Standardize on a Common Set of Components: Open Source Development Tip #6

November 01, 2011 By Terry Bernstein

2 minute read time

We’ve been publishing a series of tips on managing your use of open source to maximize benefits and minimize the risks. You can find other posts in the series here and a summary of the entire set of tips here. In today’s post, we continue with a tip on standardizing the open source components you use.

6. Standardize on a common set of open source components

 

There are over 30,000 unique components in the Central Repository – many of which perform the same function. It’s not surprising to find independent development groups within the same organization using different components to perform the same task. It’s also quite common to see many versions of the same component being used. The following figure shows the actual version-dispersion for an organization downloading components from the Central Repository. This is not at all out of the ordinary.

So, why should you bother to limit the number of components in use?

  • Lower maintenance costs by reducing the number of components that need to be supported. Many organizations we work with follow each of the open source projects they utilize so that they’ll know when a critical bug or security flaw is found. Most companies also typically need expertise and support for each component family (either in-house or outsourced). Fewer components mean fewer open source projects to follow and support.
  • Limit the number of components that need to be evaluated. Evaluating components can be time consuming even with automated tools. If you are already using something that works in one project, why use something different elsewhere?

By standardizing on a set of open source components you’ll lower your costs and reduce your risks. Standardizing can be challenging, but worthwhile if you use lots of components and work in an organization that has many critical applications. We created Sonatype Insight to help you improve your management of open source components. Insight provides theinformation you need in your existing development tools to help you choose the right components.

 

 

 

 

 

 

 

Tags: Sonatype Says, osstop10, AppSec Spotlight

Written by Terry Bernstein

Terry is the former Director of Product Marketing at Sonatype. He is now the Director of Product Management at Verisign.