1© 2016 Rogue Wave Software, Inc. All Rights Reserved.

1

Top open source lessonsfor every enterpriseEpisode 2:

When is free not free: The true costs of open source

2© 2016 Rogue Wave Software, Inc. All Rights Reserved.

2

Richard SherrardDirector of product management

Presenter

Rogue Wave Software

3© 2016 Rogue Wave Software, Inc. All Rights Reserved.

3

Poll #1What percentage of your mission critical software is open source?

A: 0 to 25%B: 26 to 50%C: 51 to 75%

D: 75%

4© 2016 Rogue Wave Software, Inc. All Rights Reserved.

4

Agenda

1. An explosion of open source2. Real cost of open source3. Managing the risk 4. Summary5. Q&A

5© 2016 Rogue Wave Software, Inc. All Rights Reserved.

5

An explosion of open source

6© 2016 Rogue Wave Software, Inc. All Rights Reserved.

6

Open source evolution

OSS in the enterprise

1980’sFreeware/shareware

BBSGPL

Unaware

1990’s“Open

source”Apache, Tomcat,

JBossPHP, Python,

RubyLinux

Early tests

2000’sFUDOSS

company explosionInsurance

playsGit

Android

Keep out!

2010’sPackage explosion

GitHub ascensionFull speed

OSS adoptionDockerSwift

Adoption

2016“OSS first”

policiesCentOS in enterpriseCloud OSSCognitive computing

Ubiquitous

7© 2016 Rogue Wave Software, Inc. All Rights Reserved.

7

Innovation drives open source adoption

Open source components provide critical functionality Improves developer productivity

No license fees

“More eyes” can improve quality & security as long as static and dynamic analysis are also used

Leveraged development effort

Apache, Tomcat, Wildfly, Jakarta Commons, jQuery Communities continuously improve features

Mature, commoditized applications and libraries

Community peer review

8© 2016 Rogue Wave Software, Inc. All Rights Reserved.

8

Poll #2 What do you see as the biggest benefit you

get from using open source?A: Innovation

B: Cost C: No Vendor Lock-in

D: QualityE: Security

F: Other

9© 2016 Rogue Wave Software, Inc. All Rights Reserved.

9

Leverage the benefits of OSS

“Open source is the way of the future. Yes, there will always be software companies that make money from software; however, open source is an excellent way to get a quality product.” – Andrew Carr, enterprise architect,in Stack Overflow

"While CIO’s may be wary of OSS, they realize that using it and contributing to the open source community attracts bright young minds, and may lead to kudos for the organization." - CIO Magazine

Innovation

Quality

Cost

Security

No vendor lock-in

10© 2016 Rogue Wave Software, Inc. All Rights Reserved.

10

Growth of open source

Use of open source continues to grow at an extreme pace

90% of companies use OSS components

in commercial software (Gartner)

>80% of a typical Java application is

open-source components and

frameworks (TechCrunch)

11 million developers

worldwide make 13 billion open source requests each year

11© 2016 Rogue Wave Software, Inc. All Rights Reserved.

11

Open source crossed the chasm

99% of Global 2000 companies are using

open source in mission critical applications

12© 2016 Rogue Wave Software, Inc. All Rights Reserved.

12

Real cost of open source

13© 2016 Rogue Wave Software, Inc. All Rights Reserved.

13

Real cost of open source

Acquisition Implementation Production

Package

choice

Package configuration and set up

Production

downtime

Documentation is sparse or

inaccurate

Unknown license

obligation or conflict

Slow response

from community

Version maintenanc

e

Developer training

14© 2016 Rogue Wave Software, Inc. All Rights Reserved.

14

Acquiring open source

Package selection

Developer skill sets & training

Architecture design

15© 2016 Rogue Wave Software, Inc. All Rights Reserved.

15

Implementing open source

"Unchecked tactical adoption of OSS creates unmanaged risk and unrealized returns, and application development professionals should not tolerate it."

Configuration & setupLicense compliance

DocumentationDevelopment issues

16© 2016 Rogue Wave Software, Inc. All Rights Reserved.

16

Open source in production

"The way to think about it is that support is unbundled (from the software) but widely available."

Production downtimeCommunity responsiveness Version maintenance

17© 2016 Rogue Wave Software, Inc. All Rights Reserved.

17

Poll #3How do you support your open source today in your organization?

A: Every developer supports themselvesB: Reach out to community for help

C: Internal OSS support teamD: Contracts with commercial support vendor

E: Not sure

18© 2016 Rogue Wave Software, Inc. All Rights Reserved.

18

Risk of OSS

19© 2016 Rogue Wave Software, Inc. All Rights Reserved.

19

Risk of open sourceOpen source software is “Free as in free speech, not free as in free lunch”

How do you manage OSS risk?

Poor documentation

Incorrectly advertised features

Major security vulnerabilities

Difficulty attaining internal

knowledge

When OSS misbehaves in your critical infrastructure, the damage could end up costing more than commercial solutions

No commercial support

20© 2016 Rogue Wave Software, Inc. All Rights Reserved.

20

Risk: How open source is different

Navigate complex OSS packages requiring broad and deep expertise

Who do you call when your “mission-critical” open source

application has an issue?

Developers have to negotiate wasted cycles and downtime while

waiting for fixes from the community

No formal training provided on the OSS package

Developers do not have anyone to help with risks and development

pitfalls

You are dependent upon the OSS communities to provide you help

and fixes

21© 2016 Rogue Wave Software, Inc. All Rights Reserved.

21

Managing the risk

22© 2016 Rogue Wave Software, Inc. All Rights Reserved.

22

Managing the risk

OSS Maturity state

PastDidn’t understand

OSS“Don’t worry, it’s

free”Low grade noise on

licensing

Unaware

PresentSecurity is making

headlinesLicensing lawsuits

Reactive Intermittent

attention(Un)known unknowns

Experimentation

Near futureMore diligence in

supporting production

Visibility into OSS use

Open source experience is a hiring attribute

Intentional

23© 2016 Rogue Wave Software, Inc. All Rights Reserved.

23

Do you know what OSS you're

using?

Can you trust what

OSS is in your

code?

Do you monitor for

security flaws in your OSS

on an ongoing basis?

How do you determine what legal,

compliance, or copyright

issues are in your OSS?

Are you possibly at

risk for unknown

security flaws in your OSS?

How do you track your

OSS inventory?

Do you know where & and how OSS is being used throughout

your organization?

Measuring open source risk

24© 2016 Rogue Wave Software, Inc. All Rights Reserved.

24

Example audit reportOpen source Bill of

Material (BOM) License information Compliance

information

25© 2016 Rogue Wave Software, Inc. All Rights Reserved.

25

Time

Diffi

cult

y

Expertise

Integration

Support

Inconsistency

Team cost

Slows response

timeMany tools

Deployment

Traceability

The sources of open source risk

26© 2016 Rogue Wave Software, Inc. All Rights Reserved.

26

Technical risk

Expertise

Support

Team cost

Slows response

time

27© 2016 Rogue Wave Software, Inc. All Rights Reserved.

27

Value of open source supportSupport offerings range across the top open source packages.

Access to enterprise architects ready to support you Avoid downtime and wasted cycles Navigate complex OSS packages requiring broad and deep expertise Mitigate risks and development pitfalls Architecture review & performance tuning Receive formal, instructor-led training across several OSS packages Gain the peace of mind that comes with 24X7 support coverage

28© 2016 Rogue Wave Software, Inc. All Rights Reserved.

28

Poll #4What do you see as the biggest technical risk of open source?

A: SupportB: Slow response from community

C: Expertise D: Inconsistence

D: Other?

29© 2016 Rogue Wave Software, Inc. All Rights Reserved.

29

What now?

30© 2016 Rogue Wave Software, Inc. All Rights Reserved.

30

Supporting OSSFive best practices for supporting OSS: Be proactive Get smart Stay informed Keep watch Maintain vigilance

Action plan: Do an OSS audit so you now exactly where, how, and why OSS is used Identify where support is needed and get the expertise Pay attention to security updates, patches, and latest versions

31© 2016 Rogue Wave Software, Inc. All Rights Reserved.

31

Q & A

32© 2016 Rogue Wave Software, Inc. All Rights Reserved.

32

Watch on demand

• Watch this webinar on demand

• Read the recap blog to see the results of the polls and Q&A session

33© 2016 Rogue Wave Software, Inc. All Rights Reserved.

33

Follow up

Free newsletter: vulnerabilities, industry news, and enterprise support stories

openlogic.com/products-services/openlogic-exchange/openupdate

For OpenLogic support customers:

OSS Radio

Get a free OSS support ticket to experience our expertise

roguewave.com/freeticket

34© 2016 Rogue Wave Software, Inc. All Rights Reserved.

34

Stay tuned

Top open source lessons for every enterpriseJuly 13: Open source applied: Real-world usesExamine actual field issues, from architecture to production, to better select and use the right packages.

July 27: Top issues in the top enterprise packagesDive into specific packages with two architects to discover what goes right and what goes wrong.

35© 2016 Rogue Wave Software, Inc. All Rights Reserved.

35