Open Source – Your insurance for the long term against unplanned vendor mishaps

By Gilles Gravier, Wipro

gilles

One of the most common questions for organisations which acquire new technology, whether it is software, or hardware, and in particular when it is from a new vendor they are going to work with, is if this product will continue to live, evolve, and more importantly be supported, for the duration of their use of it.

Even in today’s ultra-dynamic world of agile methodologies, devops, and where time to market is paramount, organisations still put in place their IT for the long term. This is even more sensitive when it is a government, as choices for technologies often have a duration of several decades or more. If a state decides to write electronically, then store digitally its constitution, this is done with an objective of it being usable for potentially several decades or even beyond a hundred years.

Looking back at the information technology history, some of the major players, including those that had been considered to be there forever (anybody remember Digital Equipment Corporation) have disappeared almost overnight, and their customers were left with solutions that were either hard to maintain, or impossible to maintain, and certainly would never again evolve to follow the rest of the industry. This is a nuisance for any user of technology, and a serious risk for any organisation for which IT is mission critical.

When a solution used is proprietary, if the vendor disappears, or if they decide to stop providing support or updates for it, the users are left to their own devices. It’s risky to reverse engineer the product as, even if the vendor isn’t there any more, it is certain that lawyers in charge of their intellectual property will remain active for long. Sometimes there is the choice of very expensive support for a short grace period after the decision to stop the product. But soon enough, it’s time to migrate to something else. And usually at that point, it’s urgent, and options are limited.

Open source offers a completely different perspective on long term availability of IT solutions. This is one of the key benefits of the four freedoms of open source (as defined[1] by the Free Software Foundation):

  • The freedom to run the program, for any purpose.
  • The freedom to study how the program works, and adapt it to your needs.
  • The freedom to redistribute copies so you can help your neighbour.
  • The freedom to improve the program, and release your improvements to the public, so that the whole community benefits.

These four freedoms enable not only the original vendor, but, should anything happen to them, any other competent organisation, to provide support, even commercial, with service level agreements, to any user of the product.

In a typical scenario where a vendor of an open source product disappears, or decides unilaterally to stop making this product available (either because they stop developing it, or they decide to move to a closed source version), any user can take an existing copy of the most recent source code, and use it to provide support, by writing patches, but even more interesting, by then making it evolve and continue to have a full product life for as long as there is actual interest in it, since the open source license it came with gives the four freedoms mentioned above. This user can be the end-user, an organisation who is using the product internally, and has in-house expertise on the products source code, but it can also be a third party company (often a system integrator or a value added reseller) that is payed by an end user to provide them with the needed support.

This situation has happened multiple times already. One of such examples is when Oracle acquired Sun Microsystems. Sun had a great suite of open source identity management products. Oracle decided to discontinue that suite in favour of their own, and left the customers with not much choice. A group of ex-Sun developers, headed by Lasse Andresen went on and picked up the available source code, and created a company[2] around it to offer commercial support to the original customers. They did so well that now the products[3] have continued to evolve and progress, and the company has grown from a few tens of employees to over 300.

There are other examples where a company (Tenable Network Security) took an open source product, Nessus, and decided that the next iteration would be closed source. The community picked up the last available version of the open source code of it, and created GnessUs, which is now OpenVAS[4], a fully open source, GPL licensed, vulnerability assessment system, built on the original Nessus source code, but with a growing set of functionalities.

This is why some organisations using open source software decide to build internal expertise on the product they use by training or hiring developers and encouraging them to contribute to the upstream project, and even become committers. Others simply work with third party integrators or consultants that provide them with the desired service level agreements for their support.

Making the choice to use open source is a strategic decision that not only has an immediate financial impact on license costs, but a long term, risk mitigation impact of ensuring that you will be able to use the products you select for as long as you need them available to you. You might need to change services or support partners over the years, but you will remain in control of your technology agenda, rather than being hostage to the will of a proprietary vendor.