This system is designed to help developers and managers to determine the licenses and vulnerabilities of Open Source Software (OSS) to be used in a business environment. This company taking in OSS would be an asset in that it could drastically cut down cost for the company. It also allows the company to have more freedom in that they are not held down by a contract with a specific vendor and are able to edit the software easier. However, the intake of OSS does have its drawbacks. The company would need to be aware of licenses and vulnerabilities in the software they are taking in as to not open themselves to security breaches.
The implementation of this system will have various implications on the organizational structure as well as authority and control in the business. Managers will be the ones that will set and determine policy changes and the developer will have no affect on this. Developers will be responsible to send potential software packages to the license scanner for review on any existing licenses. Developers would also send the name of the software to the NIST Vulnerability DB to find any known vulnerabilities. The processes would then send license & vulnerability results to the license & vulnerability database. Developers and managers would also be able to query the license & vulnerability database at a later time. The main open source communities involved in this system would be those involved in the NIST Vulnerability Database as well as those that created the license scanner. These communities would be relied upon by the business to effectively flag software for the developers.