It is hard to imagine any company that has not used open source software in an environment where Linux is running on printers and Web servers, and business employees are running the Android operating system on a variety of mobile devices.
According to Black Duck software, an open-source management tool provider, there are Ibedovan different open source projects in the industry, and the number of open source projects continues to grow, and black Duck software has the world's largest Ohloh open source software directory. At the same time, the number of open source projects is doubling every 14 months on average, according to a study published by SAP.
However, different open source projects, the extent of their active also vary. Ohloh points out that of the 100,375 open source projects that can be queried for active information in the Open-source software catalog, 80% of open source projects are low active, very low active, and completely inactive.
This is bad news for companies that have big bets on individual open source projects, which are designed to take advantage of these open-source projects as part of their important business system. At the same time, according to Gartner survey data, almost all respondents said that by 2016, 99% of the world's more than 2000 companies to apply open source software to its key system software product line.
If the enterprise chooses a dead-end open source project, it means that the enterprise chooses a project with little or no updates and no security patches, and that the project is rarely supported by the community.
In addition, the impact of choosing a bad open source project is far more than at the development level. For example, open source code is distributed through a wide variety of licensing licenses, and some licenses may be incompatible with some products or development plans of an enterprise. In addition, unmanaged Open-source software can also pose security risks, audits, and specifications.
Vulnerabilities in the procurement process
Developers and end users are often willing to upgrade open source software because it is free, and the upgrade method is simple, and can provide developers and end users the required functionality, most importantly, no procurement process caused by the trouble, The end result of this approach is that many companies have no idea how much open-source software their employees use.
Some open-source software vendors even use this as their sales strategy. "Because sales of open source software can be directly connected to individuals, we can use the decision and sales process of conventional software, once the number of open source software sales reaches a certain scale," said Luc Solans, chief strategist of Bonitasoft, a source business process management software company in Paris. It will become a common standard to be adopted by the enterprise. Usually we hear the most from users (usually the chief technology officer of the Enterprise): I really didn't want to have a relationship with you, but you came through another way. ”
However, for end users or individual developers, their use of open-source software is not a complete balance between business needs and long-term development goals.
In 2013, sonatype A survey of 3,500 people engaged in it work, which showed that 60% of developers did not regard security as a top priority because most people didn't have the resources to use the higher cost of open source software, In addition, there are those who believe that security is not a matter for them.
Meanwhile, a study by the software management provider White source found that 23% of software projects with open source components had security risks, and 85% of open-source software projects used outdated open source libraries.
In addition, community support often leads to various problems in open source projects, so some large companies prefer to choose professional open-source software providers to provide some important features and support. But Black duck points out that 45% of developers and IT experts are choosing software to focus on technology performance and product features, while only 12% will use commercial vendor support as an important reference for their choices and decisions.
When choosing open source software, individual users and developers may not consider whether the other parts of the company are using a different or incompatible tool, or whether the open source software has a viable license, or whether the software can be extended if necessary. Ultimately, if the tool is written in a code that is familiar to only one developer, the rest of the company will not use the tool, so that if the developer leaves, the company may be in trouble.
Lack of management
Sonatype company points out that 57% of the companies currently have no clear guidelines or policies for the use of open source software.
A good open source management policy needs to be able to provide guidance to developers or end-users about the timing and circumstances of the use of open source software, what licenses are needed, and when they need to be put into management.
If the software is important enough, you can choose Open source software through the formal selection process, and choose the process of open source software and choose a proprietary software process has a lot in common.
Red Hat Chief Information Officer [note]lee Congdon said: "When we choose a large-scale platform, such as open source telephone system, our product selection process and proprietary software selection process is the same, including cost, features, functions, development routes, supplier stability, As well as the ability to meet established goals, these factors are the same as those for evaluating specialized solutions. ”
But the choice of open source software and the choice of proprietary software are also two major differences, one is that open source software vendors are different from traditional commercial vendors, and the other is the choice of open source software also need to look at the community of the project.
"But that doesn't mean that the management of every open source software needs to be plugged in," says Congdon. Excessive control of the choice of open source software is likely to stifle enterprise it innovation, and even to the corporate it shadow. In terms of our own business, we generally give individual developers a certain amount of freedom and flexibility, but for the needs of the project, and our architectural team to participate in the project will help our enterprises in the selection of software to form a standard method of our own business needs. ”
Community
The success or failure of any open source project depends largely on the community around it, which includes developers who contribute code, testers, document writers, people who answer questions on online forums, and end users.
There are several ways to assess the size and level of activity of an open source project community, which has a tool provided by Ohloh. One common approach is to look at the history of code submissions on the home page or Web site of an Open-source project, and whether the discussion area is active.
"If the project happens to be on the GitHub, you can see how active these items are on the company's web site," said Tim Clem, GitHub executive in charge of business development and strategy. In jquery, for example, there is a list of disclosure vulnerabilities and feature requirements, and it is common to discuss the merits of this change. If the last topic was open six months ago and no one responded, the community is considered very inactive. ”
GitHub provides virtual hosting services for private projects and Open-source software projects, and it also uses Open-source software internally. When it comes to a project that is related to a company's success or failure, such as Git version control technology, GitHub typically hires some core developers to help develop the software. "This not only gives us a deeper understanding of some special open source projects, but also leads to the development of GIT technology," Clem said. ”
Another approach is to directly contact open source software developers themselves.
Michael LaVista, chief executive and founder of Web application developer Caxy, said: "We are very fortunate to have access to important developers and to ask them questions." If you have a problem with an open source project, you email the developer and the developer can answer you in one day, which bodes well for an open source project. If they never respond, it proves that the community of the project is not really active. ”
The support of a large number of developers is also important, LaVista said: "If a German developer wrote a content management system, he used the language other people do not understand, then if the developers go, it will mean the end of the project." ”
"For open source projects, I have had some very bad experiences with open-source projects that either don't have a strong community support," said Ross Nunamaker, marketing strategy and Analysis Manager for--olympus Medical Systems Group, the American medical equipment maker. Or use the open source software to do a very poor product. ”
The group wants to update its website, which was created in 1999 and has experienced a wide range of problems, including navigation, multiple owners, and other issues. Initially, Olympus Medical Systems Group wanted to choose a dedicated platform, but eventually the group chose to drupal--an open source content management system, many large enterprises are using the system.
Nunamaker: "The Drupal community is growing very fast, with low-cost or free training courses in the community, as well as a lot of providers using the platform." The Olympus Medical Systems Group uses Drupal, which is also facilitated by another user in the Drupal community. ”
Nunamaker also said: "Customers often ask me, open source project is free, so your products should be cheaper, or in this open source community with so many people are using this Drupal open source platform, how to ensure security?" "The White House is also using the Open-source software, which is persuasive for those who still worry about the safety of the project."
Meanwhile, this year, after the Olympus Medical Systems group began using the platform, the US Pfizer pharmaceutical Company (Pfizer) and Johnson & Johnson also used the Drupal platform. Many companies in this field are beginning to give up their old platform, starting to use the new platform, and the two big companies in sync, have chosen this platform, which also shows that Drupal for the enterprise, is a good choice.
Vendor support
Like many popular open source projects in the enterprise, Drupal also has a major provider--acquia the helm.
In fact, Nunamaker says, Olympus Medical Systems Group has chosen a different company to create the site, but they will let Acquia confirm whether the provider they chose has the best practice model to create the site. Also, in emergency situations, large suppliers can provide 24/7 services (7 days 24 hours a day).
According to W3TECHS survey, Drupal Open source platform in the content management system in the field of the market share of 5.4%, in this field ranked third, WordPress ranked first, its market share of 60%, followed by Joomla, market share of 8.8%. However, the Web site technology information Query and Analysis tool--builtwith.com (builtwith.com only focus on the 1 million largest sites) but it ranked Drupal second, market share of 14.5%, This means that Drupal is more popular in larger enterprise deployment scenarios.
"Content Management system Joomla Whether it is good or bad, the key is that it does not have a leading business organization to help promote its development," said Paul Orwig, president of nonprofit Open Source matters. Joomla has a volunteer community around the world and we love that community, but it has a relatively low level of trust compared to projects that are commercially supported. "Open Source matters is primarily responsible for providing organizational and legal support for Joomla projects."
Another example of a major open source platform is Linux, which is also supported by leading vendors, with the exception of the Red Hat,suse Linux and Ubuntu canonical companies that are leading their respective distributions.
For example, SUSE does not just support its Linux, SUSE Linux Enterprise Server (SUSE Linux Enterprise server) has about 2000 other open source packages that are supported by SUSE companies.
When selecting a tool, SuSE can decide which software to choose on behalf of its customers.
SUSE Linux Enterprise Senior product manager Matthias Eckermann said that in the selection of open source projects, he mainly saw three factors. "The first is whether the Open-source software we support and provide to our customers is active," Eckerman said. And whether it is well maintained; second, whether it is based on the concept of security, and thirdly, how adaptable it is, whether the document is intact, and whether the open source software can be accepted by the user or won praise. ”
Eckermann said that because SuSE itself is an open source enterprise and has gone deep into the open source community, the company has a certain advantage in selecting projects.
Like Red Hat, SUSE employees are keen to develop a libreoffice management software suite, Eckermann says: "Our developers are an important part of some communities." ”
Licensing
One of the toughest issues in choosing an open source project is choosing the right license, because end users and developers often lack a certain amount of binding on a particular open source project, which is the area where legal and regulatory authorities need to intervene.
For example, some software is only licensed for non-commercial use, and many packages are distributed under a license that requires all derivatives to be open source. Sometimes, some open source software or projects do not have a clear license.
"There are a lot of open source projects in the Hadoop community, but no one will be particularly concerned about what kind of authorization they have chosen for these open-source projects," said Shaun Connolly, vice president of corporate strategy at Hortonworks, a company focused on Hadoop development and support. ”
Authorization is critical to US payment solution provider LoopPay, said David Meyer, the company's vice president for Software engineering, saying: "We need to make sure we can use an open source project in our product environment, when we resell products or redeploy products elsewhere, We do not want to be restricted by the license. ”
The most important thing, Meyer says, is that the person who ultimately decides to buy the Open-source software has a good technical base, or that a technical expert can help him make a decision, rather than the decision maker who buys an Open-source software based on a developer's recommendation alone.
Meyer said: "We used to ask some low-level, inexperienced engineers to help us find open source projects, they are very enthusiastic about these open source projects, we strongly recommend to use, but later these open source projects have not been active for two years." If you use a similar Open-source project for a while, you end up finding that all of the open source components that your product relies on are not being maintained and supported, and your project is doomed to fail. ”
12 Next