Luhala Group, LLC. Understanding Open Source. Abstract. Introduction. Licensing. Definition of Open Source. Software

Transcription

1 Understanding Open Source Software Abstract This white paper is intended to summarize the concept of open source software for non-technical managers. The paper provides a definition of open source and its various subcategories, identifies licensing issues, provides some high-level examples of uses, identifies advantages and disadvantages of it s use, and provides recommendations for the future. Introduction Open source software (OSS) has garnered an increasing share of publicity in recent years. Although the model of shared source software has been in existence for at least twenty years [Gartner2000], both the Internet boom and an increased IT focus have brought new attention to OSS. Even Microsoft, the undisputed leader in closed-source software, has acknowledged the surge of awareness in open source by actively competing with OSS [Gates2002]. Despite this awareness or hype, many business people have a limited understanding of what OSS is, how it is used, and what its costs and benefits are. Almost any business today relies in some way on OSS whether they know it or not. In the same vein, almost any business today could utilize OSS more. Should businesses consider using OSS? Why or why not? Definition of Open Source Software To define Open Source Software we need to first define several basic concepts. The first is software. Almost everyone can provide an example of software Microsoft Word is a typical choice. Next, we need to identify what source or source code is. All software is written in instructions that describe how the software should behave. These instructions are known as source code the source of the software. Most companies hide their source code because it is their proprietary intellectual property and the source of their competitive advantage. If everyone could build their own (not necessarily legal) copy of Adobe Photoshop from the source code, Adobe Systems might not be able to charge a high price for that application. Software derived from hidden source code can be called closed source code. Open source code is the opposite of closed source code. Open source code provides readability and access to the source code of the software. Anyone can read, understand, and build software from the underlying source code. It is important to note here that just because software is open source does not mean it is free or can legally be modified or used. Licensing As mentioned in the previous section, just because software is OSS, does not mean it is free. Because software is copyrighted just like other authored works, it can be licensed using arbitrary licensing terms. This means Adobe could release the source code for Photoshop but restrict usage to only perusing the source code and not (legally) creating and running the Photoshop application. A good example of this type of license is the Microsoft Enterprise Source Licensing Program [Microsoft2002]. This license specifies that Licensees may read and reference the source code but may not modify it. Page 1 of 7

2 Typically, when referring to OSS, people mean software that is both open source and free to use in some way. There are numerous licensing methods for free open source but most are derived from one of two commonly accepted licenses: the BSD license and the GPL license. BSD License The BSD license is probably the most open license. It specifies very little about how the software may be used or modified only that the copyright notice must be maintained. It also disavows any warranty by the software creator. OSS licensed under the BSD license can be freely used in a business or even included in proprietary software. GPL License The GPL (Gnu Public License) is also a very open license in terms of use of the software but it has been labeled by Steve Ballmer as a cancer that attaches itself in an intellectual property sense to everything it touches [SunTimes2001]. This is a true statement in a way but it is a pejorative one. The GPL license allows the software to be freely used in any situation but requires that any modifications to the software be released publicly and available under the GPL (hence the cancerous nature). LGPL License The LGPL (Lesser Gnu Public License) is much like the GPL in that modifications to the source code must be released and available under the LGPL. The license is of interest to software developers because it is somewhat less restrictive than the GPL. Proprietary source code that uses source code licensed under the LGPL can remain proprietary and not licensed under the GPL or LGPL. Typically this license is used for libraries of utilities that aren t useful by themselves but only in conjunction with other software. Other Licenses There are numerous other licenses including the Mozilla Public License, the MIT license, the Apache Software License, and more. This paper is not to classify and describe these different licensing schemes but it suffices to say that these schemes are similar to the aforementioned ones. When utilizing OSS, the licensing scheme should be carefully reviewed and analyzed with respect to the use. What does all this mean? Basically it means there is a wide variety of freely available software that is in the public domain with various restrictions. For the most part, use of OSS applications (word processors, programs, etc.) is free; the restrictions are primarily on modification and redistribution of the software. Uses To better understand what OSS is, it is informative to see how it is used at the various levels of software use. Example: AbiWord AbiWord is a Microsoft Word -like word processor. It, in fact, is so much like Microsoft s product, a typical user might not notice the difference. It offers standard word processing functionality and is licensed under the GPL. This license means that a company could freely install and use AbiWord anywhere but any modifications to the software itself would have to be released to the public. Example: Linux Linux and OSS are commonly confused. Linux is software whereas OSS is a concept. Linux is an operating system like Microsoft Windows - it provides the foundation upon which applications (such as AbiWord) run. Linux comes in many different versions most Page 2 of 7

3 of which include a graphical user interface and various basic utilities. Linux is licensed under the GPL which means, as with AbiWord, a company can freely install and use it anywhere. Example: BIND BIND (Berkeley Internet Name Domain) is a piece of software run by most primary Internet users that provides one fundamental piece of the architecture of the Internet. BIND software provides the service that tells your computer how to find another computer on the Internet using the domain name. For example, if you want to get to your web browser talks to a copy of BIND to determine how to get there. BIND is not licensed under GPL or BSD; instead it is simply offered for free without warranty. These examples illustrate how and where OSS is used. There are well over 40,000 open source software projects [SourceForge2002] ranging from databases to image editing applications. The subject coverage of these projects is similarly vast from medical imaging to network security. With this much software available, it is important to address the costs and benefits of using OSS. Advantages and Disadvantages of OSS As discussed, there is a vast array of software available for use in many businesses. Much of it is available without license fees. This does not obviously mean using the software is free. There is a cost to using free software which may or may not outweigh the benefits to your organization. In this section we identify some major areas to think about when using open source. Total Cost of Ownership The Total Cost of Ownership (TCO) is a common measurement used for software purchase or licensing. Reducing TCO is a major issue for IT departments in most organizations but most organizations are not looking at OSS as a cost reducing method [Trend2002]. The question is whether use of OSS does, in fact, provide an effective reduction in TCO. Some evidence points to overall reductions in TCO. Of Chief Technology Officers currently using OSS, ninety-three percent reported reduced application development cost and thirty-two percent report a total cost savings of more than $250,000 [CTO2001]. These numbers are, of course, filtered through the opinion of a CTO who may have an incentive to show cost savings. Where the typical cost of ownership increases for OSS is in support. Support (or lack thereof) is a major concern for corporate users of OSS and support costs are at the moment higher for OSS than for commercial software. Costs are higher primarily because OSS has a smaller support infrastructure and demand for this support is high. One estimated comparison of using OSS (in the form of Linux) versus non-oss (in the form of Microsoft Windows for a 5,000 user manufacturing company shows a 62% cost savings for Linux [LinuxWorld2001]. Beyond application-level usage of OSS, a case can be made for usage at the component level for developing software. Bits and pieces of OSS can be utilized in application development or deployment. If the application is already customized, using OSS typically saves time because the source code has already been developed once. Overall, the TCO of open source software appears to be lower than that of proprietary software. Actual quantification of the savings Page 3 of 7

4 must be done on a case-by-case basis using real figures for both licensing as well as support costs. Competitive Advantage Another area to consider when analyzing the value of open source is in terms of competitive advantage. There are both advantages and disadvantages to using OSS. There are two major advantages to using OSS in terms of competitive advantage. The first is time-to-market. OSS provides ready-built tools that can be customized and included in applications or services. These pieces of software don t have to be re-invented but allow customization to a specific product. The result is a faster product development cycle whether software product or service product. A second, shorter-lived advantage is the pseudo-proprietary nature of OSS for the next three to five years. As OSS is adopted, this advantage will dwindle but there are OSS products that are more effective than proprietary software. A business using these OSS products will have efficiency or effectiveness advantages over firms using competing, lower quality, proprietary technologies. A corollary to the previous advantage is a major disadvantage of OSS the dearth of barriers to entry or other advantages due to the free availability of OSS. In some industries, software development costs are a major barrier to entry. If an open source project provides similar software, that barrier to entry is eliminated. Furthermore, the public availability of OSS eliminates the competitive advantage of having a more effective proprietary system. An example is a business with a custom-built CRM application versus using an open source CRM application the custom-built application may provide more effective service to the business allowing it to be more competitive. In general, the competitive advantages of OSS versus proprietary software have to be evaluated on a case-by-case basis. The problem is analogous to build vs. buy decisions which are traditional IT decision points and can be analyzed using traditional methods. Quality Quality is another important facet of OSS. Quality obviously affects TCO but, because of its importance, should be considered alone. Anyone who has had installed or used traditional software has some opinion about its quality. But how does OSS compare to proprietary software in terms of quality? Some information can be gleaned from a comparison of testing OSS applications and Windows-based proprietary applications. In the best comparison to date, the OSS applications tested in 1995 crashed approximately 25% of the time. The proprietary Windows applications tested in 2000 crashed approximately 45% of the time [Miller2000]. One aspect to note is the 5 year time difference between these tests. It can safely be assumed that the OSS applications improved significantly in the intervening five years. This means that the quality difference is even greater than the 20% shown by the 2000 study. These figures come from a somewhat artificial study of software behavior but nonetheless illustrate the quality difference in OSS versus proprietary software. Another strong quality indicator is found by comparing one of the largest open source projects, the Apache Web Server with Microsoft s IIS. Specifically, the security quality of IIS is significantly poorer than Apache. Gartner Group states that although these Web servers [Apache] have required Page 4 of 7

5 some security patches, they have much better security records than IIS [Gartner2001]. Gartner in fact strongly recommends moving away from IIS in favor of Apache. It is obvious that some OSS is of higher quality. When making a decision about using OSS, however, many factors about the software itself must be taken into account. There is no OSS certification body or standardization scheme thus each piece of OSS must be analyzed to determine it s effectiveness. This analyses is a cost of OSS but the cost can result in a much higher quality result. Control and Lock-in Control of software is an important issue for businesses. In almost no other industry is a business as locked into a particular vendor than in software. Many proprietary vendors of software can provide customization and support services at exorbitant rates because they control every aspect of the software. Not only is cost an issue but software can form the heart of a business. Examples of core software are customer databases and factory automation software. It is risky for a business to cede control of core systems to a vendor whose strategic interests may not coincide with their customers. If a customer s database is down for three days, it may destroy the customer but the customer is simply one more past sale to a vendor. There is often little incentive for the vendor to provide the help a customer needs. Secondarily, the lock-in to proprietary systems provides vendors with a strong bargaining advantage once their software is installed. The switching costs are very high allowing software vendors to charge nearly those switching costs for service and upgrades. As OSS analogues to these systems begin to be used, vendors can be expected to increase prices to garner revenue from their shrinking market. OSS, on the other hand, puts control potentially into the business hands. This control comes at a cost which is that of providing internal support for core systems. Another advantage of OSS is the interfaces and file formats are open and often welldocumented. This limits lock-in for businesses and lowers the switching cost. Page 5 of 7

6 Recommendations Open source software is rapidly coming into its own with respect to business. The following is a brief list of recommendations and when to apply them in your business: When Now Now Next 3 Next 6 Next 12 Next 12 Next 18 Next 24 What Provide time and incentives for IT employees to explore OSS and provide training for new technologies Review business software use and analyze future yearly licensing and support costs Begin prototyping and limited rollout of experimental OSSbased systems Review competitive value of proprietary in-house systems and how OSS would affect that value Prepare 3 year estimates and plan for phasing-in of standard OSS desktop software If relevant, replace standard problem-prone systems having OSS analogues with OSS replacements Review core systems with respect to lock-in and potential cost increases If relevant, begin planning for OSS replacement/integration into core systems Page 6 of 7

7 Bibliography [CTO2001] CTO Network Survey, Rene Gotcher, CTO Magazine, survey.html. [Gartner2001]. Nimda Worm Shows You Can't Always Patch Fast Enough, John Pescatore, Gartner Group, September, [Gates2002]. Remarks by Bill Gates; Government Leaders Conference, Seattle, Washington, [LinuxWorld2001]. A strategic comparison of Windows vs. Unix, Paul Murphy, LinuxWorld, [Microsoft2002]. Microsoft Enterprise Source Licensing Program. urce/enterprise.asp. [SourceForge2002]. SourceForge. [SunTimes2001]. Microsoft CEO takes launch break with the Sun-Times. Chicago Sun-Times, June, [Trend2002]. Market Opportunity Analysis For Open Source Software. Trend Consulting, Page 7 of 7