Escolar Documentos
Profissional Documentos
Cultura Documentos
OPEN SOURCE
SOFTWARE
White Paper
February 2010
White Paper
February 2010
To determine whether or not open source software is the right choice for your
organization, you must weigh the pros and cons. Lets begin with prosthe tangible
benefits that have significantly increased open source adoption in the last decade.
Analyst firm Gartner predicts that 90% of enterprise software development businesses
will be using open source software by 2012.1 But, its not just software development
firms that are warming to open source software. Adoption is on the rise in all business
verticals, from financial institutions to government agencies. In the last two years, for
instance, open source has become prevalent in large, traditional financial institutions
like Credit Suisse, Bank of America and Goldman Sachs. Similarly, the Department of
Defense (DoD) and Department of the Navy (DoN) report that a variety of open source
software programs are in operation in both classified and unclassified environments
inside their organizations.2
These are some primary reasons why open source software has become so
prevalent.
1. Free licenses.
The driver for many organizations is free software licenses. When licenses are free,
businesses cut initial hard costs of product and project development. Businesses
are under terrific pressure to cut costs and open source software offers a concrete
way to significantly slash budgets. A 2008 Forrester Research study reported that
CIOs regard lower costs as the main reason for using open source software in their
organizations: It is not just the cost of the [commercial] license, but also the fact
that [you] have to pay between 20 and 25 percent of the value of the license per
year on an annual maintenance agreement with commercial products, says senior
Forrester analyst, Jeffrey Hammond.3 In todays tough economic environment, the
lure of free software licenses is hard to resist. Additionally, because open source
software is free, its very easy to acquire. Developers simply download the code and
can immediately start working. Theres no lengthy procurement processes to slow
down developer productivity.
Under the GPLthe General Public License that allows developers to use open
source software for freeyou have full access to the open source code you use.
That means you can freely change the code and add new functionality whenever
you want. Plus, anyone can make alterations to open source software; you are not
obligated to work with specified third-party vendors who often charge exorbitant
prices for custom work.
Despite skeptics fears about the quality of open source code, there is plenty of
evidence that the overall number of defects in open source code drops over time.4
As open source communities collaborate the code base inevitably improves; bugs
are fixed; features are added; it achieves faster performance and integrates more
seamlessly with other systems. When you buy in to open source software you
dont just get the code you implement today. You get what the software will be
tomorrow, next year and a decade from now.
4. Code stability.
In the enterprise, dynamic open source languageslike PHP, Perl and Pythonare
the most popular flavor of open source. According to a 2010 Forrester survey,
57% of developers surveyed have used dynamic languages in their development
work.5 As such, popular programming languages have considerable momentum
behind them with millions of developers working on the code. With so many people
dedicated to these open source projects, their viability is not in question. Unlike
commercial software vendors, theres virtually no chance that established open
source languages will vaporize when economic times are tough.
When you implement, alter and add to open source software, you become part of a
thriving community of passionate software developers. This philosophical take on
open source may seem banal from a business perspective, but it offers some real
technical advantages. As part of a community, you can solicit help in discovering
and building new and useful functionality. Youre not at the mercy of commercial
vendors who may never make improvements or upgrade their software to integrate
more smoothly with other systems, achieve faster performance, or combat new
security threats.
Open source is synonymous with freedom. Not just free licenses, but freedom
to alter and improve the code base and to benefit from others who do the same.
Believers view open source software as self-sufficient technology that removes
development barriers and improves the overall quality of software projects.
Yes, open source licenses are free and anyone can alter and improve the code to fit
their needs. But, there can be risks and unpredictable outcomes when open source
software is not factored into the overall business strategy. For open source to work
for an organization, developers and managers must be on board to ensure that both
the technical and business demands of open source software are properly managed.
So, to balance the debate, here are the consthe problems that frequently result in
cost overruns, technical roadblocks and business interruptions. If youre considering
implementing open source software as part of your IT strategy, dont overlook these
potentially troublesome issues.
Just because something is free does not mean that it has no cost, says Laurie
Wurster, a Gartner analyst.6 Many companies are blinded by free licenses and ignore
the true cost of open source software. Licenses are free, but the software doesnt
run itself. To get an implementation up and running smoothly youll need experts
in-house or consultantsto complete the installation and complex integrations. Like
any software implementation, open source projects, if not managed properly, can
stretch development budgets.
2. Code maintenance.
When you use open source software, theres no proprietary software vendor
maintaining the code for you. Its up to your team to install updates, make security
fixes, implement new modules, and more. But, when your IT team is already
stretched with core development projects and under tight delivery deadlines,
open source software maintenance can go by the wayside. This quickly becomes
problematic. If you dont make open source code maintenance a priority, the quality
of your software project can deteriorate: security patches arent installed and bugs
dont get fixed. With the continual uptake of open source software in the enterprise,
companies are offering commercial or hybrid versions of open source that include
technical support and maintenance services, so the burden of maintenance doesnt
need to fall entirely to in-house development teams.
3. No support contracts.
Open source software doesnt come with support. When youre on a tight
development schedule, a lack of formal support can put your project at risk.
The open source community is typically helpful and will likely respond to your
questions and queries. But, these developers are under no obligation to do so in a
timely manner. This is especially problematic if your company uses open source
software in mission-critical applications, or if you use open source software in
commercial products. Without 24/7 technical support in place, your own products
time to market may lag. Even worse, uptime can suffer and your customers will
feel the negative effects. Alex Wied, head of Accentures Innovation Centre for Open
Source, says investing in professional software support--even for open source
software--is critical: It is essential that theres a trusted vendor, behind each
software, that secures technical support regardless if proprietary or open source.7
Similarly, the DoD and DoN have initiated a policy that strongly encourages all open
source software to be professionally supported, either by someone inside those
organizations or by a third party. To mitigate the risk of open source software going
bad, you must invest in support services, an oft forgotten line item in open source
implementation budgets.
4. Legal liability.
You dont have to pay for open source licenses, but you must license the open
source software you use in enterprise products. Although open source licensing
terms have nothing to do with money, they can put restrictions on how you distribute
your product. With dozens of open source licenses to choose from (GPL, Artistic,
LPGL, Creative Commons, BSD, to name a few), managing licensing is notoriously
confusing. It can be an administrative headache and opens your business up to legal
liability. If you misinterpret licensing requirements, you could unwittingly wind up in
an embarrassing and potentially costly legal battle like Cisco did in 2008 when the
Software Freedom Law Center filed a copyright infringement lawsuit against Cisco
Systems for violating open source software license agreements. Under the terms
of the General Public License (GPL), distributors of enterprise software that use
open source code must make the open source code available with their software
distribution. Cisco failed to do so. The company ultimately settled the lawsuit by
making a monetary donation to the Free Software Foundation and by appointing a
Free Software Director to conduct continuous reviews of the companys license
compliance practices.8 Even if a licensing debacle doesnt lead to litigation, your
company could be fined, or worse, your organizations reputation could be damaged
resulting in negative PR, even a drop in share prices.
In theory, it should be easy to document open source usage in an organization
and license it correctly. In practice though, most organizations fall short. A 2008
Gartner survey reports that the majority of businesses using open source software
have no formal policies in place for cataloguing open source software usage in their
businesses. Thats because open source software doesnt go through the same
procurement process as proprietary software. Developers can download it from the
Web and use it without managers even knowing its there. Of course, if you dont
know what open source software youre running, you cant be licensing it correctly.
Gartner analyst, Laurie Wurster says to avoid liabilities, companies must have a
policy for procuring OSS, deciding which applications will be supported by OSS, and
identifying the intellectual property risk or supportability risk associated with using
OSS.9 Especially if you have a commercial product out in the world, the chance of
users discovering open source embedded in your software is high, which makes
using open source software in enterprise products a risky proposition without proper
licensing. To mitigate this kind of legal risk, software development companies are
beginning to enlist the help of third-party licensing experts who make sure open
source software licensing is in place and accurate.
Free software licenses and flexible, extensible code is hard to pass up. But, when
you factor in the time and financial costs of implementation and maintenance, plus
the lack of formal support and potential license infringement, its clear that unless
managed properly open source software may have a higher price than developers
and managers expect.
Both arguments have valid claims. So, where to start in making your realworld evaluation? Too many companies jump on the bandwagon without fully
understanding the true cost of an open source implementation. Or, conversely, they
avoid open source altogether thinking that the risks are too high. In a 2008 Computer
Weekly article about open source liability, Gartner shares survey results from 274
companies around the world. Gartner measured high open source software usage,
but found that most (69 percent) of companies were not measuring the cost of their
open source usage.
So, lets look at some hard costs of open source software. Well also look a hybrid
approachenterprise-grade open source software delivered by a third party, like
ActiveState, which offers technical support, indemnification and redistribution rights
along with best practices development expertise for dynamic languages including
Perl, Python and Tcl.
With numbers from the chart and formulas below, we can use this formula to
calculate TCO:
A = Acquisition costs
I = Implementation costs
M = Maintenance/support costs
L = Legal costs
A + I + M + L = TCO
Costs
Open Source
Dynamic
Language
Enterprise Dynamic
Language Solutions by
ActiveState
Acquisition Cost
(Software Licenses)
None
None
Training
Development
Maintenance and
Support
Legal
(Distribution Rights
and Indemnification)
The sample calculations in the following chart are ballpark figures and may not accurately represent your project,
including how much training and development hours are required. However, they provide a basic cost comparison
between two open source deployment methods. In this case we compare the cost of using pure open source Perl
and ActiveStates Perl Enterprise distribution. The following table shows typical costs for a small development
project.
Costs
Acquisition Cost
(Software Licenses)
Training
Development
Maintenance and
Support
Legal
(Distribution Rights
and Indemnification)
Total
Open Source
Dynamic
Language
Enterprise
Dynamic
Language Solution
Savings with
ActiveState
None
None
None
50%
Annual ActiveState
Enterprise solution fee,
approximately $25,000
59%
$234,900
(development accelerated by
ActiveState support)
Annual ActiveState
OEM License and
Indemnification coverage
fee, approximately
$14,000
$147,950
25%
18%
PLUS
If you become involved in
a lawsuit, licensing costs
could explode by 200 or
300 %.
$86,950
in savings
ActiveState pricing in the table above has been averaged and is for example purposes.
Please consult with ActiveState to determine exact pricing for your project.
Obviously, the cost savings in reduced development time will scale as a project grows. Using the charts above as a
reference, you can calculate real costs for your project using commercial software with this formula:
Acquisition Costs = (Project Duration * Developer Seats) * Annual Cost per Developer
Seat
Implementation Costs = Training + Development
Training = Number of Developers * Salary per Month *
Number of Days
Development = Number of Developers * Salary per Month *
Number of Months
Maintenance and Support = Annual Fee for Support Contract
Legal Costs = None
Calculate costs for a project using commercial open source solutions. Contact ActiveState for a quote to complete an
accurate calculation:
Acquisition Costs = None
If, after considering TCO, open source software is an attractive alternative for your
organization, then following these five best practice principles will put you on the road to
successful, cost-effective open source software implementations.
Open source software is continually improving, but that doesnt mean its perfect today. If
the software you choose is not top quality, it can cause a ripple effect that can ultimately
downgrade your product or project. Open source is simply a licensing model; it does not
mean best practices, like incorporating open standards, are in place. If quality code is
important to youand it should bedo your homework and choose a tried and tested
application or language distribution with a stellar reputation like ActiveStates ActivePerl, a
quality assured version of Perl that improves on pure open source Perl.
Open source software must be nurtured. You have full access to the code, so it is your
responsibility to undertake routine maintenance: make version updates, install security
patches, add new modules, etc. Open source software development keeps moving and
improving, so you must keep up with the latest versions. In the worst case scenario,
developer attention starts to shift toward newer versions and features and organizations
using older releases end up relying on code that is getting less and less attention, few
bug fixes and less security attention. Staying on top of code maintenance will ensure that
code quality does not deteriorate.
At first glance, managing open-source licensing on your own seems straightforward, but
it is complex and time consuming. First, you must determine top-level licensing. Then
its on to deciphering module-level dependencies. Open source languages are made
of up thousands of libraries, modules, packages and frameworks that are all licensed
separately. Youll need to develop processes for cataloguing open source software
including version and release numbers, whether its used internally or will be distributed,
whether its been modified, etc. There is the significant cost of developing this process
in-house, or getting legal advice to ensure open source software licensing doesnt
become your downfall. Its easy to ignore licensing, but the consequences are intellectual
property infringement and unexpected costs.
If you dont have an expert on your team in the specific open source application or
language youre using, then solving technical problems can be difficult. Documentation is
not always available, or helpful. Plus, you may need to wait days or weeks for the open
source community to answer your queries. Research also indicates that up to 39% of
information seekers never receive public replies to their queries.10 This principle requires
that you either hire in-house expertise, or that you work with a third-party, enterpriselevel support team that wont leave you high-and-dry when issues threaten project
success.
Following these five principles is difficult. Especially when the particular open source
component isnt your core area of expertise and your team has other important tasks
to focus onlike getting your product to market or implementing an internal system
or solution. According to IDC analysts, an increasing number of organizations are
subscribing to third parties to support open source software in their businesses.
At ActiveState, we provide a safety net, by offering enterprise-grade language
distributions for Perl, Python and Tcl along with commercial support, indemnification and
distribution rights packages. Our open source language distributions are renowned for
quality and are now the de-facto standards for millions of developers around the world.
Like all open source code, ActiveState language distributions are provided free to the
community.
ActiveStates enterprise-level dynamic language expertise and reliable support for Perl,
Python and Tcl are designed to help organizations meet development deadlines and
keep overall costs down by allowing developers to focus on their core competencies.
ActiveState also provides Intellectual Property indemnification packages, which help
organizations building business-critical and mission-critical systems, minimize legal
risks, ensure compliance, and accelerate productivity. Enterprise-grade support and
licensing solutions minimize the hardships associated with code instability, unreliable
technical support and potential license infringement. From development troubleshooting
to emergency in-production coverage, ActiveState support ensures priority access to
open source language experts and includes unlimited incidents, guaranteed response
times, and fixes delivered to you quickly.
Dont reinvent the wheel in-house; avoid budget overruns and blown deadlines. Instead,
rely on our experts and commercial support and enjoy one more thing you dont have to
worry about.
In addition, if you are distributing, selling or bundling software, hardware or devices that
contain open source components, your organization may be exposed to serious legal risk.
Through OEM licensing, ActiveState offers turn-key redistribution rights, indemnification,
and commercial support to guarantee assurance to software and hardware vendors and
their customers removing any risks associated with copyright infringement lawsuits.
Who is ActiveState?
ActiveState, the dynamic languages company, is the world leader in enabling companies
to develop, manage, and distribute applications with dynamic languages from
mission-critical applications to open source projects. ActiveStates development tools,
commercial-grade language distributions, commercial support, indemnification, and
OEM solutions accelerate productivity, minimize risk, eliminate complexity, and ensure
compliance with use and distribution of dynamic languages. With a focus on Perl,
Python, Tcl and web languages, a strong community of 2 million developers and 97%
of the Fortune 1000 rely on ActiveState, including technology, finance, aerospace,
and government organizations such as Cisco, CA, Hewlett-Packard, Bank of America,
Siemens, Lockheed Martin.
Footnotes
1 Peter Judge, Gartner: Open source will quietly take over, ZDNet UK, April 4, 2008, http://news.zdnet.
co.uk/software/0,1000000121,39379900,00.htm
2 DON CIO memo, Department of the Navy Open Source Software Guidance, of 05 June 07 and DOD
CIO memo, Clarifying Guidance Regarding Open Source Software (OSS), October 16 2009.
3 Cliff Saran, Tough times boost open source sales pitch, Computer Weekly, December 9, 2008.
4 Chris Kanaracus, Study Shows Open-source Code Quality Improving, PC World Business Center,
September 23, 2009. http://www.pcworld.com/businesscenter/article/172469/study_shows_opensource_
code_quality_improving.html
5 Jeffrey Hammond, What Developers Think, Dr. Dobbs, January 16, 2010, http://www.drdobbs.com/
architect/222301141.
6 Antony Savvas, Firms open to huge open source liabilities, Computer Weekly, November 18, 2008.
http://www.computerweekly.com/Articles/2008/11/24/233445/Firms-open-to-huge-open-source-liabilities.
htm
7 Alex Wied, Commercial open source is essential to enterprise IT, ComputerworldUK, August 13, 2009.
http://www.computerworlduk.com/community/blogs/index.cfm?entryid=2443
8 Ryan Paul, Cisco settles FSF GPL lawsuit, appoints compliance officer, ars technical, May 21, 2009,
http://arstechnica.com/open-source/news/2009/05/cisco-settles-fsf-gpl-lawsuit-appoints-complianceofficer.ars
9 Antony Savvas, Firms open to huge open source liabilities. Computer Weekly, November 18, 2008.
http://www.computerweekly.com/Articles/2008/11/24/233445/Firms-open-to-huge-open-source-liabilities.
htm.
10 Karim R. Lakhani and Eric von Hippel, How open source software works: free user-to-user
assistance, MIT Sloan School of Management, July 12, 2002.
11 Anuradha Shukla, IDC: Organisations adopt open source to reduce expenses, Computerworld,
September 29, 2009. http://news.idg.no/cw/art.cfm?id=073779BA-1A64-6A71-CE90B369D13FD0C2.