Line56.com: The OSS Fear Factor

The OSS Fear Factor
by JT Smith
Tuesday, December 23, 2003

Ask a group of corporate IT leaders whether they'd rather stick their arms into a box of tarantulas or allow open source software (OSS) on their networks, and odds are most would start rolling up their sleeves.

In this security-conscious era, getting IT or business leaders to consider using OSS can be a tough sell. One of the main reasons is a perceived lack of control - or a throat to choke to put it another way. If you purchase packaged software, you know who's responsible. If you're using Microsoft Outlook and some knucklehead exploits a hole to distribute a virus to your user base, all eyes turn to Redmond for a patch. But if you're using Evolution and a similar problem occurs, to whom do you turn for a remedy? (See Myth #4 for the answer.)

One of the appeals of OSS within the open source community is that it is developed for the greater good rather than simply to make a buck. Yet this egalitarian appeal is also one of its greatest barriers to its general acceptance. In the absence of hard information, a number of myths have sprung up which make the prospect of using open source software for enterprise applications scarier than that box of tarantulas. Let's examine some of these myths (and the truths about them) in order to bring a greater understanding of OSS, and see how your organization can benefit from it.

Myth #1 - OSS is all or nothing

There seems to be a general belief that using OSS is an all or nothing proposition. In other words, you have to choose between using all open source or all commercial software.

The truth is you can have any mix of open source and commercial software you want in your business. You can even use OSS in a Windows environment.

The important thing to remember is that OSS is a different philosophy of software creation and distribution, not a completely different technology. Most large corporations already use some form of OSS, whether they realize it or not (see Myth #5). They've found that OSS plays very well with others.

Myth #2 - Centralization of software development is always better

This goes back to the "one throat to choke" concept. If your primary goal is to lay blame when something goes wrong, then the statement is true. But if you're looking for the best performance from the software, it may not be.

Consider Darwin's oft-quoted principle of biological diversity, which says that having more choices in the gene pool gives a species a better chance of surviving a disaster and improving itself more quickly. The same holds true in software. A large developer pool around an open source software project means more ideas, with the best rising to the top and the rest falling by the wayside. If a disaster strikes, you have a large community working to solve it. That's the main reason that open source software upgrades are introduced on a weekly or monthly basis, while commercial software upgrades often take more than a year to produce.

Some of this attitude also dates back to the early days of software development, where the knowledge was held (and hoarded) by a relatively small part of the population. For at least the last 10 years, children have been learning to program in middle school, or even grade school. As those students move into the work force, they aren't content to wait for improvements from on high. They're diving in and creating what they need on their own. OSS gives them the means to do it.

Today, with the pace of change coming fast and furious, a closed, 18-month development cycle no longer meets the needs of business. OSS provides a solution.

Myth #3 - You get what you pay for

In America in particular, there seems to be a prevailing attitude that free equals bad; its corollary, of course, is that the more expensive something is, the better it is.

Consider the realities of software development, though. A commercial software company has a certain amount of budget allotted to develop a product. This number is based on the number of people assigned to the project and the amount of revenue they expect it to bring in. Just as important is who the company assigns to the project. If it's the signature product, you'll probably get the best talent on it. If it's an ancillary product, you'll probably get lesser souls. Those are the realities of business. And if the product doesn't make money (or the company feels compelled to bring out a new version to drive up revenues), support will dry up awfully quickly.

OSS projects pull from millions of the best minds around the world. One of the reasons is the caliber of people who are attracted to the open source community. They tend to be creative, independent thinkers rather than middle-of-the-road programmers -- the type of people who love a challenge and like to dig in deep on a problem.

No single software company has that kind of talent pool to pull from. None. Couple that with the diversity of ideas mentioned earlier and you have the greatest value possible. Oh, and as far as support goes, many OSS products continue to be supported by the community long after the originator moves on to other things. Try finding that in the commercial world.

Myth #4 - OSS is not secure

Since everyone can see the code, the reasoning goes, exploits are easier to find. There's only one problem with this line of thinking: exploits are actually very difficult to find, regardless of whether you have access to the source code or not. If they were ever easy, the original developers would find them during the debugging process and fix them before the software ever went gold.

Fixing exploits is the easy part. So once they're found, having a large community working on the fix is actually to your advantage. The adage, "Given enough eyes, all bugs are shallow" definitely applies here.

Myth #5 - OSS is only for zealots and small companies

Hmmm. Consider that most of the Internet is built on OSS, and huge companies around the world are adopting OSS at an astonishing rate. Of course in some cases they don't realize it's OSS until long after the software becomes part of the way the company does business. But the point is it's proving its performance on the enterprise level every day.

Here are some facts about OSS:

24 percent of all Web sites are written in PHP

65 percent of all Web sites run on Apache

76 percent of all mail servers are Sendmail

90 percent of all domains are controlled by BIND

99 percent of all Web browsers are based on the original NCSA Mosaic browser

The fact is, OSS is pervasive in business, government, and education. And it will continue to grow in popularity both as a means of controlling IT costs and because it simply makes sense.

If you're still not convinced, here's one more reason to consider OSS in the enterprise: you don't need to send a requisition through six levels of approval to obtain it, because there's nothing to approve. No purchase order is required because there's no cost to obtain the software. You can download and use it immediately to see if it suits your purposes. There's no "time bomb" trial period to worry about, either, so if your priorities change you don't have to worry that the clock is ticking. The bottom line is there's nothing to fear from OSS but fear itself. OSS provides the tools you need to boost productivity in a secure environment, which makes it definitely worth a look before you commit dollars that could be better spent elsewhere. And that beats a box of tarantulas any day of the week.

JT Smith is the director of technology for Web Den Interactive, a maker of open source enterprise application tools. He can be contacted at jtsmith@brunswickwdi.com.

Find this article at: http://www.line56.com/articles/default.asp?articleid=5237

Anyone is free to make one copy of this article for personal use. This can include one photocopy, one printed copy, one email copy, or posting an HTML link (without text or photos). This includes use by a student for an academic purpose. If you would like to distribute multiple copies of this article for commercial use, please click below to visit our reprint vendor, ValeoIP.