4 minute read
INDUSTRY WATCH by Ken Mugrage
from SD Times May 2022
by d2emerge
Ken Mugrage is principal technologist, Office of the CTO, Thoughtworks.
Industry Watch
BY KEN MUGRAGE The changing economics of open source
The past several months have seen an unusually high level of commotion in the open-source community, largely focused on the economics of who — and how we — should pay for ‘free ’ software. But this isn ’t just some geeky flame war. What’ s at stake here is business-critical for vast swaths of the business world.
So what’ s all the fuss about?
To get a handle on this, it helps to consider what open source means today. In its earliest days, the open-source movement was all about creating alternatives to large software packages. And there were some outstanding successes that enabled large groups of people to participate: I started my first web company in the mid ’90s with almost no capital, based largely on the availability of the Linux operating system, Apache web server, and PHP programming language.
Open source’s early promise
The early days were also characterized by some fine ideals about what it meant to be open source: that anyone could and would review the codebase to identify and fix bugs, that people would take code bases and contribute to their advancements; that there was a profitable business model for building ‘free ’ software.
Online systems like SourceForge and later GitHub made it easier to share and collaborate on smaller open-source components. The subsequent Cambrian explosion of open-source software has tested some of those original ideas to breaking point. In contrast to the focus on creating alternatives to large software packages, today there ’ s a proliferation of open-source software, on one side we have internet giants churning out all manner of tools, frameworks and platforms, at the same time, one-dev bands have created small but critical parts that support a huge number of businesses.
The diversity of open-source projects today has challenged many of the initial principles. So in many instances, the codebases for open-source packages are simply too large to allow for meaningful inspection. Other packages are distributed by internet titans that have no expectation that anyone else will contribute to them. Yet other releases are distinct, point releases that may only do one relatively minor task but do it so well that they ’ ve spread across the internet — but rather than an active community of maintainers, they ’ re often just a passion project for one or two committed developers.
You can appreciate the challenges this can create by looking at some recent examples of open source ’ s changing economics.
Take ElasticSearch. Back in September 2021, Elastic changed its license to require cloud service providers who profit off their work to contribute back. Those changes caused high dudgeon in the open source community and prompted AWS to fork the code base and create a new distribution for their OpenSearch product.
At the other end of the scale, a security snafu in Log4J created what’ s been dubbed the biggest bug in the internet. The popular open-source logging tool is widely used across a multitude of systems today. But its popularity didn ’t mean it was backed by a crack maintenance team; it was maintained by hobbyists. Here, throwing money at the problem is hardly a solution. We know of many open-source enthusiasts who maintain their software personally; and they have busy professional lives — the last thing they want is to the responsibility of a servicelevel agreement because someone has paid them for their creation.
What’satstakehereis business-criticalforvast swathsofthebusinessworld.
Can open source continue to thrive?
So is this the end of the road for the open-source dream?
Certainly, many of the open-source naysayers will view the recent upheaval as proof of a failed approach. They couldn ’t be more wrong.
What we ’ re seeing today is a direct result of the success of open source software. That success means that there is no one-size-fits-all description of what open source software is, nor one economic model for how it can succeed.
Once you start looking at crucial parts of your software stack where you ’ re reliant on hobbyists, your choices begin to dwindle. But if the Log4J commotion has taught us anything it’ s this: auditing what goes into the software that runs your business puts you in a better place than being caught by complete surprise. z
The latest news, n news analysis and commentary delivvered to your inbox!
• Reports on the newest technologies affecting
enterprise developers enterprise deveelopers • Insights into the e practices and innovations
reshaping softwware development • News from softtware providers, industry consortia, open n source projects and m more