Executive Insights on the Current and Future State of Open-Source Software
Executive Insights on the Current and Future State of Open-Source Software
We had some questions about the state of open-source, so we asked a host of top industry executive and experts for their opinions.
Join the DZone community and get the full member experience.Join For Free
Are you looking for ways to manage your open source risk? We can help. Learn more.
The response to our query for executive insights on the current and future state of open-source was overwhelming, with nearly twice the number of responses we have received for other research guide topics. I believe this speaks to the popularity of the open-source movement, as well as the fact that this is DZone’s first research guide covering the open-source ecosystem.
1. The companies from whom we received feedback are most frequently using open-source software to analyze big data, whether it be streaming or for AI-powered digital automation. It is also frequently used for databases, automation, SaaS, storage, development platforms, and testing.
2. The most popular open-source foundation is Apache, with 18 different projects mentioned. Linux was mentioned second most frequently, followed by Kubernetes, Docker, and projects from the Eclipse Foundation. Speaking to the breadth of the open-source ecosystem is that more than 75 languages were mentioned by respondents with one respondent mentioning they use around 50 different libraries in their solution.
3. The most important elements of the open-source ecosystem are an active community of users and contributors who share their knowledge, experience, and insights to improve collaboration, innovation, code quality, and security of the code. Existing users care about getting bugs fixed and enhancing the code, and there is also a good balance of people pushing the boundaries with new ideas and features. The community fosters innovation by being transparent, having a culture of meritocracy, and being able to communicate directly with the people who created the software.
It’s impossible for the original creators of a project to design perfect software that meets the needs of a diverse set of users. That’s why collaboration is so important and why open-source solutions evolve so quickly – the power of community.
4. The most important players in the open-source ecosystem are The Apache Foundation, The Linux Foundation, RedHat, and big tech companies that are developing a lot of open-source components for themselves but are sharing with the community. Apache is mentioned most frequently due to the incredible number of libraries and projects. The Linux Foundation is recognized for their licensing model. Big tech companies mentioned include: Amazon, Apple, Google, IBM, Microsoft, Netflix, and Twitter.
5. The most significant changes to the open-source ecosystem are the growth of the ecosystem and the entry and adoption by large companies. According to Sonatype, there are more than 10,000 new open-source versions per day and big-name vendors such as IBM, Microsoft, Oracle, and VMWare are beginning to release more and more of their products under open-source licenses.
The ecosystem has been adopted by more software companies and has identified a viable business model that is very attractive to the investment community. Everything is accelerating – the number of projects, the speed at which products leapfrog their legacy counterparts, as well as the number of developers participating. When large companies donate already-complete projects to the community, they take off like wildfire because they're already usable having been incubated inside those companies for years.
6. Nearly all real-world problems are being solved by open source software, since 90 to 95% of all apps are being built with at least some open-source components. These technologies are solving the problems that proprietary software had been solving previously – messaging, databases, microservice frameworks, etc. The software is allowing for innovative solutions to be brought to solve problems with cybersecurity, private access, scaling database, scaling cloud infrastructure, software management and provisioning, and more. Because the vast community that supports open-source is constantly innovating, OSS allows users to respond faster to change, which enables IT to do more and businesses to be more responsive and data-driven.
A better question would have been, “What are the real-world problems not being solved by open-source software today?”
7. The most common problem with the open-source ecosystem are: 1) the accrual of technical debt; 2) complexity; and, 3) license issues. There is generally a failure to address technical debt that is implicit with open-source. You need to be aware of the technical debt that can accrue very quickly. You need to spend the time to update the code and tools and spend the time and effort necessary to build changes into the project. People forget how important and critical maintenance is and don’t invest in it.
Use of open-source technologies without a hardened stack requires expertise that is very rare. Open-source projects are not necessarily built so they can be dropped into a production environment out of the box. Having an easy and lightweight way to handle continuous operations and support frictionless application development can be a big challenge for many teams. The speed of change and incredible diversity of projects is challenging.
A lot of organizations do not understand open-source and the licensing obligation that goes along with it. There are still legal matters around open-source that are not entirely solved. Many projects lack licenses, or lack compliance with their own license.
8. The future of open-source is bright and is going to get brighter. Open-source has won and will become the default model for most software projects. It will continue to be integrated in different ways to solve problems and achieve results in big data, AI/ML, blockchain, IoT, and wearables. The proliferation of frameworks will continue. Open-source will play an even larger role as unique business logic is layered on top.
9. Concerns over the current state of the open-source ecosystem were far-ranging, with those most frequently mentioned related to: 1) obsolescence; 2) overlap; 3) vendor mentality; 4) domination by large players; and 5) consumption without contribution.
The biggest concern is the obsolescence of a huge chunk of the open-source ecosystem every year. Many of these software projects become obsolete because there are not enough people contributing to them. Many open-source projects do not have a large distributed community around them and often depend on a single corporation to make most of their contributions and determine their roadmap. Once the corporation has gotten what they want from the code, they no longer support it.
There are too many overlapping products competing against each other. It can get overwhelming for the end user as there are so many choices with minor differences.
Too many users view open-source projects as if they are software vendors and expect they can just log a defect with the project and someone will have the responsibility to fix it.
Having an open-source license to a huge codebase is not a guarantee of long-term sustainability of the project if most of the knowledge is owned by one corporation. The consolidation of IT giants is a big issue that needs to be watched carefully. Few companies may end up owning the source code of too many major projects. Distributed copyright ownership would help mitigate risk.
Vendors also consume more than they share. There’s a tendency for companies to use open-source systems, but not contribute to them. Community and users can choose open-source vendors that provide more open code and make contributions to support the ecosystem. The open-source ecosystem can only survive if people give back. If maintenance and development are ignored, software systems will falter and fade.
10. When asked, “How do you ensure the security of open-source software?” the most frequent response I received was that open-source software is inherently more secure than other code due to the number of people looking at it with the ability to discover vulnerabilities and fix them. The most answers to the questions revolved around: 1) follow best practices; 2) test; and 3) choose the most popular code.
Adopt strict coding standards and guidelines. Ensure the software you are using complies with information assurance policy standards. Have an automated bill of materials and upgrade versions of open software when new versions come out. Perform manual auditing via code review and automate CVEdatabase monitoring.
Perform vulnerability scans and publish the results everytime the code is committed. Have a security vetting and testing process for each project that is out in the open so users can judge whether this is sufficient for their needs. Research, test,and read the license carefully. Always test security and audit for dependencies.
Make sure you are using the most popular code since it is less likely to have undiscovered vulnerabilities.
11. The two things developers need to keep in mind with open source software are: 1) knowing, and being a good steward of, the unwritten rules of the community; and 2) learning and paying attention to the details of the licenses.
Be comfortable interacting with the community. Consider the strength of the community before adopting an open-source product. Embrace open-source and start to contribute to open source projects that are of interest to you. Don’t be afraid to speak up and communicate. If you find a bug, report it. If you're able to fix the bug yourself, do it and help the community. Engage with the community on IRC and Slack, many of them are very receptive to newbies. Keep in mind that you are coding on the back of thousands of developers that came before you and it's important to leave the community and the project better than you found it. Encourage your company to dedicate time and money to supporting open-source projects.
You also need to understand the legal implications of using open-source code: read the licensing text and understand the terms. Consider using a package with fewer features that are more open. Be aware there may be legal compliance issues that you have not even thought about. Respect the license the author selected, and if you are not able to do so, do not use the component.
To gather insights on the current and future state of open-source software (OSS), we talked to 30 executives. This is nearly double the number we speak to for a research guide and believe this reiterates the popularity of, acceptance of, and demand for OSS. Here’s who we spoke with:
Opinions expressed by DZone contributors are their own.