Tuesday, November 08, 2005

Why Use Open Source Software?

I think most debates around open source vs proprietary software selection misses the main points. Probably because like most debates whose outcome effects large company pocketbooks, the field rapidly becomes obscured with FUD bombs from both sides.

But in the software world, there aren't many paradigm changing shifts on the scale as the one open source is making available, so the terms of the debate should be framed be "We, The Little People" who don't have an large equity interest in the outcome, but do have a strong career interest in it.

Why look at using open source at all?


You'll hear cost used quite a bit as a reason to use open source products rather than proprietary commercially licensed products. And in some cases it is true that an open source product may have a lower TCO than a comercial product. It really depends upon the product license, the maintanance and support requirements and costs, and the organizational familiarity, readiness and use of the product.

In my opinion, the primary advantage of open source over commercial is the level of control and risk reductions provided to the development organization. The primary goal of a software products organization is to get feature/functionality at high quality out the door as quickly as possible. In any development effort, there will be one or more obstacles that a 3rd party product creates - it may be a bug, or it may be a feature that doesn't quite work as expected, but regardless the developers are slowed until a fix or workaround is found.

With proprietary products, the team is at the mercy of both the maintenance and support terms, as well as the responsiveness of the vendor. For smaller companies (like us), the responsiveness of a large vendor can be a challenge. I've seen projects that ended up devoting as much as 30% additional effort to work around a fix that they couldn't get from the vendor in time to make product release dates.

With open source products, the first approach is identical to that of proprietary products - go to the maintenance and support available, and/or go to the user community boards and google for help. But if help isn't forthcoming, the team has the option to actually go in an fix the code to work as required and move on. (Whether or not they donate the fix to the open source community or not is a separate decision, although it is usually to their advantage to have the fix put into the next open source release).

Additionally, the vendor viability risks go away. (Purchasing products from smaller vendors always carries a risk that the vendor may go out of business, or stop supporting the product. This is usually attempted to be covered by some form of source code escrow agreement, although most of these are impractical given that the vendor's source code usually isn't in a form that can be picked up and used by someone else.) Open source products provide source code from day one, eliminating this risk.

So - why use open source? Because it may be cheaper, but it definitely reduces the risk of unforseen and uncorrectable delays in product development.

But using open source opens up lots of risks that you don't have with commercial software, right?


Not necessarily. Let's look at the primary areas typically identified as problems with open source.

Intellectual Property (IP)
All commercial and open source license agreements provide some level of "right to use", as opposed to ownership rights. The restrictions vary by agreement. The requirements around the source code rights vary as well. For instance, Microsoft now offers some source code access licenses, but the user is not allowed to modify the code in any way.

All open source licenses allow the user to modify the source code in any way the user sees fit, but vary on the obligation to share those code modifications. Some require that any code modifications be made available for free, some require that they be made available, but a fee can be charged. Many don't require that any modifications be made available to anyone other than the user. And none require that code built that *uses* the open source without modification be made available to anyone other than the user.

Indemnification, Limitation of Liability, Warranty, etc.
Commercial licenses usually offer some level of indemnification and limitaiton of liability, although if it is not a high priced perpetual license deal (such as an OS or desktop app), the vanilla End User license is typically used (and is usually pretty sparse in these areas). For open source, usually a maintanance and support contract also offers some level of similar protection here. Also, some large vendors offer specific indemnification programs for major open source products. (HP offers an Indemnification Program. So does Novell and Red Hat. And you can even buy "indemnification insurance" from companies like OSRM) As for warranties? Hah - good luck. Over 90% of commercial software licenses use warranty language of "as-is". At least with open source, you can look at the engine of that car instead of just the exterior.

Maintenance & Support
Commercial products provide some level of maintenance and support, which varies quite broadly in terms. Open source products do not inherently come with maintanance or support, except the "ad hoc" variety provided by the community of users and developers. However, for many popular open source products, large 3rd party vendors do offer a maintenance and support contract that is on par with any commercial version.

  • HP, IBM, Novell offering support for both open source products and "stacks" of applications vetted to work together.

  • HP has "certified" mopre than 200 open source apps for HP's servers


  • Novell too is certifying a number of open source apps for HP Blades, and offers technical support for a number of apps. ("Validated Configuration Program).


  • Red Hat testing and certifying its products with EMC, Oracle, Veritas, etc.


  • New startups SpikeSource, SourceLabes, Greenplum are being VC funded to offer certification and testing for a wide range of open source "application stacks".



Is Mike the only one with these crazy ideas?

Try googling - you'll see. (Or maybe start here with this recent panel of CIOs...they know of which they speak)

So should we just always use open source?

No. Open source products should go through the exact same evaluations as proprietary products. In fact, they should be evaluated right along side proprietary products. The same issues for selection still apply:

  • Feature/Function Fit

  • Cost (initial purhcase, training, and ongoing support and scalability options)

  • Use Rights (Can you legally use it in the ways you need?)

  • Support (both from a vendor, as well as an assessment of the size of the user community. Most developers will tell you that they get more answers from a large user community for a product than they do from the vendor - whether that product is proprietary or open source. God Bless the Internet and Google.)

  • "Vendor" viability (will the product be around?)

  • etc.


The question should be "Should we use open source products that compare favorably to their proprietary counterparts in these criteria?"

And the answer to this is yes - we would be foolish to give up the level of control and risk reduction just to hypothetically "play it safe" with a proprietary product.

0 Comments:

Post a Comment

<< Home