Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

The Most Significant Changes To Open Source

DZone's Guide to

The Most Significant Changes To Open Source

This analysis from more than 30 executives charts the growth, changes, and acceptance of open source software in today's development environments.

· Open Source Zone ·
Free Resource

New Report Reveals Open Source Risk Is Still a Mystery to Many. Read more.

To gather insights on the current and future state of open source software (OSS), we talked to 31 executives. This is nearly double the number we speak to for a research guide and believe this reiterates the popularity of, acceptance of, and demand for OSS.

We began by asking, "What have been the most significant changes to the open source ecosystem in the past year?" Here's what they told us:

Growth

  • The hockey-stick growth of open source. According to Sonatype, there are more than 10,000 new versions per day, three million NPM components and two million Java components. 6.1% of downloads have a known security defect. Developers are building frameworks on top of frameworks. One component we checked is inside 80,000 other components. The Apache Commons Collection will not address a previous version. They batch going forward.
  • It has happened gradually from 2007 with Puppet and Chef gaining traction followed by OpenStack and Kubernetes and layering serverless frameworks on top.
  • Open source has been like a pendulum growing progressively over the last three to four years. It’s getting more attention and more developers are using and learning how to participate in the community.
  • Everything is accelerating, number of projects, the speed at which projects leapfrog legacy, number of developers participating. Monetization options have changed. Investors more careful pouring money into open source. Want to monetize through a SaaS model.
  • 1) That’s hard to say, because significance requires the distance of time to evaluate what was meaningful and what was just noise that was very exciting in the moment but didn’t actually change anything. 2) We just released a pretty comprehensive dive into the relative popularity of various JavaScript frameworks over the last year. I think what’s inescapable is that the community of open source contributors is huge and growing. What’s changing is that more of them are using our ecosystem, which began as a resource for server-side JavaScript, to distribute and discover code for front-end web engineering. 3) Taken as a whole, the JavaScript community has seen and continues to see stratospheric growth, the combination of strong growth in a hundred communities combined into a single language. 2017 saw JavaScript going to the moon.
  • Growth in CNCF and Kubernetes, Red Hat with Open Shift. New commons and foundation. Trying to define how things interact in a cloud-native environment. We still see things from Apache like Ignite. New place competing on implementation with common specifications.
  • The massive explosion of containerization has been one of the most significant changes in the past years. It has changed the way software is used and deployed and allowed resource-strapped projects to expand in unforeseen ways.
  • The rocket-fast adoption of Kubernetes is one of the most significant phenomena of 2017. K8S changes radically how applications are deployed and developers are loving the new paradigm.

Enterprise Adoption

  • 1) DevOps is becoming a movement. 2) Security is becoming more important. 3) Enterprises are going open-source first for their infrastructure, as a result, the demand is not just innovation but stability and production-readiness. 4) Controversial changes: Amazon hosting a lot of open-source solutions for charge has made the open-source model change a bit. The communities are either doing an AGPL license or an open-core model.
  • Microsoft joined OSI. Docker and Kubernetes growth on the container front.
  • The acceptance of open source is a significant change. Microsoft accepted open source years ago, and other large companies are starting to accept open source as the de facto way of generating innovation or getting software. More people are starting to expect software as open source. There will come a time that companies will no longer invest in software unless it is open source.
  • Over the past year, the Open Source ecosystem has seen many changes. Most significantly, the ecosystem has been adopted by more software companies and identified a viable business model that is very attractive to the investment community.
  • The increase in the cost of software for non-software companies and products. Today a head unit for an automobile would cost $100 million to build from scratch. Today you have GENIVI and the Connected Car Alliance working together to build the “heads up” platform. Non-software companies were having massive software costs. Lawyers finally got comfortable with the licensing and started telling their clients it was OK to use open source to save millions in development costs.
  • When it was rolled out, Open Source was viewed by big companies as immature or not scalable. Now, the majority of large companies, like IBM and Oracle, have bought into it and started contributing to the Open Source community. Further, several enterprise-class customers that may have once ‘feared’ open source for various reasons, have now added it to their core list of criteria for any software solution they use. As a result, the industry now more broadly thinks Open Source first, and it’s seen as a very mature and mainstream technology.
  • 1) In a sense, the past year was a continuation of an important trend: large, global enterprises are placing enormous trust in the potential of open source technologies to improve their businesses and to do so in a cost-effective manner. 2) This trust has been hard-earned--Apache Flink and other fast-growing open source technologies in 2017 have been tested rigorously in production environments over many years. The open source ecosystem is well-aware of the standards it needs to maintain to win over discerning users. 3) This heavy investment in open source applies not only to industries that are traditionally early adopters of open source, such as the technology industry but also to more traditional industries such as finance and insurance.
  • A lot more open source these days is coming from large companies donating already-complete projects to the community, which can be really great -- they take off like wildfire because they’re already usable, having been incubated inside those companies for years. A good example of this is the contrast between Kubernetes’ success and the slow evolution of prior schedulers that started out as OSS (Mesosphere, Swarm, Nomad). The downside to this new pattern is that it creates a herd mentality as everyone rushes to dance with the “most attractive dance partner” and threatens to snuff out nascent alternatives that might be a better fit for certain use cases.

Other

  • Big name vendors, such as MS and VMware, beginning to release more and more of their products as Open Source. Previously OSS was not seen as a commercial mechanism to release code, not its widely accepted.

  • No huge changes. The ecosystem is vast and there have been a lot of changes but nothing major.

  • It’s been a gradual progression. Most crucial for a healthy environment is release soon and often. A healthy system with small and frequent changes.
  • The cloud presents a unique and different challenge to Open Source. In the age of cloud applications where you use a managed service, how do you maintain the same level of interest and contribution in the underlying open source technologies that make this work. At the same time if you are a retailer or grocery store, should you really own a server farm to run your search engine? Can you even afford to with well-financed online competitors? Despite these challenges open source has continued to evolve and is where the hot new research and development is taking place today.
  • Biggest change 4 to 5 years ago from GPL license to Apache to protect IP of the open source developed code. Make sure open source software was not being abused. OpenStack built of Linux. When enterprises take pieces of code it increases the use of open source. The value is the community and now the community is growing exponentially. MongoDB, Cassandra all using Apache license more permissive to the end user, grows much faster without IP or legal issues.
  • The Equifax hack and recent repository-based supply chain attacks have brought new attention to the security of the Open Source we all depend on. The Equifax hack shined a light on the fact that while we’ll always have vulnerabilities that are found, we must get better at detecting, patching and validating them. The supply chain attacks as seen in NPM and PyPi show that as the importance of Open Source grows, the likelihood that targeted malicious actors will take advantage of the popularity and trust associated with OSS increases. These changes are beginning to modify the relationship we have with Open Source. There’s more focus from a security perspective on what’s being used and where it came from.
  • Overall, open source has come a long way from the command-line only interfaces and complex install processes of the past. Modern open software is much more user-friendly in both installation and operation. This has significantly lowered the barrier to open source adoption and has helped make it a more attractive option for those currently using proprietary software. Open source software has also made great strides in integrating with common security and identity management systems within enterprise organizations. Open systems are now just as secure, stable and powerful as their proprietary counterparts.
  • Following are the most significant changes around the open source ecosystems: 1) Increased scrutiny around the inclusion of open source components in commercial products — More questions are being asked this year about the security of open source software. Nobody is required to fix a security vulnerability in an open source tool, thus after the discovery of a vulnerability, all applications using the open source tool turns into an easy target for hackers. Vulnerabilities get fixed only when the contributors get a chance to fix them. Also, as many of the popular open source tools are used by thousands and millions of users, there is no effective way of getting the alerts out to everybody that the software needs to be patched.

    2) Increasing adoption of open standards: This is a positive development. Traditionally Open Source software enables the development of a strong tooling ecosystem around standards. APIs are a perfect example of this. Over the past year, there has been increasing focus on OpenAPI ecosystem and practitioners using REST APIs have been able to quickly adopt the new OpenAPI specification only because of the rich tooling that exists around it. SmartBear Software has been a key player in the development and maintenance of the OpenAPI tooling ecosystem.
  • 2017 was a transformational year for the open source ecosystem. Users of open source moved decisively towards focusing on how to successfully deliver tangible business results from open source stacks. Enterprise companies started focusing on time to market and total cost of ownership as the main decision criteria. This heralded a transition from experimentation with open source technologies (e.g. kicking the tires), with a focus on real applications that drive tangible business outcomes. Use cases for technologies in the open source ecosystem moved from being a collection of many disparate technologies to a hardened set of best of breed technologies. This was a direct result of customers moving their focus towards delivering business outcomes that augment their bottom line. Another significant change was the arrival and maturation of real-time big data analytics. Open source, notably Hadoop, was no longer storage-bound as data-in-motion took center stage. Lambda architecture became obsolete. 2017 saw the demise of the data lake-centric view. A lot of innovation happened at the edge and enterprises stored data wherever it was cost effective.
  • There are two clear changes that have finally become more well-formed over the past year. The first is open data formats, which allow for interoperability in between systems. The second is growing prevalence of fuzz testing in open source. Much credit must be given to Google’s OSS-Fuzz project for the massive growth here.

Here’s who shared their insights with us:

Software composition Analysis for DevSecOps. Start finding vulnerabilities in your open source components today.

Topics:
java ,open source software ,licensing ,application development

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}