First, enterprises need to track open source that goes through the designated processes -- including downloads from an approved repository of open source and the history of approved uses. However, even with appropriate policies and processes, some unapproved open source may slip through the cracks. So enterprises also need to back up these efforts with periodic checks and audits to ensure everyone is following the rules. An audit allows enterprises to compare open source usage with policy and approvals and look for red flags.

In addition, just like with proprietary software, you want to ensure you have support for open source, control the versions of open source that are used and manage the update process. Many enterprises say they have myriad versions of a single open source component, and they are often unsure which versions are running where. The end result can impact uptime, efficiency and risk.

The tracking and auditing process should enable enterprises to see multiple views of open source usage -- by project, license, user, life-cycle state and server. Multiple tracking mechanisms -- request form, system scan, manual entry, build tools, downloads -- are essential to enforcing policy and managing compliance.

Together, all of these elements provide invaluable, actionable information for enterprises to implement open source governance and minimize risk. By implementing processes and tools for tracking and auditing open source tools, enterprises can take advantage of the significant cost savings that open source can offer while reducing the risks.

Grandchamp is CEO of OpenLogic (www.openlogic.com).