Whereas most developers have familiarity with open source, fewer of their managers and even fewer senior execs have much experience with it, especially when it comes to corporate policy or governance. Thus, it's good news that there are organizations and resources that can help companies get their collective heads around the issues and best practices for managing them.

If you're not convinced that open source has gone mainstream, believe it. From readership stats of this subnet to industry analysts to the trade press, the trend is clear. Even The Economist has weighed in, "The argument has been won. It is now generally accepted that the future will involve a blend of both proprietary and open-source software." But improperly managed, using open source can create risks. So, how does a company with no established open source policies and procedures get started?

One great resource is FOSSBazaar "an open community of technology and industry leaders who are collaborating to accelerate adoption of free and open source software in the enterprise." Launched in 2008 by HP, the organization has expanded and hosts web discussions, webinars, videos and events on such open source topics as governance, support options, security, best practices...really anything related to adopting open source into an organization.

This year FOSSBazaar started up a project called SPDXTM (Software Package Data ExchangeTM). Kate Stewart from Freescale and I are leading an effort involving more than 20 companies to "define a specification to enable companies and organizations to share license and component information (metadata) for software package and related content with the aim of facilitating license and other policy compliance." Brian Prentice at Gartner says, "Open source is a necessary component of all organizations' supply chain strategies. It is essentially a way to manage cost and mitigate 3rd party dependencies." Kate conceived of this effort as a way to minimize the work both suppliers and consumers in those supply chains put into communicating software content. I recently wrote a piece on the subject in Dr. Dobbs.

Both FOSSBazaar and SPDX are under the auspices of the Linux Foundation which, although generally focused on Linux, has been taking steps towards more broadly supporting the organizations' use of open source.

Another interesting organization in this space is the CodePlex Foundation, founded late last year with the mission of "enabling the exchange of code and understanding among software companies and open source communities." Their initial focus has been on helping companies contribute back to open source projects, not just a neighborly idea, but also a strategy for easing the maintenance burden. Many in the open source community have looked at the foundation with a skeptical eye as it came out of Microsoft, but I don't believe there's a conspiracy behind it.

It's not just corporations that are adopting open source, many governments worldwide have seen the light, and our country's first CTO, Aneesh Chopra, is pushing the federal government in that direction. GOSCON is a conference the helps you learn "how government organizations, your peers and industry partners are changing their approach to information technology with open source." And the Open Source Software Institute is all about helping federal to municipal level government organizations leverage open source.

Finally, there are some consultancies that provide open source advisory services. The ones I'm aware of are those with whom my company, Black Duck, has a relationship: Accenture, Olliance Group, Bearing Point, and Linagora. Please feel free to post comments about others.