Whether they realize it or not, more than 95% of IT organizations worldwide use open source software (OSS) as part of critical IT workloads. Additionally, interest in open source continues to grow: Gartner predicts that more than 70% of companies will increase their IT spending on free software by 2025.
IT organizations are leveraging open source software for cost savings, flexibility, and innovation benefits over in-house or third-party business alternatives. Yet even as open source software proliferates in enterprise environments, many CIOs, CTOs, and enterprise architecture leaders lack a comprehensive understanding of its business value and use cases.
Here are the answers to some common questions IT managers may have about open source technology, which can be a key enabler of innovation and digital transformation efforts:
1. What is open source software?
“Open source” is a model of software development and distribution that provides access to source code and encourages community management and technology support. OSS is defined by a specific licensing system, enabled by broad collaboration between developers and users via the Internet, and empowered by large and diverse communities that leverage open innovation principles.
2. Why do organizations use free software?
IT organizations around the world use open source software in a wide variety of use cases, most commonly in application development, infrastructure software, DevOps, and data and analytics, including artificial intelligence ( IA). Many companies are looking directly for free software as an alternative to traditional buy-versus-build options.
While there are many factors that can influence an organization’s decision to use open source software, the most common reasons for doing so include:
- Cost: Almost all open source users expect cost savings, compared to proprietary or licensed third-party solutions. However, Gartner’s research has shown that open source efforts don’t always save money. This outcome depends on many factors, including governance and the skills needed to operationalize it.
- Freedom and Flexibility: The ability to access source code is a frequently cited advantage of free software. Additionally, no single entity has exclusive control of an open source project, so adopters typically have the flexibility to find multiple commercial vendors when needed for mature projects. Users also find flexibility in choosing self-help options versus sales support options. The key to maximizing the ROI benefits offered by OSS flexibility lies between the theoretical freedom to exercise control and customization, and the realistic ability to do so, which is limited by factors such as engineering knowledge and bandwidth.
- Talent acquisition and retention: Many infrastructure developers and engineers want to work on cutting edge projects, they want their contributions recognized beyond monetary rewards, and they want to engage in social learning. Using OSS provides opportunities for all of these factors and becomes a magnet for hiring and retaining motivated talent.
- Innovation: Open source is the dominant software model for open innovation efforts in the new digital economy. It also allows companies to tap into a larger pool of innovative talent and offers the possibility of faster access to software features from public repositories.
3. What are the risks of free software?
Despite popular belief, open source solutions are inherently neither more nor less secure than proprietary third-party solutions. Instead, a combination of factors, such as license selection, developer best practices, and project management rigor, establishes a unique risk profile for each OSS solution.
The main risks associated with open source include:
- Technical risks, including general quality of service flaws and security vulnerabilities.
- Legal risks, including factors related to OSS license compliance as well as potential intellectual property violations.
- Security risks, which begin with the nature of the costs of acquiring free software. The total cost of acquiring open source is virtually zero, as open source adopters are never required to pay for the privilege of using it. Unfortunately, a critical side effect of this low acquisition load is that many open source assets are either under-managed or completely unmanaged once established in an IT portfolio. This under-management can easily expose both quality and safety risks, as these assets are not patched and updated as frequently as they should be.
Finally, vendor foreclosure can still be a risk factor, given the tendency among vendors to add proprietary extensions on top of an open source (open core) foundation.
Ultimately, whether built, purchased, or borrowed, software development efforts require rigorous standards and best practices for security, quality, and risk management. OSS adopters should measure its risks against their own risk thresholds and use cases, while taking into account factors such as project maturity, licensing adequacy, and availability of business support options. third.
4. How should organizations evaluate free software?
Selecting OSS is not much different from selecting proprietary and commercial software. Key criteria to assess include functionality, integration, and cost of ownership. A key advantage that good OSS projects benefit from is better transparency. Unlike private proprietary solutions, metadata supporting free software is easily discovered and documented.
IT managers should include the following criteria when evaluating an OSS project:
- Code activity, which is measured by metrics like commits per quarter, as well as the amount and diversity of code contributors and where it’s hosted.
- Software version history, which should show a steady rate of software releases and overall project maturity.
- Community support and documentation, which can be measured by the bug fixes in the project issue tracking, as well as by the vibrancy and usefulness of the support threads.
- Ecosystem, which should include a wide range of companies and individual developers contributing code.
- License model, which is measured by permissiveness of use and redistribution and any negative implications of license misuse.
- Security reports, including the process for fixing code-related bugs and security vulnerabilities and whether there is a reliable way to report them privately.
5. How can organizations use free software most effectively?
To be successful with open source, IT leaders must recognize its strategic importance to business strategy, apply policies for effective governance, and communicate its value to various stakeholders.
Any open source effort should be approached organization-wide, with the participation of leaders in enterprise architecture, engineering, security and risk, infrastructure and operations (I&O ) and procurement. In large corporations, establishing an open source program office is an effective way to govern and expand open source efforts.
IT managers should view open source as an unavoidable investment that, with proper management, will yield significant benefits in terms of innovation, total cost of ownership, talent retention, and business value.
Arun Chandrasekaran is a senior vice president of research at Gartner, where his research focuses on providing strategic advice to CTOs and CIOs on how to drive technological innovation within enterprise IT. . Gartner analysts will discuss application innovation and software engineering strategies at the 2021 Gartner Application Innovation & Business Solutions Summit, which will be held virtually May 26-27 in the Americas.