Risk Based Enterprise Adoption of Open Source Software 
A common challenge faced by my IT organization, and most others for that matter, is the pragmatic adoption of open source software. Specifically, researching reusable APIs, frameworks, and utilities can present a daunting set of options.
Here are some things I try to look at when considering an OSS project for adoption in an enterprise:
- What is the actual license? (a potential immediate deal breaker, so check this first)
- What is the age of the project?
- How many developers are working on the project?
- How active is the project in terms of new development?
- How active is the project in terms of bug fixes?
- How many other organizations are using this OSS?
- How many other commercial/open source projects are using this OSS?
- How frequent are releases?
- What mechanisms are in place to get support? (E.g. mailing lists, discussion forums, vendors, etc.)
- How well is it documented? (E.g. books, project site, web articles, etc.)
- Are code quality metrics provided? (E.g JDepend, Simian, Cobertura, etc.)
- What tools and skills are required to maintain this OSS?
The answers to these questions can be used to form an overall risk profile. This can then be considered within the context of an individual organization's risk tolerance.
Today I stumbled across an interesting site that has implemented something sorely needed. Check out
http://www.ohloh.net if you are interested in a community driven OSS project rating mechanism. Basically think of it as Digg for OSS projects.
