Open for Business

A recent report published by CSC's Leading Edge Forum makes a strong case for open source software, but is sound business sense being lost amid all the cheerleading?

In a world of industry analysis reports that are dispassionate to the point of boredom, it is somewhat refreshing to find one that virtually gushes in its enthusiasm for a particular technology.

Statements like "organizations achieve time-to-market, innovation and product quality like never before" and "a treasure chest teeming with technologies and best-practice methods" read more like vendors' promotional brochures than the normal stock-in-trade of independent analysts. But Bill Koff, vice president of CSC's Leading Edge Forum (LEF), says that "enthusiasm" is not abnormal for his organization's outputs, although he denies that they also represent endorsement.

"CSC is independent of product," Koff insists. "We try to help clients in whatever they choose and leverage whatever they can . . . Would we be an advocate for any particular technology? No. We are an advocate for what works for our clients."

The report in question is the LEF's Open Source: Open for Business, released at the end of September. It covers the nature of the open source community, the range of application of open source technologies, and the legal and business issues associated with its development and use. Koff visited Australia recently for CIO magazine's "Building The 21st Century Organization" conference, and spoke with CIO prior to the report's release. He says the report took a year to develop, and "we were very surprised to what extent open source was happening with clients".

It should be pointed out that it is not entirely clear who the authors of the report are, although probably in true open source style it is more likely a collaboration. Instrumental in research were two German CSC employees, Stefan Hohn and Gabor Herr, both LEF associates and part of CSC's open source team. Significantly, the report says, "the two poured their insights and their heart and soul into the report, which reflects their passion and business sensibility around the open source movement". They were assisted by significant contributions from Maja Kreikemeier, research; Tom Knapp, legal and business issues; and Lisa Braun, writing and editing; plus contributions from almost 40 others, primarily CSC staff.

An Open Secret

The LEF report sums up the lure of open source software in that "it is 'free' in the sense that anyone can use it, modify it, create derived works from it and redistribute it - and there are no licence fees. You have access to a worldwide development community that improves, adapts and fixes the software, often much faster than in the proprietary vendor world. You are not beholden to a vendor for fixes and enhancements; there is no vendor product lock-in."

That is certainly why so many governments and government agencies around the world have already or are looking at mandating the use of open standards, and why many private sector organizations are playing a role in the open source community or are assessing its relevance and benefits for future use. Nonetheless, there are those who feel that open source is not without some disadvantages, even to the extent that those disadvantages outweigh any claimed benefits. Even some players deeply embedded in the open source arena admit that not everything is rosy.

Page Break

David Jones is partner in a consulting business based around the Open for Business (OFBiz) project. This project began in May 2001 and is licensed under the MIT Open Source licence, and approved under the Open Source Initiative. (Bill Koff says he has not heard of the project, even though it started well before his project, bears the same name as his report and CSC has a longstanding relationship with MIT.)

Speaking with the Technology Evaluation site (, Jones admits that, as far as his consulting organization is concerned, "if we're going to make changes or additions for somebody, generally it will be a big contract, or something we're interested in doing.

"Their [clients'] requests in the open source project could sit there forever unless we get a contract, someone is interested in doing it, or we want to move the project in a new direction that just happens to cover that . . . If someone comes along with a need and they don't have any funding for it, it's basically throw it out to the community and see what sort of resource sharing can happen with common interests."

Later Jones says "the community is reasonably large . . . and the functionality, especially in certain areas, is pretty mature, but trusting it, even being willing to take a look at it, is not very common for a lot of companies. I think the trust factor is a big deal."

Jorg Janke, developer of the open source ERP/CRM solution Compiere, and another Technology Evaluation interviewee, adds to this fear of the reliability of the open source community. "We have a significant number of downloads and a significant user base, but as a percentage, the number of people who pay is relatively low. That's the general business model you find in the open source area, that is, lots of people are using it, but not that many paying for support. For example, JBoss has several million downloads but if you take the number of support contracts they have, it's actually not even in the percentage range. From that perspective, if you don't have a high volume constituency, open source software is not a long-term viable business."

It is these sorts of concerns that add a caveat to the generally positive spin that LEF gives the topic.

In the introduction, the report admits that "open source is not a silver bullet; it is not inherently good just because it is open source. Open source software is not appropriate for every situation; it will not displace proprietary software overnight."

(Note that last word.) It goes on to concede that "there is plenty of good proprietary software on the market, which can and should be deployed". This sounds like damning with faint praise, an impression that is reinforced when the report then adds that "the lines are blurring between proprietary and open source".

The report does admit that there are serious fears and concerns, republishing survey results from Forrester Research that showed that lack of support is the number one concern of most potential users of open source software (57 percent of respondents, who were allowed multiple responses). This was followed by product immaturity (42 percent), lack of applications (42 percent) and lack of client skills or knowledge (36 percent). Security was a concern for only 19 percent of respondents. The report makes mention of some of these issues, including switching costs, legal costs, providing resources, long-term viability, objective TCOs, reliance on a volunteer community, timeliness and the potential lack of support.

However, whenever it raises user concerns, the report is usually pretty quick to dismiss them. "There is a common perception that technical support is a serious shortcoming of open source software. However, support is proving to be a fertile ground in the open source arena, rich in business opportunities for IT service and solution providers, software vendors, application service providers and others". And Koff himself thinks the fears are not well founded.

Actually, it was this plethora of opportunities for providers that worried one CIO when approached for this article. His concern was that open source would prove a boon for the IT service industry, to the detriment of clients.

Page Break

At the Front Line

Elsewhere, the report deals with the reluctance to use open source in mission-critical contexts, based on the impression that it is not mature or robust enough, and not suitable for large-scale deployment. The report quickly rebuts this, however, by saying that open source installations at major established organizations show these fears to be groundless. "The tide is turning, as open source takes on mission-critical projects and mission-critical performance levels. The pieces are there - Linux, Apache, MySQL, Eclipse, Struts - and organizations are integrating the pieces into impressive capabilities. These are not pilot projects or ancillary activities. Open source is front and centre, running the business."

The report also republishes a 2003 survey of database development managers by the Evans Data Corporation. The survey found that 62 percent of these managers expected some cost savings from implementing Linux; more than 11 percent expected a dramatic saving of more than 50 percent of costs, while 23 percent expected a more modest 10 percent saving or less. Some 38 percent expected no cost savings.

The report suggests that "in general, as you move up the [software] stack, costs increase, making the savings potential greater. In the area of serverware, Web server software is the low-hanging fruit for open source savings. Savings accrue from low to no acquisition costs, which can amount to millions of dollars in large organizations." (For a list of TCO considerations see "Free . . . But at What Price?", left.)

Koff says that, depending on your organization, and if you are using a third party for service and support, "the costs aren't really that much different [from using proprietary software]; you may be taking away 5 percent".

Some, like the 38 percent of the Evans Data survey, are not even that optimistic. Nick Abrahams, a partner with law firm Deacons with a specialty in digital industries and technology, warns that open source is not necessarily cheaper at all. In fact it can incur greater costs. An equal concern, he says, involves significant legal issues with self-drafted licences, obligations to redistribute, access to proprietary code, warranties and litigation (such as the SCO case against IBM and others).

The LEF report, in a 10-page section on legal and business issues, admits that "although the source code may be free to use, it is not free of obligations. Non-compliance with these obligations could negate the organization's right to use the software, and in certain circumstances non-compliance could signal breach of contract, making the organization potentially liable for financial damages."

According to the General Public Licence (GPL), the concept of "copyleft" mandates that everyone has the right to use, modify and redistribute a program's code or any program derived from it upon the same terms. The licences that have abounded following the development of the GPL, the Lesser General Public Licence (LGPL) and the OSI, which themselves differ on some fundamental issues, also offer differing variations on the "open" or "free" nature of open source code and how it can be used and reused, particularly with concern to incorporated proprietary code.

In the case of end-user problems with the supplied code, the report goes on to say that "it is not unusual for the licence terms that govern a person's use of open source software to be minimal to lacking in terms of warranties" and that "the very size of the user community can make it impossible to identify what attorneys refer to as the 'chain of title' - the transparent history that determines ownership of a software product".

Most of the legal argument in this section revolves around issues of using proprietary code and the impact of copyright (as opposed to "copyleft"). However, the report bluntly admits that: "Finally, the user has no remedy if use of the software fails to meet the user's needs or expectations." In other words, caveat emptor, even for emptors not paying anything.

This is not always the case in Australia, though. Abrahams says that the Trade Practices Act in Australia overrides exclusion of liability clauses in licences. A user who suffers damage could bring a suit against a code developer, even if that code developer were several links back in the chain of title.

Caveat emptor, all the same.

Page Break

Open-and-Shut Case

Ultimately, the LEF report, as you would expect, comes in positively.

"Open source solutions are safe to use despite the SCO [software infringement] case. For industry and government organizations seeking to reduce ongoing IT costs or looking for new applications with richer functionality, the opportunities with open source are virtually limitless. All potential open source customers must understand the open source software and licences they intend to use, particularly when undertaking development in-house. They can also rely on their trusted service provider to ensure compliance - that is, leave it to the experts."

Koff believes it is this bank of experts - the third parties like Red Hat - that will become important to avoid the hit-and-miss development scenario that so many fear.

1 2 Page 1
Page 1 of 2
Security vs. innovation: IT's trickiest balancing act