When Usability, Quality, APIs, and Cost of Ownership Matters

CUSTOMER

A multinational home electronics company

The customer is a well-known multinational company with a long history of developing home electronics and peripherals. The customer has a global business with an equally global development organization. The majority of the software stack is open source (e.g. Android), while significant key components remain proprietary.

CHALLENGE

Discarding a deeply integrated monolith, aiming for agility, ease-of-use, and performance

With a deeply integrated existing vendor, the customer business was changing and a need for something more light-weight and flexible was evident. Good information on commercial tools was (and still is) hard to come by, but a survey of some of the commercial and non-proprietary alternatives was made.

The goal was to qualify a candidate that would, ideally, fit the process dictated by the existing vendor, allow for new use cases, and not be burdened by the perceived issues:

• Overly complicated system administration
• Excessive hardware requirements
• Quirky and limited SDK/APIs
• Poor customer support
• High yearly license cost
• Poor usability and long scan times
• High overhead for simple use cases
• Poor data ownership

SOLUTION

Good use case fit, minimal overhead, and extensive trial options

A several months long evaluation took place, where commercial and non-commercial alternatives were scored against the main criteria usability, quality, APIs, and cost:

• Usability: The ease of use of common operations such as undoing a component ID, dismissing false positives, or the effort required for use cases such as scanning a single file or module
• Scan quality: An assessment of the amount of results and their relevance
• APIs: Coverage and support for current and known future integrations
• Cost: Yearly license fee (or equivalent).
• Data ownership: Possibility (legal and practical) to extract data stored in the tool

One commercial alternative was cut mainly due to a mismanaged trial and that the economics did not meet the expectations of the customer.

Another vendor tried to sell on specs and roadmap but was reluctant to offer an unguided trial. The specifications were ok but the eventual trial showed that this too was another monolithic solution with a dictating process and a tool attached to it.

The conclusion from the non-commercial alternatives scoring was that they are fine as a complement to a commercial one but could not satisfy enough of the requirements on knowledgebase growth and evolution, and counterpart accountability and longevity in a real-world business case.

FossID got the best overall score. It had the best fit for the customer’s use case, minimal inter-company overhead, and extensive trial possible.

RESULT

Lightweight deployment and accurate results

With FossID, the customer gained:

• A lightweight, centralized installation, similar to the previous vendor’s solution, but at a fraction of the previously required server hardware.
• Tools installations provisioned for local use of teams or individual contributors as needed, which was not an option with the previous vendor.
• A fully functional CI/CD integration where commits are scanned as they are merged into a production branch allowing detection of potential issues long before software release (not possible with the old solution).
• Significantly reduced man hours spent on resolving pending identifications, dealing with false license conflicts etc.
• Freedom to use the data stored in and provided by the tool.

BENEFITS

Great usability, quality, APIs, and cost of ownership

• Fast and accurate scan results
• Flexible and agile functionality
• Not dictating a certain process
• Good API preparedness
• Great “tech-to-sales” ratio
• Light-weight deployment
• Competitive business model
• Full ownership of data