SAP warms to open source

Although not traditionally known for its contributions to the open-source community, the German-based SAP is adopting more open-source software, as well as contributing more of its own code back into the community, company officials said in an interview.

"In the past we didn't have an open-source strategy," said Claus von Riegen, SAP's program director of technology standards and open source. "That has changed over the last two years or so."

In 2005, Shai Agassi, then the SAP executive in charge of the company's product group, expressed ambivalence over using open-source software. In the years since, however, the company has warmed to the idea. Certainly, SAP's chief rival Oracle, for instance, is an active, if controversial, supporter and sponsor of many open-source software projects.

In 2007, SAP began contributing significantly to the Eclipse project, and in October 2009, the company joined the Apache Software Foundation. In 2009, SAP contributed 1.8 million lines to the Eclipse project, making it the third-largest corporate contributor.

While SAP should not be considered an "open-source company" in the same way as say, Red Hat, the company nonetheless "represents a good case study on how proprietary companies have learned that it is in their best interests to contribute to open source software projects," wrote 451 Group enterprise software analyst Matthew Aslett in a review note.

For SAP, using open source has become "a matter of development productivity," von Riegen said. "We have a lot of areas where we develop our own software, but there are a lot of commodity areas where we don't need to differentiate ourselves -- that's where we want to more efficiently use existing software, like open source," he said.

In these cases, it makes sense to use the open-source application, saving the time and cost to develop the identical functionality in-house. Now the company uses more than 100 open-source applications developed outside of SAP.

In order to use all of this externally generated code, SAP has standardized the way it manages its use of open-source software. Using a program called Code Center, offered by Black Duck Software as part of its Black Duck Suite, von Riegen's office runs a companywide registry of which open-source applications have already been approved by SAP for use within its products. It also specifies which versions of these applications have been approved, which streamlines the maintenance process for the company.

This centralized approach helps the company deal with licensing issues, said Janaka Bohr, SAP's head of global licensing for open source. Before any software is approved, the company's lawyers must check the license to ensure it does not conflict with the company's plans for the product. The centralized approach cuts down on the number of times a lawyer has to check a license and reduces the amount of due diligence work a development team must do.

"In the past our developers had to spend a few hours researching an open-source product to find the licenses, to find the technical information," Bohr said.

The Black Duck software also includes a library for scanning code to unveil what open-source code is embedded within other applications. SAP doesn't want to inherit, say, a GPL violation, which could force the company to open source the entire program that uses a snippet of GPL code.

The ability to review code has also been crucial in helping SAP in its process of acquiring other companies. Even if SAP didn't use open-source software, it would still have to grapple with all the open-source software used by the companies it acquires. Overall, in 15 acquisitions since 2007 (not including Sybase), the company has had to examine 2,000 different software programs.

On Friday, SAP announced that it has finalized its US$5.8 billion purchase of Sybase. Although Sybase will continue to operate as a separate company, SAP has still inherited a lot of code in the purchase.

While von Riegen would not comment on the Sybase acquisition specifically, he did say, in general, SAP invests a lot of effort in understanding what code it is acquiring as part of any potential sale.

Although SAP engineers typically are not allowed to review the code of a company that it intends to purchase, the Black Duck software can be used by a third party to scan the software and return a list of what open-source code has been found.

This activity has been tremendously helpful, von Riegen said. It allows SAP to get a handle on the code base of the company it intends to acquire. In one case, a company that it had acquired had claimed to be using no open-source code, when, in fact, it had embedded more than 80 open-source applications within its own programs.

"Some of the acquisition targets claim that they don't use open source, but when you scan you find quite a lot of open-source code," he said. In at least one case, a planned acquisition fell through because the review of the code base revealed far more open source was being used than the takeover prospect had claimed.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com