The OSS Fear Factor
by JT Smith
Tuesday, December 23, 2003
In this security-conscious era, getting IT or business leaders to consider using OSS can be a tough sell. One of the main reasons is a perceived lack of control - or a throat to choke to put it another way. If you purchase packaged software, you know who's responsible. If you're using Microsoft Outlook and some knucklehead exploits a hole to distribute a virus to your user base, all eyes turn to Redmond for a patch. But if you're using Evolution and a similar problem occurs, to whom do you turn for a remedy? (See Myth #4 for the answer.)
One of the appeals of OSS within the open source community is that it is developed for the greater good rather than simply to make a buck. Yet this egalitarian appeal is also one of its greatest barriers to its general acceptance. In the absence of hard information, a number of myths have sprung up which make the prospect of using open source software for enterprise applications scarier than that box of tarantulas. Let's examine some of these myths (and the truths about them) in order to bring a greater understanding of OSS, and see how your organization can benefit from it.
Myth #1 - OSS is all or nothing
There seems to be a general belief that using OSS is an all or nothing proposition. In other words, you have to choose between using all open source or all commercial software.
The truth is you can have any mix of open source and commercial software you want in your business. You can even use OSS in a Windows environment.
The important thing to remember is that OSS is a different philosophy of software creation and distribution, not a completely different technology. Most large corporations already use some form of OSS, whether they realize it or not (see Myth #5). They've found that OSS plays very well with others.
Myth #2 - Centralization of software development is always better
This goes back to the "one throat to choke" concept. If your primary goal is to lay blame when something goes wrong, then the statement is true. But if you're looking for the best performance from the software, it may not be.
Consider Darwin's oft-quoted principle of biological diversity, which says that having more choices in the gene pool gives a species a better chance of surviving a disaster and improving itself more quickly. The same holds true in software. A large developer pool around an open source software project means more ideas, with the best rising to the top and the rest falling by the wayside. If a disaster strikes, you have a large community working to solve it. That's the main reason that open source software upgrades are introduced on a weekly or monthly basis, while commercial software upgrades often take more than a year to produce.
Some of this attitude also dates back to the early days of software development, where the knowledge was held (and hoarded) by a relatively small part of the population. For at least the last 10 years, children have been learning to program in middle school, or even grade school. As those students move into the work force, they aren't content to wait for improvements from on high. They're diving in and creating what they need on their own. OSS gives them the means to do it.
Today, with the pace of change coming fast and furious, a closed, 18-month development cycle no longer meets the needs of business. OSS provides a solution.
Myth #3 - You get what you pay for
In America in particular, there seems to be a prevailing attitude that free equals bad; its corollary, of course, is that the more expensive something is, the better it is.
realities of software development, though. A commercial software
company has a certain amount of budget allotted to develop a product.
This number is based on the number of people assigned to the project
and the amount of revenue they expect it to bring in. Just as important
is who the company assigns to the project. If it's the signature
product, you'll probably get the best talent on it. If it's an
ancillary product, you'll probably get lesser souls. Those are the
realities of business. And if the product doesn't make money (or the
company feels compelled to bring out a new version to drive up
revenues), support will dry up awfully quickly.
Myth #4 - OSS is not secure
Since everyone can see the code, the reasoning goes, exploits are
easier to find. There's only one problem with this line of thinking:
exploits are actually very difficult to find, regardless of whether you
have access to the source code or not. If they were ever easy, the
original developers would find them during the debugging process and
fix them before the software ever went gold.
Myth #5 - OSS is only for zealots and small companies
Consider that most of the Internet is built on OSS, and huge companies
around the world are adopting OSS at an astonishing rate. Of course in
some cases they don't realize it's OSS until long after the software
becomes part of the way the company does business. But the point is
it's proving its performance on the enterprise level every day.
The fact is, OSS is pervasive in business, government, and education. And it will continue to grow in popularity both as a means of controlling IT costs and because it simply makes sense.
If you're still not convinced, here's one more reason to consider OSS in the enterprise: you don't need to send a requisition through six levels of approval to obtain it, because there's nothing to approve. No purchase order is required because there's no cost to obtain the software. You can download and use it immediately to see if it suits your purposes. There's no "time bomb" trial period to worry about, either, so if your priorities change you don't have to worry that the clock is ticking. The bottom line is there's nothing to fear from OSS but fear itself. OSS provides the tools you need to boost productivity in a secure environment, which makes it definitely worth a look before you commit dollars that could be better spent elsewhere. And that beats a box of tarantulas any day of the week.
is the director of technology for Web Den Interactive, a maker of open
source enterprise application tools. He can be contacted at
Find this article at: http://www.line56.com/articles/default.asp?articleid=5237