When is free not free: The true costs of open source

1© 2016 Rogue Wave Software, Inc. All Rights Reserved.

1

Top open source lessonsfor every enterpriseEpisode 2:

When is free not free: The true costs of open source


2

Richard SherrardDirector of product management

Presenter

Rogue Wave Software


3

Poll #1What percentage of your mission critical software is open source?

A: 0 to 25%B: 26 to 50%C: 51 to 75%

D: 75%


4

Agenda

1. An explosion of open source2. Real cost of open source3. Managing the risk 4. Summary5. Q&A


5

An explosion of open source


6

Open source evolution

OSS in the enterprise

1980’sFreeware/shareware

BBSGPL

Unaware

1990’s“Open

source”Apache, Tomcat,

JBossPHP, Python,

RubyLinux

Early tests

2000’sFUDOSS

company explosionInsurance

playsGit

Android

Keep out!

2010’sPackage explosion

GitHub ascensionFull speed

OSS adoptionDockerSwift

Adoption

2016“OSS first”

policiesCentOS in enterpriseCloud OSSCognitive computing

Ubiquitous


7

Innovation drives open source adoption

Open source components provide critical functionality Improves developer productivity

No license fees

“More eyes” can improve quality & security as long as static and dynamic analysis are also used

Leveraged development effort

Apache, Tomcat, Wildfly, Jakarta Commons, jQuery Communities continuously improve features

Mature, commoditized applications and libraries

Community peer review


8

Poll #2 What do you see as the biggest benefit you

get from using open source?A: Innovation

B: Cost C: No Vendor Lock-in

D: QualityE: Security

F: Other


9

Leverage the benefits of OSS

“Open source is the way of the future. Yes, there will always be software companies that make money from software; however, open source is an excellent way to get a quality product.” – Andrew Carr, enterprise architect,in Stack Overflow

"While CIO’s may be wary of OSS, they realize that using it and contributing to the open source community attracts bright young minds, and may lead to kudos for the organization." - CIO Magazine

Innovation

Quality

Cost

Security

No vendor lock-in


10

Growth of open source

Use of open source continues to grow at an extreme pace

90% of companies use OSS components

in commercial software (Gartner)

>80% of a typical Java application is

open-source components and

frameworks (TechCrunch)

11 million developers

worldwide make 13 billion open source requests each year


11

Open source crossed the chasm

99% of Global 2000 companies are using

open source in mission critical applications


12

Real cost of open source


13

Real cost of open source

Acquisition Implementation Production

Package

choice

Package configuration and set up

Production

downtime

Documentation is sparse or

inaccurate

Unknown license

obligation or conflict

Slow response

from community

Version maintenanc

e

Developer training


14

Acquiring open source

Package selection

Developer skill sets & training

Architecture design


15

Implementing open source

"Unchecked tactical adoption of OSS creates unmanaged risk and unrealized returns, and application development professionals should not tolerate it."

Configuration & setupLicense compliance

DocumentationDevelopment issues


16

Open source in production

"The way to think about it is that support is unbundled (from the software) but widely available."

Production downtimeCommunity responsiveness Version maintenance


17

Poll #3How do you support your open source today in your organization?

A: Every developer supports themselvesB: Reach out to community for help

C: Internal OSS support teamD: Contracts with commercial support vendor

E: Not sure


18

Risk of OSS


19

Risk of open sourceOpen source software is “Free as in free speech, not free as in free lunch”

How do you manage OSS risk?

Poor documentation

Incorrectly advertised features

Major security vulnerabilities

Difficulty attaining internal

knowledge

When OSS misbehaves in your critical infrastructure, the damage could end up costing more than commercial solutions

No commercial support


20

Risk: How open source is different

Navigate complex OSS packages requiring broad and deep expertise

Who do you call when your “mission-critical” open source

application has an issue?

Developers have to negotiate wasted cycles and downtime while

waiting for fixes from the community

No formal training provided on the OSS package

Developers do not have anyone to help with risks and development

pitfalls

You are dependent upon the OSS communities to provide you help

and fixes


21

Managing the risk


22

Managing the risk

OSS Maturity state

PastDidn’t understand

OSS“Don’t worry, it’s

free”Low grade noise on

licensing

Unaware

PresentSecurity is making

headlinesLicensing lawsuits

Reactive Intermittent

attention(Un)known unknowns

Experimentation

Near futureMore diligence in

supporting production

Visibility into OSS use

Open source experience is a hiring attribute

Intentional


23

Do you know what OSS you're

using?

Can you trust what

OSS is in your

code?

Do you monitor for

security flaws in your OSS

on an ongoing basis?

How do you determine what legal,

compliance, or copyright

issues are in your OSS?

Are you possibly at

risk for unknown

security flaws in your OSS?

How do you track your

OSS inventory?

Do you know where & and how OSS is being used throughout

your organization?

Measuring open source risk


24

Example audit reportOpen source Bill of

Material (BOM) License information Compliance

information


25

Time

Diffi

cult

y

Expertise

Integration

Support

Inconsistency

Team cost

Slows response

timeMany tools

Deployment

Traceability

The sources of open source risk


26

Technical risk

Expertise

Support

Team cost

Slows response

time


27

Value of open source supportSupport offerings range across the top open source packages.

Access to enterprise architects ready to support you Avoid downtime and wasted cycles Navigate complex OSS packages requiring broad and deep expertise Mitigate risks and development pitfalls Architecture review & performance tuning Receive formal, instructor-led training across several OSS packages Gain the peace of mind that comes with 24X7 support coverage


28

Poll #4What do you see as the biggest technical risk of open source?

A: SupportB: Slow response from community

C: Expertise D: Inconsistence

D: Other?


29

What now?


30

Supporting OSSFive best practices for supporting OSS: Be proactive Get smart Stay informed Keep watch Maintain vigilance

Action plan: Do an OSS audit so you now exactly where, how, and why OSS is used Identify where support is needed and get the expertise Pay attention to security updates, patches, and latest versions


31

Q & A


32

Watch on demand

• Watch this webinar on demand

• Read the recap blog to see the results of the polls and Q&A session

http://www.roguewave.com/events/on-demand-webinars/the-true-costs-of-open-source

http://blog.klocwork.com/open-source/true-costs-of-open-source/


33

Follow up

Free newsletter: vulnerabilities, industry news, and enterprise support stories

openlogic.com/products-services/openlogic-exchange/openupdate

For OpenLogic support customers:

OSS Radio

Get a free OSS support ticket to experience our expertise

roguewave.com/freeticket

http://www.openlogic.com/products-services/openlogic-exchange/openupdate




http://www.roguewave.com/freeticket

http://www.roguewave.com/freeticket


34

Stay tuned

Top open source lessons for every enterpriseJuly 13: Open source applied: Real-world usesExamine actual field issues, from architecture to production, to better select and use the right packages.

July 27: Top issues in the top enterprise packagesDive into specific packages with two architects to discover what goes right and what goes wrong.


35

Date post:	13-Apr-2017
Category:	Technology
Upload:	rogue-wave-software
View:	100 times
Download:	0 times

When is free not free: The true costs of open source

Technology