Open Source Processes Infiltrate VeriSign Business ModelOpen Source Processes Infiltrate VeriSign Business Model

The open-source mindset is taking firm hold within business environments, even when companies aren't developing open-source software. A terrific example of this is the application development work VeriSign Inc. is doing using VA Software Corp.'s SourceForge Enterprise Edition to integrate a distributed group of software developers. In addition to helping a business unit within the company, which provides a variety of digital commerce and communication products and services, better organize its development efforts worldwide, the SourceForge Enterprise Edition software suite has become a way for VeriSign to more easily prove compliance with Sarbanes-Oxley and Statement of Auditing Standards (SAS) number 70, Service Organizations, an auditing standard developed by the American Institute of Certified Public Accountants.VeriSign's security services business unit has for the past year and a half been using SourceForge Enterprise Edition to manage distributed developer teams, who work much the same way as open-source programmers. Each focuses on a particular software component that's ultimately assembled into a larger project or, in VeriSign's case, a product.

Without some form of organization and documentation, such projects are unwieldy to manage, says Kathleen Wilson, director of engineering operations for VeriSign's security services business unit. "We had a painfully slow development process," she says, adding, "The techniques of open-source development work in a distributed model within VeriSign. Using SourceForge Enterprise Edition, we can create tasks for people on distributed teams and monitor their progress."

VeriSign's security services business unit began using SourceForge Enterprise Edition during the development last year of a unified authentication application. "The timing of the project was good for using SourceForge," Wilson says. "Since it was a brand new project, it didn't have customer or existing legacy issues." This test run for SourceForge involved 60 VeriSign staffers over a nine-month period.

Most application development projects require separate applications for a concurrent version system code repository, bug-tracking system, and build/request tool, as well as several meetings or teleconferences to keep all developers on the same page. "With SourceForge, we basically integrated all the concurrent version system and build/request features," Wilson says. "We don't have to have meetings anymore."

VeriSign's security services business unit has big plans for the expansion of SourceForge use. The division has 200 users on the system, having added legacy application development projects and development work that's been outsourced offshore. "Seventy-percent of our business unit's projects have been migrated to SourceForge," Wilson says. "The goal is to have them all migrated by the end of the year."

Security has not been a problem because SourceForge features rules-based access controls that limit the information different programmers can access. This is very important when working with outsourced programmers, Wilson says.

VeriSign's developers were very comfortable with SourceForge's concept of a central repository, a layout familiar to programmers working on open-source projects. "Most of our developers are very into the idea of open source and are very familiar with VA Software because of their involvement with open source," Wilson says.

SourceForge has also proved itself to be a valuable tool for providing compliance with Sarbanes-Oxley and SAS 70. "One thing that used to be very painful to me was tracking down documents," Wilson says. Auditors generally want to see design documentation, test plans, and marketing requirements because VeriSign provides security and payment services. "With the file systems we used before SourceForge, it was very hard to find out where the information was. Now all of the information is in one system."

Wilson's team recently finished integrated its bug-tracking tool into the SourceForge system, a move that will give VeriSign customer support representatives and engineers one place to go to request and make software changes. "Customer support has a knowledgebase they use to answer customer questions," Wilson says. If the answer isn't there, they enter a query into the bug-tracking system which can be read and answered by an engineer.

Keep your eyes on this space for other ways in which the open-source development is changing the way businesses operate.