Bernard Golden is a renowned expert on open source software and author of the excellent "Open Source in the Enterprise" recently published by O'Reilly. We caught up with him at the HP Finanical Services industry Open Source Advisory Council to ask him how Open Source is changing the way Enterprises use software.

 

Q1: Can you tell us a little bit about yourself and why you wrote the report "Open Source in the Enterprise"?

I have been consulting in open source and enterprises for about six or seven years. I know folks at O'Reilly, and when they decided they wanted to examine the enterprise open source phenomenon, they asked me if I'd participate. I was delighted, especially because O'Reilly has some very innovative data mining techniques that would allow us to examine real data about enterprise adoption beyond the usual anecdotes.

Q2: Why are enterprises adopting more and more open source software?

In the report, we identified six drivers for enterprise open source adoption:

1. agility and scale
2. quality and security
3. breaking vendor lock-in
4. cost
5. sovereignty
6. innovation

Depending upon the enterprise, one or more of these drivers might motivate their use of open source. Often, the initial interest is from a cost perspective, but as the organizations gets more acquainted with open source, the other drivers come to be seen as important.

Q3: How do you measure the use of open source adoption in enterprises?

Rather than conduct surveys, which are usually suspect in their methodology or sample set, we looked at open source recruitment postings in Fortune 1000 companies, reasoning that for a company to get to the point that they want to hire a skill, it's likely that they are using the product. We found that about .2% of all F1000 job postings were for open source-skilled positions (our definition was that two open source products needed to be called out in the posting for it to meet the threshold of being open source-oriented). Given that total IT employment in F1000 companies is about 2.4%, this means that around 10% of all IT jobs are open source-oriented.

Q4: How important do you think being able to inspect an application's source code really is? Is it a red herring or do you have an example of where this has been critical in an enterprise's use of open source software?

Certainly a number of US Government security agencies have used the transparency of open source code as a reason to use the products; they are able to examine the code and satisfy themselves that it is not compromised with respect to security. Beyond those situations, IT organizations find the ability to study the code relevant when integrating with an open source product, so as to understand its behavior better and thereby create a better end product.

Q5: What value do the communities around open source projects have to enterprises?

Community is absolutely critical; absent community, open source is little better than source code availability through escrow. The Open Source Maturity Model, which I created to enable formal assessment of the maturity of open source products, measures the maturity of a number of product elements like support, documentation, and professional services, all of which increase in maturity as the product community grows and matures.

Q6: Will open source ever shake its 'beard and sandles' reputation? Or do you think its slightly alternative image is a strength rather than a weakness?

Its outer image served to attract adherents early in the open source movement. Most technologies, to achieve mainstream adoption, have to be seen as mainly being used by mainstream organizations. I feel that as more 'typical' IT organizations adopt open source as a key part of their strategy, open source will come to be seen as a mainstream choice. I'm sure, however, that there will always be tie-dyed t-shirts in the back room of the open source ballroom!

Q7: In the report you identify six core drivers for open source adoption by enterprises. Which is the most important and why?

As I mentioned earlier, the importance of the drivers varies according to the goals of an IT organization. Cost is an easy driver to initially identify, so many people consider that the primary motivator for open source use; however, as companies become more familiar with open source and integrate it more deeply into their strategies, they find other open source drivers extremely relevant to their situations.

Q8: Why should ISVs consider using open source software as their development platform?

For ISVs, there are three primary reasons:

1. Cost – with constant pressure on margins, using open source in place of licensed third party software components or self-developed components can reduce COGS significantly;
2. Time to market – leveraging existing open source rather than developing all necessary product components internally can shorten the time it takes to deliver a product to customers; and
3. Competitive secrecy – licensing a third-party component can signal market intentions to another company and thereby offer them an opportunity to respond competitively; using open source that is available anonymously allows a company to develop a product without offering information to other interested parties about what it is doing.

Q9: Why does open source licensing improve code quality?

Because so many more people – with many different skills and perspectives – examine an open source product in comparison to a closed source product, more attention can be paid to any particular piece of code, thereby raising the likelihood that bugs will be fixed. In addition, the availability of source code means that anyone that is concerned with a bug can directly work on it, avoiding the need to wait for a vendor to address it.

Q10: How does open source licensing improve security?

Just as quality benefits from, as the saying goes, many eyes looking at the code, the same is true for security. More people, with different skills and perspectives, can examine the code and address security issues. This is far more direct attention than is typically possible within a closed source software company.

Q11: Why does open source licensing enhance the quality of support?

In proprietary software companies, support is usually seen as a necessary evil, and a cost drain, detracting from company profitability. Consequently, support is usually understaffed and peopled by the lowest-possible skill set. Commercial open source companies derive the majority of their revenues from support, so they focus on delivering high-quality support services. This can be evaluated in light of the fact that Red Hat has consistently been awarded very high marks for support quality.

This does not even address the quality of community support, a very active aspect of open source, where peer members using the product can offer real-world and real-time feedback on problems encountered while using a product.

The combination of community support and high-quality commercial open source support provides very effective support, much better than the proprietary alternative.

Q12: In cost terms, what is the critical advantage of open source software over proprietary software?

The absence of license fees means that open source is usually less expensive, since at most only support (subscription) fees are required. Moreover, open source avoids the oft-encountered “mandatory upgrade fee. Finally, because open source is more of a pay-as-you-go cost model (in contrast to the front-loaded fee structure of proprietary software), open source matches value to cost much better.

Q13: How does open source licensing encourage innovation?

Obviously, the ability to modify a product to better suit the use cases of a company enables innovation for it – it can create a product better tuned to the needs of its customers. Beyond that, though, companies can make open source libraries available to let their customers experiment and innovate, thereby leveraging the better insights and inventiveness to improve the original product.

Q14: How do you suggest enterprises go about adopting open source technologies?

In the report, we identify three sets of recommendations: early adopters, mainstream users, and innovation seekers. As you might expect, it's a developmental approach in that early adopters, once they get more experienced with open source, apply it throughout their infrastructure so that it is a mainstream use pattern. Likewise, once a company that applies open source widely throughout its infrastructure examines what other ways they can apply open source, they begin to evaluate how it can help achieve innovation. There isn't enough space to describe the elements of each of the recommendations, but an extract of the report is available to download. Of course, the complete report goes into significant detail about how to implement each of the sets of recommendations.

Q15: What common mistakes do enterprises make when taking on open source software?

The primary mistake most enterprises make regarding open source is failing to understand how much it is already being used throughout the organization – it's just invisible, since it's not wired into the processes of the IT organization. It's critical to put standardized governance into place to ensure open source use moves to transparent from invisible.

About Bernard Golden

Bernard Golden is a recognised authority on Open Source software. Called a "renowned open source expert" (IT Business Edge) and "an open source guru" (SearchCRM.com), he is regularly in magazines like Computerworld, Information Week, and Inc. His blog "The Open Source" is one of the most popular features of CIO magazine's website. He is a frequent speaker at industry conferences like LinuxWorld, the Open Source Business Conference, and the Red Hat Summit. Bernard Golden is the author of Succeeding with Open Source (Addison-Wesley, 2005), used as a course text in universities throughout the world. He is CEO of Navica. a Silicon Valley-based management consulting firm focused on open source and innovation.