As the acceptance and adoption of open source technology has become pervasive—some might say has reached fever pitch—for vendors and enterprises alike, the phenomenon has opened itself up to a new round of critique. Much of the coverage and commentary points to the usual tradeoff of avoiding vendor lock-in versus gaining viable commercial features and support. But there is a new generation of nuance to the venerable debate, with the use of open source now a given, rather than a question, for most environments.
Security and the question of open development
The current round of criticism was sparked by the discovery in April of a security vulnerability in the widely used OpenSSL toolkit for Internet networking. The question was asked, “Does Heartbleed Disprove ‘Open Source is Safer’?” As other observers have noted, having a broad community poring over code makes it less likely that a bug or vulnerability would go undetected, but that code’s wide dissemination means that the aggregate damage from something that does slip through can be much broader. (And, of course, the code is more readily available for bad actors to work at finding a vulnerability.) Thus, for many individual uses there still truly is safety in the numbers of open source.
Indeed, security itself is increasingly open sourced. Australia’s NICTA, working with some commercial partners, is today releasing to open source a secure microkernel that was developed as part of an effort to reduce the vulnerability of drones to hackers under DARPA’s High-Assurance Cyber Military Systems program. NICTA is recommending its adoption for the likes of “pacemakers and technology-rich cars”.
The challenge for vendors
The New York Times logged in this week with a piece on Open Source and the Challenge of Making Money, titled in the print edition, “Free Software’s Big Challenge”, citing examples of vendors who have found they had to compromise on open source principles in order to build a business with the value-added, turnkey products that enterprises desire. This tradeoff and tendency is of course not news to anyone in the tech business.
What started as the challenge of Unix and open networking protocols in the early ‘80s and was accelerated and refined with the commercial success of Linux in the ‘90s. Mainstream vendors moved from offering weak, “no, thank you”, helpings of Unix on the side to, to varying degrees, embracing the open source movement and products. That acceptance is still rippling through the very top levels of proprietary providers, with SAP this week announcing support for Cloud Foundry and OpenStack for cloud. One observer this week noted how Microsoft might finally be committing to open source.
While the most proprietary of vendors are bending to accommodate open source, the most open source of vendors inevitably put up fences somewhere, if only, but critically, out to the level of product support. Red Hat attracted controversy for the limits to its OpenStack support and cooperation, with Martin Fink, HP’s head of cloud quoted as saying, “Red Hat has taken the art form of closed open-source to a new level”.
Open source has become so prevalent that the competition for open source standards is fierce, with open source supra-standards looking to trump mere individual alternatives. One example, as TechRepublic asked this week, is OpenDaylight: One open source SDN controller to rule them all? Another, encompassing multiple currency alternatives, is FrozenBit: Trustless Open Source Multisig, Multicoin and Multiplatform Wallet.
Bob Metcalfe, long-time industry luminary and inventor of Ethernet, is known for having tweaked the open source movement for the limits of its product. But as he observed back in 2007, open source and proprietary options appeared headed for convergence, a trend that has since progressed further. In that shady grey area is the trend toward “open source washing”, leading one industry participant to ask, “Is ‘Open’ the ‘Organic’ of the IT industry?”
Indeed, open source is so common that it is an increasingly large target. Even the IRS is drawn to its market potential, reportedly challenging Yorba’s nonprofit filing based on the potential for commercial entities to use its product for profit.
Open Source, national competitiveness and developer training
Open source enables cheaper-to-free software development, and so it is not surprising that it has special appeal to offshore competitors. IIT Bombay has a Free and Open Source Software for Education (FOSSEE) initiative that is seen by its Professor Kannan Moudgalya as offering India:
“[A]n opportunity to save on precious foreign exchange. It is estimated that proprietary software purchases cost our nation of the order of a billion dollars per year, most of which goes to buy basic software like MS Windows and MS Office. This can easily be saved by switching over to Linux and a FOSS office suite, such as LibreOffice. In general, FOSS based software development keeps the cost low for the developer and the end user and this is most appropriate for our IT entrepreneurs, whose main investment is the idea and the time spent…India has a cost advantage in terms of labour arbitrage. Proprietary software disturbs this cost advantage by imposing huge overheads.”
A workforce widely trained in open source products makes open source more viable and cost effective for vendors and enterprises alike, and domestic initiatives are also looking to expand the advantage of trained-labor scale. The Linux Foundation on Friday will launch its “Introduction to Linux” MOOC with edX.
Implications for the enterprise
It is of course easier for a young, Internet-based business such as LinkedIn to fully embrace open source principles and maximize open source implementations—keeping, of course, the “secret sauce” elements of their system, well, secret. But a look at their approach does provide an instructive example of enterprise-wide open source thinking. (Open source principles can be stretched beyond IT, as this classic TED talk and its application to national and international intelligence illustrate.)
There is no getting around the tradeoff between maintaining open source freedom and gaining the benefits of proprietarily tweaked products and services, but as more products at least use open source components the stakes of a proprietary twist tend not to be so high.
Still, individual enterprises, like individual vendors, will have to consider variables such as their market positioning, in-house talent, access to talent, current business and environment to determine just where on the open source spectrum they will position themselves at any point in time. Portability of data is more critical than end-user application features, and certain portions of a company’s systems will themselves be more strategic and proprietary, and thus more internally and likely open-source built, than others. The ideal is to build and deploy proprietarily advantageous applications from open underlying components. But overinvesting in development and maintaining more open purity than required can both become hindrances in particular enterprise situations.
The economies and advantages of open source are compelling, and the IT industry as a whole will continue to incorporate its advantages within proprietarily competitive environments. The tide of open source content will continue to rise—as will well-captained enterprise boats sailing on its surface.