nope.

Abandoned software does not mean it is has no use, simply that it may be limited in future plans. But if it works now and does the job, why not use it?

Re:Don't think of it as open source

[Derkec]

Why is it better to pay for a support contract to use another companies geeks than your own? The other geeks are looking out for their corporate bottom line, not your bottom line. They have no vested interest in your success or failure. Every customer is just like the other.

Ok. The support contract is like insurance. You use it if you have problems, you don't if you don't. The alternative approach to buying insurance is to self-insure. Essentially put a stack of money in the bank to spend when you have problems. Only really big companies can afford this. Likewise, if you have a sticky problem with software, you need some expertise. You can either pay to have that expertise at your disposal when you need it by calling the vendor or pay to have that expertise stockpiled in house. If you never use it, you lose. Further, since we're talking knowledge, not money, it's easier for the vendor to stockpile that knowledge. Gaps in any individual's understanding are more likely to be filled by somebody else on that team.

A large corporation may be able to self-insure with knowledge as well. They have a ton of people babysitting products and get to learn them very well.

The downside to that from a manger's perspective is that if something ever goes seriously wrong, they don't have anyone to blame but themselves. There's no lifeline to grab onto and force to make it right. It is because the vendor's people act with the vendor's best interest in mind - they need to keep your contract - that they are strong. Clearly some vendors and some contracts are better than others about this sort of stuff.

Re:Don't think of it as open source

[LurkerXXX]

Well, maybe the support-contract geeks have special in-depth knowledge in the areas that your in-house geeks dont. A company building an OS, database, etc may have specialists at encryption etc, etc, that your in-house geeks only have a passing knowledge of. Your in-house geeks are specialists at everything? Impressive. Besides, it's always easier to patch the code if your the one who wrote it in the first place and know all the implications of any patch.

The other reason is you can distribute the cost of paying those 20-expert-geeks over 2,000 companies who pay you for the service. Othewise those companies would each have to hire the 20 themselves costing a colletive 40,000 geeks worth of salaries to the buisnesses involved.

Yes, some of those companies might release those patches back to the other users of the software, but think about it... amoung those others using the same software your company does are likely a good number of your competitors... Are you going to trust a patch your competitor released to you without haveing your own team of geeks check it out? It's still going to cost you. Distributing the cost of the support-contract-geeks is a good thing. You get a better return on invetment.

Re:Don't think of it as open source

[drooling-dog]

Oh great, we can 'read the code'. What do we do now?

I don't think you're getting the point here. If you're talking about software that is so specialized that it's unique to your little niche, then yes, access to the source may only be important if you're equipped to do something with it yourself. But in that case a commercial version would likely be supported by one company, and woe unto you if they went out of business or chose to stop supporting it (perhaps to force you into an "upgrade"). With access to the source (and a license that allows you to use that access), you at least have the option of hiring someone to maintain or customize it. To say you'd prefer to put your business at the mercy of a single vendor, large or small, is just plain nutty, in my opinion.

For more generic applications there are several advantages to Open Source:

• You are not dependent on a single vendor for support, nor vulnerable if that support ceases to be available.
• The very fact that the source is available makes it much less likely that it will contain hidden undesirable functionality that benefits the vendor but not you. To prefer closed source is akin to disliking ingredient labels on food and drugs because you'd rather not know what's in there. Even if you can't utilize that information directly, it is important that there will be other eyes that can.
• Open source development is user-driven, and not vendor-driven. Features that are demanded by users will quickly be developed without concern for any vendor's business model or revenue stream (maybe that's why you hate it?). Owning or controlling the customer will never be an issue.
• You can modify and customize it any way you want to fit your own needs, and this can be done by any programmer you may have on staff or hire by the hour off the street.

I personally don't care whether you or your company employs Open Source software in your operations, and I doubt that the developers of the software you're not using care very much either, since they're not selling anything (except occasionally support and packaging). If I were a shareholder I'd have some tough questions for you, though, because then it would be my money that you're farting away...

Who else has an open source policy?

[m00nun1t]

How about Microsoft?

BIg Company

[LennyDotCom]

Your company is very large. You must be using many open source solutions in many ways already. You should start there by identifing what is already being used and how effective they are. Thereby providing your own case studies.

Re:BIg Company

[beacher]

Another fine article - EU Publishes Open Source Migration Guidelines

Interesting read.. Your biggest opponents are going to be your non-coding macro writers...
-B

Quick List

[JamesP]

It really depends on how your bosses understand the situation.

If they're more of the PHB kind, go "Linux is Free, we don't have to pay nothing, yadda..."

Now, in the "willing category":

1 - replacing WIndows w/ Linux at workstations may be a good idea. After all, their main use is Word Porcessing and E-Mails...

2 - In the server side, there are good choices too, but then there is support...

Re:Quick List

[tuba_dude]

While it is true that the workstations would probably be used for word processing and e-mail, I'd have to say that replacing Windows on the workstations is less likely than on the servers. The servers, when they have to be touched at all, will be serviced by geeks (or at least trained facimilies) who understand what they're doing. The end users at the workstations can't always be counted on to understand what they're using, and those that don't get it usually complain when something changes.

Dealing with end users could actually be pretty simple, if a bit frustrating. Install your favorite flavor of Linux across the entire company in one massive night-op, forcing everyone to "jump into the deep end." That would make them complain and make even stupider mistakes than usual, but it would be a fast transition.
Or Option 2: Install Linux on the workstations one department at a time. This way you can watch people migrate across their offices to check their email on the windows machines, as they are afriad of their own systems. As the Windows numbers dwindle, the more bold return to their systems to avoid the lines at their co-workers' computers. The stupid (more so than usual) help calls start to trickle in as they realize they don't know what they're doing and they want you to share in their pain. When the Windows machines begin to near extinction, more and more employees return to their systems, repeating and aggrivating the cycle of stupid.

So do you do it at once, or draw out the pain? It's kinda like adolescence really. It's got to happen eventually, but nobody really wants to go through it. Might as well be an early bloomer!

Oh yeah, back to the original subject. Linux on servers: Good, farily easy transition, especially if the IT dept. has any Unix experience. Linux on workstations: Good thing, probably a painful transition, but worth it in the long run.

Speak to IBM, RedHat

Though they may not be 100% trusted by the community, they do have resources and studies to help prove your case. Sometimes the slick presentation is valued more that the well-researched one, anyway.

Re:Speak to IBM, RedHat

[Sogol]

Its really very simple:

1. OPEN SOURCE
2. ???
3. PROFIT!!!

Don't sell "Open Source"

[rjstanford]

Some open source projects are very well done, and provide clear and immediate benefits upon implementation - assuming that you have problems that they solve. Others are less so. In other words, don't try to sell "Open Source" as a fundamental concept. Sell specific open-source solutions to specific corporate problems.

Remember also that everything is relative. Let's say that you're working for a small software company. You need an office suite. You could use OpenOffice, which has no initial cost and a small but non-zero chance of incorrectly storing documents that get sent to potential customers and investors. Or you could go to Microsoft.com and get a ton of NFD software, including Office, for a couple of hundred bucks. Here, the open-source solution fails to be appealing. If you're developing J2EE applications and need a good app server though, its very possible that JBoss provides a compelling open-source alternative to expensive software like WebSphere.

But (and here I'm speaking as the CTO for a growing software company), if you start out with blanket statements like "Open source has lower TCO," without talking to the specific context of a business problem - I may agree in principle, but speaking as the company, "I don't care." Solve a problem, do it well, do it cheaply, and you'll find that the company execs don't care either - but that holds true in both directions. If the best solution happens to be open-source then they'll probably go for it, but not because its "k3wl" or open, but because its better for the business.

This is the time for open source to, as they say, put its cards on the table. The advocates feel that it does deliver lower TCO (and other advantages). I happen to lean that way myself. But that should mean, ironically enough, that the end product should be superior without including the specific point that its open source, any more than I would pick any other product because of the way that its built. The better building technique produces a better product, and that's why it gets used.

At least, that's my opinion.

Re:Don't sell "Open Source"

[rjstanford]

But this doesn't have to happen at all. OpenOffice allows you to set .doc as the default save format; resulting in a zero percent chance of files being saved incorrectly and your customers ever receiving unreadable documents.

Not quite true - a couple of times, the last time I tried to use Open Office, I opened a .DOC file, made some changes, saved it, and got ready to send it off. Being the trusting soul that I am, since I was just eval'ing OO, I checked it in Word. For some reason the bullets had been changed to little smiley faces - at least, when it was opened in Word (which is almost certainly what the recipient would do with it).

Seriously.

Why did this happen? I don't know. The other issue is that I don't care. I have better things to do with my time than to try to figure it out as well (at least at the moment). So I ditched the whole product. Was it because of something that Word did to the original document that OO didn't properly understand? Could be. Again, who knows? I do know that that wouldn't have made a good impression on our client though.

Saving $200 - good
Showing poor QC to a multi-million dollar client - bad
Any questions?

Re:Don't sell "Open Source"

[KGBear]

Unfortunately, it's not that easy. I tend to agree with you in principle - just pick the right tool for the job, it shouldn't matter if it's open source or not. On the other hand, You must remember that there is a lot of pressure against anything Open Source (in the form of marketing from Microsoft, conservatism inside the organization, end-user unwillingness to learn something different) and this pressure should be balanced with an equal force and opposite direction if your Open Source implementation is to be successfull. More and more it becomes hard to chose the right tool for the job because Microsoft tools, Microsoft proponents and Microsoft consultants don't want you to integrate.

I had this discussion with my boss where I used to work a few years ago. He felt that it was OK to include Outlook as an option for a mail client for users alogside Eudora and Netscape Mail, I felt it was risky. This is how it went:

- User starts using Outlook, notices the groupware functions
- Instead of asking for the functions, they ask that those buttons in their Outlook clients "be enabled"
- The only way to do that was (at the time) to replace Sendmail with MS Exchange
- Exchange doens't integrate with current NIS+ servers unless it's through AD + Windows Services for Unix
- That requires master and slave AD servers;
- AD + Exchange will be happier with their own DNS server
- No real Open Source anti-virus software to talk to Exchange while running on Linux, so there's another Windows server

So there you have it: one Linux server that used to run Sendmail, anti-virus, NIS and DNS get's replaced by 1 Exchange server, 2 AD servers, 1 IIS server, 1 anti-virus server. 1 linux box replaced by 6 Windows servers at considerable cost and we lost our ability to chose the right tool for the job for that whole chain.

In the end what I'm saying is that while choosing for the right tool for the job you should be careful not to be locked into something that will force you to pick a lot of tools not so right for the job!

Re:Don't sell "Open Source"

[rjstanford]

So there you have it: one Linux server that used to run Sendmail, anti-virus, NIS and DNS get's replaced by 1 Exchange server, 2 AD servers, 1 IIS server, 1 anti-virus server. 1 linux box replaced by 6 Windows servers at considerable cost and we lost our ability to chose the right tool for the job for that whole chain.

Agreed - provisionally. You made a good point for the higher TCO of Outlook there though, which should push it to the bottom. Unless, of course, it turns out that your users are actually productive enough with the groupware functionality of Exchange to justify the expense of the additional servers, licenses and maintenance - which could be true or false, depending on your company. Everything is, after all, relative.

Re:Don't sell "Open Source"

[IANAAC]

Actually, you are now able let your users use Outlook (full functionality) without using Exchange on the server side. SUSE sells OpenExchange, Samsung sells Contact. Both run on a Linux server. They're not cheap, but they are substantially cheaper than Exchange.

So, in the end you could reduce the number in that pile of servers :-).

Re:Don't sell "Open Source"

[Compuser]

Remind me again why you'd send off a .doc file in the
first place. You want to send a document to someone,
why not pdf it. It preserves formatting more consistently
than Word, which can even crash opening docs saved in
Word. Save your customer some grief and use pdf.

Re:Don't sell "Open Source"

[KGBear]

When will I learn? You really can't try simplify something to drive across a point without someone calling you a liar. OK, here goes a point-by-point reply:

Based on your assertion that you previously ran nearly everything on a single linux server - implying a fairly small company - I'd just like to make a few observations that point to you having made the whole story up.

Actually the company was a bank. Granted, a fairly small bank, but I don't think it qualifies as a small company. About using a single server, that's not entirely acurate. We had two for failover, even if the second one was never used because we never needed to use it.

Primary and Secondary Servers: There is no such thing as Primary and Secondary Active Directory servers in a domain. There are just ADS servers, which hold the distributed ADS database, and member servers, which don't. Master/Slave or Primary/Secondary was NT 4.0.

Fortunately, I'm not a Windows administrator. Anyway I apologize for incorrect use of Microsoft terminology. The bank hired Microsoft itself to perform the installations and Microsoft suggested we used 2 AD servers.

DNS is integral to Active Directory. You don't have a seperate DNS server.
You could easily have made the Exchange server an ADS server in case of failure on the primary - or, considering you imply you were running everything on one linux server, just run Exchange on a machine that's also the domain controller.

Again, not my call. Microsoft suggested that we have should have a server per service, as they put it. That goes for the antivirus too. We ended up with another windows server for that function because Microsoft said they wouldn't accept responsibility for the antivirus stuff if every mail was forwarded from an open source machine.

You have to balance the time savings the company made by using the Outlook Groupware functions against the cost of any additional machines or software. This is why the actual difference to the bottom line of a company that Open Source makes is so negligible.

I already replied to that. The same functions could have been implemented with alternative solutions, including open source and proprietary such as Lotus. Outlook is not the only possible way to achieve that.

1 Exchange Server + 2 ADS Servers + 1 IIS Server + 1 AV Server is five Windows Servers, not six. If you can't do basic Maths, I'm not suprised your boss over-ruled you. If it was true, I agree with you: You should have stuck with Linux, because you clearly know nothing about Windows Servers.

Oops, I'm sorry: 5 servers, not 6, you are correct. Actually my boss did not overrule me, he agreed with me. We were both overruled by HIS boss. You are also partly correct regarding my Windows knowledge: I don't have a lot, that's why I hired Microsoft for the consulting job and we followed their specifications to the letter. After the whole experience I decided I really didn't want to know a lot about Windows servers, that's why I don't work there anymore.

Re:Don't sell "Open Source"

[rjstanford]

Because not all documents are finished products. We do use PDF wherever possible, but when collaborating towards a final draft of anything, a modifiable format is much more useful. Saves having to retype the document every time, and having features such as "Track Changes" helps a bunch too.

When dealing with corporate directors,

[Marxist+Commentary]

All that really matters are the following:

RISK

THE BOTTOM LINE

The latter is of course, tantamount in a for profit organization. Focus your research on these two items, and shy away from the "thousands of eyballs reviewing the code" arguments, as those are unlikely to carry the day.

Toodles!

IBM (or other)?

[shatfield]

It sounds like you may need to talk with IBM (or other large open source based company, maybe RedHat? ) about some of this stuff -- they probably have done a lot of the homework for you.

Good luck, please let us know how this goes!

All I can advise is

[kemapa]

Make sure to highlight both the positive and negative aspects of the switch to open source from a user's perspective. That way if something doesn't work exactly like the higher-ups want it, you have covered yourself by telling them beforehand. You also may be credited with good foresight in the event that certain tasks / implementations are made to work better / faster. Again, make sure to cover both sides of the story or you may be in for some dissapointment or trouble.

Remember, "you never get a free lunch"

[RandBlade]

No businessman ever trusts something that is argued to be "free". The saying "you get what you pay for" rings true with most management teams, and anything "free" is directly indicative of being poor quality. Cheap is a euphemism for bad quality normally. And switching to Open Source is not free, indeed it is often not even cheap. The costs are real, but so too are the advantages.

I don't know about your IT department, but for many more than half the price of a PC is Windows and Office licences. Stopping those is a dramatic cost-saving.

Your company will almost certainly want continuing support for its systems, this will have to be budgetted for. Don't forget training costs, your workers will need to be retrained to learn how to use the new systems and this costs money. There are more costs but you get the point.

Do a genuine cost-benefit analysis, work out all this, especially support and training costs, and it will still be dramatically profitable to switch to Open Source. However a fully polished, professional and complete cost-benefit analysis will provide very useful and significant information to management, in a form they can understand and trust.

Re:Remember, "you never get a free lunch"

[rjstanford]

Do a genuine cost-benefit analysis, work out all this, especially support and training costs, and it will still be dramatically profitable to switch to Open Source.

Why? How do you know this? Personally, in many areas it has nothing to do with open source and everything to do with familiarity. If we have PowerPoint as a standard, I can expect anyone coming into the company as a manager to know how to use it. I expect anywhere I go to deliver a presentation to be able to accept a PPT file, and pretty much anyone who wants a copy of the presentation can read it - and if they can't, they're understanding since its the standard. My training costs are low to zero, my risk is low to zero. Saving a small number of dollars (and no, a 60,000+ person company is not paying retail prices for their software) isn't worth taking on the additional business risk.

In other words, don't go in to a project like this thinking "I just have to prove what I already know." Do the studies fairly. In some cases, open source alternatives may save the company money (and therefore have a strong chance of being accepted). In other cases, they won't. If you do what's best for the company, rather than what's best for your ego, your project will probably succeed.

Re:Remember, "you never get a free lunch"

[Sentosus]

"No businessman ever trusts something that is argued to be "free". The saying "you get what you pay for" rings true with most management teams, and anything "free" is directly indicative of being poor quality. Cheap is a euphemism for bad quality normally. And switching to Open Source is not free, indeed it is often not even cheap. The costs are real, but so too are the advantages."

I think that you hit on a very important point. Open Source is often free as in it is not a cost directly to the company's accounting department. The indirect costs are related to poor IT hiring and implementation.

If you have to wait for IT to learn to use Linux, then you have an issue. This is a point where an entire focus and staff change may be needed. An MCSE is not important anymore.

If you are going to pull with you $90,000+ IT workers that are learning Linux, then you are wasting money.

Educational classes for Linux? The GUI on linux is close enough that a 5 minute update could get people using it for basic functionality. OpenOffice, Email, and Web Browsing are very similar. The buttons are similar.

Where are these costs? It is labor expenses and that is an issue only with management of staffing and should not be an IT issue.

Maintenance

[Ridgelift]

Try digging back to as far as the 70's and 80's when companies hired people to write them code. The idea of relying on closed-source software was really an idea from the late 80's and 90's, sold on the idea that it would be cheaper.

If a large company commits to integrating some Open Source, hire programmers to "tweak it the way they want" and then contribute the resulting code back to the Open Source community.

THEN compare your TCO's, RTI's and EIEIO's to you CICIO's.

Linux TCO

[Dr+Caleb]

First - ignore the Gartner Group. Most Financial Managers love the Gartner group for some reason, but WRT technology, I've never found them to be right. I think someone pointed out, using their TCO formula, your toaster costs you $4000 a year to own.

The Robert Francis Group has a .pdf of a study commissioned by IBM on the TCO of Linux (the link is for web servers, but there are other .pdf's under the 'research' link). You have to fill out some data, but it doesn't have to be representative of you. Download the PDF, it's pretty interesting!

You are fortunate!

[lscotte]

You are fortunate to work in a company that is open to open source. I work for a large software company (10000+ employees in several states), and the official policy is that nobody uses any open source software, because if somebody sues us there isn't a company we can turn around and sue. This is seriously the primary reason - I've had one-on-one discussions with our lawyers on this issue.

Personally, I violate that corporate directive on a daily basis - I run linux, I use mozi^h^h^h^hphoe^h^h^h^hfirebird^h^h^h^hfox, etc. I do have to rdeskop to a windows box for corporate email and to use word+excel, as many people in my same position have to do. But 100% of my development (java) is done on linux.

Re:You are fortunate!

[26199]

Hmm. Do any of your licence agreements allow any liability whatsoever to reside with the suppliers of the software? (AFAIK it's fairly standard to disclaim everything possible.)

And if not -- has anyone pointed this out to your lawyers?

"Open Source" is not the selling point

Assuming you're advising management, or perhaps the CXO level, what you want to focus on is cost. Price. TCO.

Executives don't give a flip about "open source," or "contributing to the community," or "furthering the Free Software movement," etc. Executives do care very much about what they're spending on IT.

Consider the cost of 60,000 Windows workstations vs. 60,000 Linux or FreeBSD workstations. Do some calculations based upon the Windows licensing scheme vs. "free." The differences will undoubtedly be astronomical. Don't push the "free" aspect over the top; factor in the legitimate costs of a) switching existing workstations to an open source OS and b) supporting users migrating from Windows to the OS you choose. Any open source OS will still come out way ahead, even with the cost of switching.

Finally, I would advise that you forget what Gartner has to say, unless your superiors are totally sold on Gartner results.

Verizon does it.

[thedoktor]

Verizon's IT division had been running the entire development team on Linux, Openoffice for years now. There was an article somtimes back, on newsweek about a Verizon Director George Huges's initiatives.

ROI

[Sentosus]

I think it is most important that the ROI be measured in an effective method. Such as, not only look at the obvious costs, but look at the hidden savings from changing to Open Source. Such as, we are running Pentium II computers for a year longer since we are running Linux, which extends the life beyond the cycle of expected depreciation. We can cycle in upgrades to hardware in cycles to prevent a one time expense on the balance sheet.

Then cover things like the amount of power saved with the older machines using less watts. For some companies, this could be $100,000+. EnergyStar has statics on this information.

I would also mention the recent losing of the source code for Windows along with the ability to break free of recurring charges with virus software.

In the grand scheme of security, it would probably be beneficial to note that spyware and corporate theft is less likely in a system that is unfriendly to script based theft schemes.

Mention that you don't have to worry about paying for MCSE for employees. You have no fears of employees stealing licenses.

No more formatting when a new employee inherits a machine.

The ability to disable Cd Drives remotely at will.

I guess that covers the basic things. I would give them all copies of Linux LiveCDs that they can take home and use on their home machines. LindowsLive is a good one to use. Let them see for themselves that it is not going to be a foreign OS, but just a slightly different OS.

Couch it in terms they can understand...

[Jonah+Hex]

Simply couch it in terms that most big biz managers can understand, the days when mainframes, dumb terminals and programmers ruled the earth. The largest data center I've ever worked in was First Chicago - National Bank of Detroit's Haggerty Rd. Tech Center, and based on that experience (and at smaller data centers) I see no problem with Open Source taking over most of the software functions from the OS to applications to custom programming for one-off jobs. The main thing to remember about Linux and OSS is that most of it needs to be used as large Lego's, nice blocks of code that do their job damn well, but need smaller custom machined parts if you need to go outside the boundaries. This is the reason IBM is behind Linux and therefore OSS, you can still make a hell of alot of money actually making the whole thing work. I hope your tech team is like most of the ones I work with; love to read and learn new things, enjoy long hours in the night and weekends spent with keyboard and mouse, and the courage to kludge and break things in a test environment, but the control to leave out the kitchen sink if the plumbing stinks.

Jonah Hex

We run a company on nothing but OSS, ideas...

[transops.net]

I recognize up front that I may not be the most objective soul on the planet, speaking as a web/database developer working exclusively on a free software platform. What follows would be my list of potential gotchas concerning questions we've been asked by clients:

(1) Since you are a member of a company that's subject to rather scrutinous regulatory and privacy concerns, you would definitely need to develop a solid policy for code auditing. Yes, I tend to trust the core developers of most major projects to watch patches and such pretty closely (especially with OpenBSD and Debian), but mistakes can happen. You'd probably need to consider the cost of keeping an in-house audit team (a few good coders) to review new releases under consideration for your production environment. These people don't come free, but I'm pretty sure they'd be less expensive than (a) implementing the applications yourself in-house, or (b) going with a propietary solution (which costs money up front) and then STILL having to audit the code to be sure.

(2) In relation to item (1), I'd be sure to cover the fact that just because a company has a closed source product doesn't necessary make their developers any more trustworthy than highly regarded community development teams. Reference the Sybase backdoor debacle for some concrete proof that nasty things happen in Fortune 500 companies. "Having someone to sue" doesn't necessarily mean jack when your company is getting hounded by the Feds for improper information disclosure.

(3) I'd try to focus on tech segments where open source solutions are already extemely well tested and in general acceptance, such as Apache for web serving. Again, some internal problems may really benefit from a chained solution using existing OSS projects and toolkits, but these are probably a touch sell that would be better left alone until other projects are firmly grounded. Possibly exempt from this rule would be broad projects such as the Perl programming language, although you would probably want to add a policy subsection on module auditing as well (since CPAN is just so darned comprehensive).

That's about all I've got for now; I'm a bit tired from a late day/night of bug fixes. Hope some of this helps.

Sig: Seeking partnerships with web design firms.

Start Small

I work for a massive-global corp and getting an OpenSource policy in place would be impossible. My suggestion would be to start with a small group. For example, the group I'm with has been denied licenses for PowerPoint do to cost reasons. The solution was to distribute OO to our team members so that we can create PP compatible presentations for distribution and viewing.

If you were to identify those kinds of groups that have been denied or lack software packages do to cost reasons, then you might be able to make similar in roads.

Per Package Evaluation for Open Source

[kburkhardt]

I assume you won't be going open source for everything, but will rather evaluate on a need-by-need basis.

As you evaluate each need, some special questions apply:
- Legal: Do we want/need legal recourse if something goes wrong with this piece of software?
- Do we plan to extend and enhance this product ourselves? Are we willing to share our work with the larger OSS community?

And for each OSS candidate:
- Liveliness of maintainers: are they issuing regular updates? Are they meeting the needs of the community?
- Conversely, does our organization have the right skills to help update the software?
- Is the userbase big enough to ensure decent longevity of the product? (Safety in numbers)
- Do we need and can we get tech support that meets our SLAs?

There must be a bunch of other questions to be asked, but you get the idea. Again, I suggest you treat OSS as one tool to help you on a need-by-need basis, rather than the answer to your business' cost savings dreams.

www.cat.com

[dukeluke]

Try Caterpillar for a real life example! -- I know personally that all their back end servers and mission critical servers are indeed open source.

And - NASA's going open source too see /. here

All Your Base Are Belong To Us

Re:Well... there's the obvious

[GoofyBoy]

> may be cheaply modified to fit your specific needs.

I question this since how much do you think its going to be in man-hours to have a programmer fix something in Wine or OpenOffice if my insanely complex budgetting Excel macro fails?

How many people in the world even have the skill to do this within in a few days? Is it possible, yes. Is it cheap? No.

>Open-Source Software is more secure because there are more people reviewing it.

Pretty bad argument for business. "So our security, and my job, relies on what people do in their spare time?"

>It's cheaper to use Free/Open-Source Software.

It might not be if you have to retrain people to use it. Even with free training, the employee's time cost. They already know how to use their existing OS and applications.

Please, please, please, pick me!

[orthogonal]

What information do you think should be included to sell Open Source to management at the top-level of any corporation or business?

Ok, this is going to attract down-mods the way that posters named "I'mASingleGeekGirl" attract up-mods, but I have to say it.

Why should we care about "selling" open source for internal business use? Now, I don't blame Stokey for asking -- I'd do the same. And I guess if you're a *nix admin, the more companies using open source, the more business you have. Point taken.

But if you're not a *nix admin, why do you feel the desire to give free advice to a company that's never going to give you a dime? Why do we treat open source like it's a religion that we need to "witness" and proselytize for?

Sure, in a few cases, if a business starts using open source, they'll contribute code modifications back to the community, or maybe even hire a few coders from the community.

But in most cases, the company is just going to install linux and postgresql and Open Office and the open source community won't get so much as a thank you.

And besides, these businesses are forever telling us how much they know, how brilliant their management is, etc. If these men of brilliance can't figure out that $0.00 per seat is less than $200.00 (or whatever the figure is after corporate discounts), that few viruses and exploits are better than the never-ending waves of windows viruses, that never being audited is far less disruptive than repeated visits from the BSA, if the MBA geniuses tat run these companies can't figure this out on their own, why should we Slashdotters who aren't invited along on the expense account lunches sweat to convince them otherwise?

I mean, if no company ever used open source again, there would still be hobbyists producing open source code. and that's a straw man anyway -- companies that want robust servers already use linux in droves.

It's like we all grew up as geeks in hisghschool (ok, I guess we all did) and now that we have decent jobs and decent wardrobes and no more acne, we're still tripping all over ourselves just because a pretty girl -- the "legitimate" business -- smiles at us. How about saying to her, if you can't figure out why you should want me rather than the bloated slob from Redmond with all the viruses -- well, I'm no longer so desperate and lacking in self-esteem that I'll beat my head against a wall trying to convince you.

Again, I'm not saying we shouldn't try to convince companies to go with open source; we should. I'm just saying I think we shouldn't be -- we needn't be -- so desperate to do so.

Re:Please, please, please, pick me!

[26199]

Well, it's the guy's job, so he has a good reason.

And he wants advice, particularly from people with experience, so he asks the Slashdot community.

And people who feel helpful will answer.

I don't see a problem -- I think you're using this as an opportunity to voice an opinion which isn't entirely related. Fair enough :-)

In reply to your opinion -- well, lots of people want to see open source software succeed, because they envision things being better when it does. I'd tend to agree; open source software everywhere would be great.

And commercial takeup is very important, because people will often use the software they use at work, and because the commercial world has a lot of spending power. Network effects and so on.

So, really, when people do work for open source with no obvious immediate gain -- well, that's the spirit of free software, isn't it?

We're in the same boat

[BritGeek]

Oddly enough, my own company is in much the same situation. Our policies have historically forbidden open source software (generally because of the lack of support). However, a few mavericks have been changing the position on this. Here are the salient points from our thinking:

1. Have your policy/standard give prescriptive guidance about when you feel it is - and is not - appropriate to use open source. I'm not saying there are necessarily cases where you may not want to use open source, but there may be. For example, our shop is a big WebSphere user, and for us that was a strategic choice. We have good operational competence at running it too. So, just because some project came along and said "we'd like to use JBoss", that would be a good example of when not to use open source - for us, anyway.
2. For cases where you do use open source, make sure that the sponsoring project for some particular open source tool has clearly identified how it will be supported in production. This may be the team itself, it may have chosen to outsource, who cares... But, make sure they do identify a source of support. Otherwise, when stuff breaks a 2AM, the ops folks will just call *everyone* in... ...probably including you.
3. Make sure that your General Counsel's Office is thoroughly briefed on the various kinds of open source license agreements, and that they are ok with the license for the particular open source tool when it is "acquired". Some licenses may not be compatible with all commercial usage (LGPL is probably the worst offender from this perspective), and thus careful review is appropriate. In any case, if you don't get your GCO on your side, they'll shoot you down in flames...
4. Make sure that your policy/standards differentiate between where it's appropriate to *use* open source, vs. where it's appropriate for you to *contribute* to it. There are at least two reasons for this: a) if no one gives back, the quality of open source software will suffer; and b) there are often cases where it's better to give up both work (as well as "intellectual property") rather than doing something proprietary. For example, three or four years ago my own company had decided that we needed an MVC-based front-servlet design. It proved very handy, and as projects like struts came along, we just dumped some of the core ideas into that project. Over the long-haul it is much better for us to have our needs supported directly by open source products, than it is for us to have to build a bunch of proprietary goo.
5. You will likely have another fight on your hands with the aforementioned lawyers on the idea of contributing to open source, but it's worth fighting for. (Our own GCO just didn't get this, and I'm not sure whether they fully do yet. They have a distinct feeling that our IP rights are such that we should own the universe.)
6. Expect a fight. There will be a certain number of folks "from the Dark Side" who view open source as a threat to Civilization As We Know It. Take no prisoners with these types...

Good luck!

Lessons from my bank....

[dmorin]

I was very surprised to learn that the bank that bought us had a position on open source for the OS, but not for apps. Probably because there was a way to centralize control of the "approved" OS (via the most senior admin department), but there was no similar group in charge of applications.

The first argument that I heard was "We will have to develop our own distribution" rather than rely on Redhat or SuSe or something like that. This is particularly true of financial institutions who must be very concerned with their ability to audit exactly what is on their machines at all times.

With open source comes the question from developers, "Will we be able to contribute changes back to the community?" The answer is almost always "No" in the big companies because they feel that it makes them responsible/liable for those changes. Worse, this sometimes develops into the black hole of "Get it off the net, integrate it into our stuff, then never say another word about it. Don't even get new versions [we don't want to be dependent on them], just treat it like it's been ours all along."

Lastly, in order to use open source app X, be able to show that a vendor exists who will sell you support for that app. I heard that almost verbatim from a boss once -- Why Tomcat over JBoss? Beacuse he knew where he could buy Tomcat support, but not JBoss. (Whether or not you actually can buy JBoss support is not the question -- the fact is that a manager's world is limited to what he has read in Business Week or who he has talked to at the latest trade show).

Oh, one more thing. Keep religion and philosophy out of it. If your company really does want to go open source, they are most definitely not doing it beacuse they want to contribute back to the community, or because they believe that it is the new way, or anything new agey. They are doing it to save money. Therefore, sell it like that. Don't push your luck.

Plan for implementation

[ImWithBrilliant]

Policy is great, so is open source philsophy. But what sells the idea to management is the presentation of a cohesive plan for implementing the new software: variant & feature selection, configuration controls, distribution to & training of users, support needed. Comparing these to the existing way you do business will show the pros&cons of changing over.

The devil is always in the details...

demo it

If a linux desktop is on the cards, why not do the better part of your presentation from a laptop with impress (open office powerpoint) and near the end of the presentation, you minimise open office and show them a ximian gnome, or nice KDE desktop underneath. Show them it is REAL.

I am a bit of a Gnome fanboy, but in the interests of OSS I'd say use a KDE that's been setup to be "windows-like" so they go "wow just like windows, but free".

On the server side, maybe setup a windows box and a linux one side-by-side and show them running a ContentManagementSystem (php+database) both on apache and say "the only difference here is a windows server license".

Sure IT overlords will want case studies and number crunching - but both Gnome and KDE and pretty impressive now for "wow" factor.

Detail how much of the size of Microsoft is also devoted to un-business like things - directx 9, games, drivers blah blah. And how there are people pushing a desktop "for business" that can have IMs, spyware, viruses etc. "locked out, so work can get done". Spartan systems are to your advantage here. "This isn't entertainment or home oriented, this is business oriented from it's base as a networked server operating system". Linux isn't a bunch of kiddies, it is system admins "trying to get work done".

Not to downplay the benefits an OSS VoIP/IM system could have on internal communication. Content management systems as "team work areas" that can be securely VPNed into to allow work from anywhere.

Play up all these things are corporate, not hacker made... even if they are not....
Play up Mozilla as an awesome productivity tool. "Funded by AOL and standards compliant this beast is all about a workers workflow management - take tabbed browsing for example".
"OpenOffice is driven by Sun as a standards compliant office suite - I am running this presentation on it"
"Redhat competes against MS server markets, and because they are specialised they do a better job"
"Novell is driving ximian to be the best work-force desktop - look at these colaboration options, compatible with MS servers too"
"IBM is putting their weight and experience behind this, and is swapping to linux internally themelves as we speak."

Get that "Unix industrial grade" aura rather than "community this and that".

Re:Slashdot

[jhigh]

I was thinking something similar. Starting your corporate Open Source proposal with "Well, the guys on this site called Slashdot said..." may not go over real well. :P

Forgivenesss v Permission

[SenorFluffyPants]

I am the IT Director at a much smaller (100+ employees), so this advice may not wash in just a vastly different culture. I have found that it is much easier just to do it, and then point to it when it is up and working at a reduced cost. I have found great success in this approach.

"Here are last year's costs...here are this year's costs. Wow, is that a lot less or what?!"

YMMV, of course...

Just make a policy for LAMP

[Idou]

Linux
Apache
Mysql/Postgresql
Perl/PHP/Python

Simply make it okay for your employees to install this technology on their computers, because it is great technology, it won't lock you in, and it is becoming a global standard.

It will be much easier approving a couple good Open Source technologies than creating a general policy for Open Source technologies.

Once management sees how great the above work, they will be much more open to additional addons to your list of approved Open Source programs.

The future is Open.

Open Source Policy at my firm (a major Bank)

[justanyone]

I also work at a financial services company. Our Policy:

If the open source is supported by a company, then we can sue the company, and it's okay to use it.

On the other hand, we use Perl extensively (though not as extensively as I might hope) and though we officially get our modules from an ActiveState CD, we do have modules from CPAN, though ones I've tested well.

I used to work at a company that had an exceptionally good policy.
I'd like to expand on theirs and propose one that is like this:

1. Open Source software is to be considered equally with closed source software when it comes to product features.

2. Support for open source products should be considered alongside support options for closed source products and both purchase and support costs counted into the total cost of purchase / ownership.

3. Small one-off and/or utility products should not be required to be supported by a vendor. This means primarily code and products that are easily understood and thus where support for them in-house is not difficult or problematic.

4. Any time a large open-source product is considered, such as Apache, MySQL, Linux, etc., some investigation should be made of viable support options along with the true cost of in-house support (learning curve short or steep, etc.)

5. Large support vendors (PC desktop support companies) should be encouraged / required to provide support for open source desktop applications such as MySQL admin tools, etc.

6. Internal projects whose functions are not firm-specific should be strongly considered for placement in an open source mode.

7. Attention should be paid in the design of all projects to move proprietary or business-specific information from source code into configuration files. This will enable easier decision making about making a project open source.

8. Projects that are designated by a manager as open source should be hosted in a publically accessible location such as SourceForge.

9. One project lead should be designated (usually the project manager, but it may be the chief technical person). This person should be responsible for filtering all proprietary information out of the code and documents placed in the open source repository.

10. A project homepage and some documentation should be created for the open source repository. This should also include release notes and postings on FreshMeat.org on a semi-regular basis. The dual goals of the publicity should be to encourage others to use the software and thus contribute to the development / support of it. This should include the web-search-ability of the project to make sure anyone searching for it will be able to find it.

DO sell "Open Source"

[daveball]

While (as you rightly pointed out) it is quite clear there are advantages for and against individual opensource an proprietry products, there is also an argument to be made for opensource in general.

This is not to say that every open source product has better (or even equivilent in some cases) functionality, but that the very fact that it is open source has benefits. For a large multinational such as the submitter is enquiring for, one of the big wories must be ownership and continuity of support for whatever product / projects they use in their IT infrastructure.

Pick a proprietry product, and a company going bust or mearly becoming uncooperative could result in a large risk to your ability to maintain your internal infrastructure - be it through bug fixes or introducing new features.

By choosing an opensource strategy, it will always be possible to either maintain such systems internally, or shop around for someone appropriately qualified to make the changes you need. Purchase and maintainance TCO are good arguments, but IMHO the biggest factor to large multinationals will be one of reduced risk, and therefore there can be a benefit by choosing a lower featured opensource product over a traditional proprietry one.

OpenOffice.org's presentation software "Impress"

[Anonymous+Custard]

OpenOffice.org's presentation software "Impress" can open and save PowerPoint files:
From http://www.openoffice.org/product/impress.html
"Of course, you are free to use your old Microsoft PowerPoint presentations, or save your work in PowerPoint format for sending to people who are still locked into Microsoft products. Alternatively, use IMPRESS's built-in ability to create Flash (.swf) versions of your presentations."

First Dispel Myths

[slutdot]

I run a 6000 user network in the healthcare industry. The first thing I had to do here was dispel the stupid myths such as open source software is insecure because so many people can change it. This was difficult because of the power of the Gartner Group and other orgs like them. In fact, the network manager was so Microsoftized, it took going over his head to the CIO in order to get people to start listening. That was quite a risky move but luckily it worked.

The second thing I did was set up parallel apps that mirrored the same thing the company was doing with their closed sourced systems (Windows). This included setting up squirrelmail to connect to the Exchange servers, setting up Linux-based SSH boxes (we had SSL-based FTP) and setting up a Snort box to rival the ISS IDS that was installed. Once they got a taste of how good (and cheap) the software was, management starting coming around. Another thing that helped was the software that I mirrored on Linux boxes were apps that we had been experiencing consistent problems on. The Outlook Web Access and the IDS servers kept crashing so that was easy. The more challenging one was the SSL-based Windows FTP server. I prevailed when I got our customers to start requesting SSH client access (a little comment every now and then doesn't hurt). Most of our customers were running a UNIX-based system so once they found out that we could possibly start using something native to their systems, they started requesting it through our sales reps.
It also helps to get in good with your business partners' IS department.

OSS Policies - here are some useful links

[dwheeler]

I think you'll find these useful:

1. Why OSS/FS? Look at the Numbers! has lots of quantitative data showing that you should consider using OSS/FS. The whole thing is long; Why OSS/FS? Look at the Numbers (presentation) is useful as a short presentation of the info.
2. The MITRE report on OSS use in the DoD shows that OSS is already being widely used there.
3. On May 28, 2003, the DoD issued a formal memo placing OSS/FS on a level playing field with proprietary software, without imposing any additional barriers.
4. If you want to reference guidance on how to evaluate OSS/FS, see How to Evaluate Open Source Software / Free Software (OSS/FS) Programs.
5. Although it's from a government view, you might find this presentation helpful: What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?

Hope those references help.

My employer's already done it

[jimicus]

We did it years ago - on the desktop AND the server.

The trick with the desktop is that you lock it down as far as you can so that each user can do just what they need and no more (you should be doing this with Windows anyhow ;). There's not many calls saying "How do I use X to do Y" because the user can't even see X in the first place.

This takes care of call cent(re|er) staff, and indeed almost anyone whose job involves little more than accessing a system through a terminal or web browser. It also makes the client much easier to handle because all you have is:

• Base Linux Install
• X Windows
• Terminal Emulator
• Mozilla

The complicated bit is anything which requires a fancy Windows program for which no replacement exists. Here you've two main options: rewrite it (either yourself or pay a 3rd party) or use Citrix.

The way you sell this, as has been discussed before, is in terms of cost-risk-benefit. In the above example, the biggest change is to the client PC, which probably doesn't do much business-critical stuff anyway and so you're rather less bothered than you might be at the server side.

This fascination with making KDE look as much like Windows as possible, including aping the colour scheme and button design right down to the nearest pixel, just to say "It looks like Windows so it must be as easy to use!" is, IMHO, a load of rubbish. 95% of Windows "ease of use" is marketing.

Unfortunately it's very good marketing, but that's not the point here...

One Firm that Just Finished an OSS Policy

[cbm_dude]

I'm not sure I can add new ideas, but my firm just recently inked their open source policy. My company is a big 3 global life insurance firm, which implies the firm is not an early adopter.

That said, many development managers and architecture folks have seen value in open source for some time, and have utilized it in projects (below the radar). As the quality of open source increases, and the deliverable become larger (Xerces to OopenOffice), we asked that the company formalize the usage of OSS.

During discussions we argued that OSS should not be treated differently than other purchased and/or developed SW. We did see a few exceptions:

• In OSS, you play the role of vendor in acquisition of the SW (With vendor SW, you trust they shipped the correct and uncorrupted version. And we know they do mess that up, but then you yell at them. There's no one to yell at for dloading the wrong OSS version except ourselves...)
• Paid Support may not be available, which adds some risk.

However, once those have been met (i.e. the risk issue is mitigated), we saw no difference between vendor code and OSS code.

Legal and Security drafted a policy, and it recently became official. In essence, the policy states the few additional risks that must be mitigated, and then states that OSS must go our normal software acquisition procedures.

I know some purists (zealots...) may disagree with the exceptions above, but we decided they were acceptable, were good business practices (remember, business could care less about the OSS philosphy, they are interested in lowering costs and/or raising quality while not raising unmitigated risk...), and were not worth the fight to remove. We decided this policy would allow us to utilize open source where appropriate, and time will pass. As the fight shifts from components (MSXML versus Xerces) to applications (MSOffice versus OpenOffice et al), business will become more comfortable with OSS, and the policies will change to reflect that (I remember in 1994-6 when companies resisted WWW, because they saw no value in it).

In the end, though, resist the urge to make the policy a political statement. I agree OSS needs help to thrive in a corporate environment, but not that much help. If OSS can't lower prices and/or increase quality while not raising unmitigated risk, then it truly is not appropriate for business.

As for the other items you mentioned, I don't think TCO is best done globally. Quite frankly, in some areas, OSS has lower TCO, in others it does not. Risk can be generally reviewed at the global level, but risk really depends on usage (Writing reports with OOO is low risk, calculating agent commissions with OOO might be high risk).

I agree with others that if you are looking for a "why use OSS", Call IBM or RedHat or some other places, there is plenty of material like that out there. Coupled with Gartner and Giga/Forrester, you should be set.

Re:ROFL!

[Daniel+Boisvert]

The poster of this 'Ask Slashdot' probably makes 2-3 times what I make (if not 10x-20x in stock options alone) and yet he's willing to listen to my poorly informed ideas on such an important matter?! Truly hilarious!

Sometimes folks get promoted into positions of power and influence because they realize that the best answers aren't necessarily the ones you pay the most for. Indeed, isn't that one of the major selling points of OSS--that paying more does *not* always get you more?

A request for opinions is exactly that. You didn't really think he was going to use your opinion to supplant his own, did you?

Dan

Be ready to counter 'viral' arguments

[Experiment+626]

Between the FUD that Microsoft and SCO have been throwing about, most non-technical people will have a very confused view about things like the GPL and open source IP issues. You have to be prepared to address these in simple, easy to understand terms and examples.

For instance, a lot of people get scared by the 'viral' GPL FUD, and think using open source products means they have to release all their own IP crown jewels to the public. You might counter this by pointing out that you can write closed source software with open source tools all you want, and only run into trouble if you actually incorporate their code into your product. Because this is something you couldn't do with non-open source software anyway, as you never see the code, the percieved risk isn't a factor for doing things the way you're used to.

Anti-open-source people have been throwing a lot of FUD around lately. The people you are trying to pitch this policy have heard some of it, and probably don't spend lots of time on Slashdot or Groklaw finding out the whole story. Part of your role is going to be to dispel all this FUD about the GPL, IP issues, and such.

More considerations

[danharan]

I recommend you read the first review of "The Sustainability Advantage" (Bob Willard, 2002) by the Globe and Mail.

This is tangentially related, but the seven areas in which he measures benefits to a business of going green can give you ideas about selling OSS to businesses.

There's a good chance we could make a case for OSS in the three main drivers he identified:

• Employee retention: recruiting, training and getting a new employee to the previous one's productivity level can cost a lot of money. Ask HR and bean counters about valuing this. I for one would rather work in an OSS friendly environment (yes, let workers contribute back).
  
• Lower production costs: M$ concentrates on TCO, which is sometimes true, but look at how OSS can be used or modified to let you improve productivity in ways that proprietary apps can't.
  
• Increase market share: if they make that commitment, they should milk it for all the PR they can, presenting themselves as an innovative, responsible, cutting edge company. (Giving back is also cheap PR)

One last, important point: the author pointed out how many of these companies (and he only surveyed high-tech ones) kept finding high-ROI opportunities. Go after the low-hanging fruit, stuff that makes a measurable impact in under a year. You'll get better at finding them.