Friday, 30th October 2020

Open Source: Between myth and reality

Where does open source software stand today? That is a question that many are asking, with opinions divided between preconceived ideas about the technology and proven deployments. By Yangqing Jia, President and Senior Fellow of Data Platform, Alibaba Cloud Intelligence.

What’s true is that open source’s appeal is still strong, as illustrated by the sums invested by IBM, Microsoft and Salesforce, which have bought Red Hat ($34 billion), GitHub ($7.5 billion) and MuleSoft ($5.9 billion), respectively. Further evidence of open source’s attraction is reflected in the recent IPOs by companies such as Elastic or MongoDB. What draws certain large corporate customers to it - like Carrefour and Orange - is the promise of innovation and flexibility. BMW meanwhile, is relying heavily on open source to improve embedded services. Yet, on the other hand, many companies still remain cautious about it, airing concerns about its security, its complexity, and its need to be supported by experienced IT talent. The question is… who's right? To answer that question, we have to separate myth from reality, in order to accurately assess where open source really stands today.

Before we start, it's a good idea to remind ourselves of what open source is generally understood to be. Open source software is distributed under a license that allows users to access, modify and share the source code free of charge, in order to enrich or improve it. And, with that as our starting point, let’s now turn preconceptions into facts.

Myth #1: Open source is free!

While it is true to say that part of its appeal is that open source is free, that statement comes with an important caveat; even its ‘free’ nature conceals costs that need to be factored in. While it is more developer-friendly than proprietary software, such a solution requires – chargeable - skills for installation, support and maintenance. When entrusted to specialised and experienced companies, these services can require financial investment to procure.

Myth #2: Open source support does not exist!

Contrary to the lack of support ‘myth’, several suppliers and partners specialise in providing open source support and guidance. Among the best-known providers of this service is IBM, which aims to be the world leader in this sector. But other companies also provide similar services. Additionally, the Open Business Alliance represents the free software ecosystem, and it has more than 30 partners, experts, VSEs and SMEs in the free software sector across multiple territories. The Open Business Alliance aims to offer large administrations and large private accounts with complete ‘know-how’ in the field of open source, providing expertise and support for more than 400 free software offerings.

In addition, there are several organisations which provide effective support. In this scenario, the client company may have internal resources capable of mastering the free version of simple open source software. However, if the products are more complex and require additional – probably external – expertise, a company must ensure that it has chosen a distributor or service provider that is capable of ensuring integration, support and related services. This solution may be temporary, until the client has been able to increase their own resources in terms of skills and knowledge. Finally, the customer can subscribe to support offered by the originator of the free software, or a third-party company. Whichever scenario they may find themselves in, there is no doubt that customers can find an answer to their open source needs, effectively ending the ‘myth’ that no such support exists.

Myth #3: Open source is not secure!

Let’s get one really important thing clarified. Open source solutions provide the same security guarantees as traditional solutions. And, given the backdrop of today’s constant and ever-more complex cyber threats, open source’s security deserves a special mention. To ensure its robustness, access to source programs is almost an obligation and it is therefore absolutely essential to be able to audit what a program really does, and this can only be done by analysing its sources. Even some non-open source vendors agree to deliver sources to their customers after signing a non-disclosure agreement. But there is another argument that makes open source so attractive from a security perspective; peer review. This peer validation from other experts ensures that if there is a flaw, it is quickly identified, known and addressed. The integrity of this method ensures that open source security is as resilient and as robust as it can be.

That said, it is important to realise that hackers are increasingly sophisticated and may be capable of understanding and circumventing the protections that have been integrated in to the code. With that in mind, it is essential to understand that, even in the world of open source, data protection breaches can be very expensive to correct and repair. The good news - according to the American website, Dzone - is that in the case of an open source security flaw being identified, 69% of them are repaired within one day of public release, and 90% are repaired within 14 days.

However, there is a potential issue brewing; only 25% of open source maintainers inform users of vulnerabilities and only 10% file a CVE (Common Vulnerabilities and Exposures) report, which is a serious problem. The lack of communication continues to contribute to long-standing security threats that could be addressed by a few simple measures.

A tenfold potential for innovation.

Did you know that the Cloud, IoT, big data and the DevOps environment are all based on open source? Furthermore, technology giants like Google, Amazon and Microsoft are multiplying open source projects to accelerate innovation. It isn’t just the established technology companies that have an eye on open source. As mentioned earlier, global brands are embracing it. In BMW’s case, it is launching open source projects to implement new standards, such as the Open Manufacturing Platform (OMP). The idea is to create an open technological framework and an intersectoral community to accelerate the development in the automotive and manufacturing sectors. Furthermore, Facebook announced its Libra crypto monnaise, based on an open source development platform with its own programming language, called Move. The potential for innovation is therefore immense and unlimited, thanks in particular to this notion of sharing programs. But this move goes even broader than brand initiatives. For example, Denmark is in the process of encouraging businesses’ open source projects through its ‘Remodel’ program. The aim is to help Danish companies develop open source activities, where anyone can study, modify, reuse and even distribute their product. This is similar in concept to what car manufacturer Tesla and furniture manufacturer Opendesk are doing in having products designed and manufactured by its community and networks.

Flexible enough for all industries

Open source is no longer limited to software and it increasingly covers a growing number of subjects relating to intellectual property (agricultural tools, financial analysis, models for 3D printers, music and so on) It should be noted, for example, that a company like Goldman Sachs plans to publish part of the code that its traders and engineers use to evaluate, analyse and manage risks on the GitHub open source platform. The GAFAMs have all used open source tools and are massive contributors to open source foundations; even Microsoft co-finances the Linux foundation. It is also reassuring to observe that almost all of the tools and projects relating to the digital revolution are open source: Bitcoin, Ethereum, the basic tools of artificial intelligence (often under the languages Python or Rust) and Big Data processing tools, such as noSQL. Furthermore, most successful startups are based on collaborative work tools and principles. In short, open source and its community make it possible to adapt programs to the needs of small and large companies alike, irrespective of the industry that they’re in.

Development that keeps on moving

One of open source’s benefits is that it offers much more agility and accelerates development. Companies are launching projects around open source to improve their product and their value chain. For example, the Open Source Vehicle (OSV) is an emblematic project using open source hardware in the transport sector. OSV's radical approach is to develop the first technologically scalable platform to launch automotive 2.0 production. Small companies and end customers will be able to part - to ensure it meets their needs.

In another example, WikiHouse Foundation’s open source use has implications for self-construction. By embracing the spirit of free software and collaborative communities, it aims to radically transform the construction value chain, by making available essential resources (plans, tutorials, etc.) to enable builders - including amateurs - to launch their own projects. It is based first of all on a digital design, with an open source system allowing everyone to adapt the plans to meet their needs and budget. This is then supported by distributed manufacturing. The necessary components can be produced by small, independent manufacturers, who can choose to use the materials available to them locally, which are then assembled quickly and easily.

While open source dates back more than 30 years, it is now an essential component in all areas of IT, thanks to its considerable advantages, especially those relating to security. Its popularity is rooted in how it facilitates both collaboration and the pooling of skills and effort on multiple projects. With the advent of the Cloud - and its derivatives, such as Cloud Gaming, Smart Workspace and the undeniable role of Artificial Intelligence in our daily lives - nothing would be possible without open source… and that’s why it’s important that the myths about it are challenged.

Containerised applications are fast becoming an established fact in the IT infrastructure of global...
Programs used to be made by creating large monolithic scripts, however, a lot has changed in the las...
By Radhesh Balakrishnan, general manager, OpenStack, Red Hat.
We asked Adam & Chris, the founders of Deeplearning4j? —?first commercial-grade, open-sou...
App development isn’t as long and complex a process as many would imagine, and it can provide huge l...
The four questions (and answers) that lead to success. By Jeff Keyes, VP of Product at Plutora.
APIs play a central role in both enabling digital business and powering modern, microservices-based...
Getting a DevOps strategy correct requires having a progressive shared mindset that can learn from p...