Open Source Software |
OSS: open source software assets can affect information technology initiatives in positive and negative ways. The major benefits are driven by a confluence of cost optimization and flexibility. The principal risks are unmanaged software assets that can introduce technical and legal challenges: security, intellectual property management, and audit compliance. There will be costs that have to be budgeted in conjunction with its implementation. Open source code continues to be making its way into enterprise software. Leading market research firms have reported that between 80 to 90 percent of commercial software companies use open source components. Open source software is an alternative way of investing in intellectual property. It is an avenue of innovation and enabler for applying a more agile approach to digital transformation.
The successful integration of open source software will require an organization-specific governance model which:
The Linux Foundation has identified these findings regarding open source software:
A standardized naming schema for components would be valuable; package versions often include a number of associated complexities.
Individual developer account security is important.
A relatively small number of contributors develop the widely used open source software.
Legacy software persists in the open source ecosystem
According to reporting by the SD Times, 64% of companies have been impacted by attacks on their software supply chain infrastructure. An increased reliance on open source software has been attributed as a factor in this percentage; preliminary indication is that this percentage could increase.
Open source software is not an all or nothing decision; it can be utilized in hybrid combinations with commercial software.
The Open Source Initiative was founded in the late 1990's as a innovative, community-enabled model for creating quality software based on widely accepted industry standards. The foundation of open source software distributed under the GPL: General Public License is that any organization or person that releases code into the market under that designation places no restrictions on its use. Open source software is available free or at minimal cost. The bottom-up grass roots nature of open source has led advocates to view the projects as a populist foil to commercial software, where a company keeps the inner workings of its applications secret.
Commercial vendors have built for-profit businesses around open source products. The three most common business models are:
Charging for enterprise-class support of the free software.
Offering specialized enterprise versions of the open source software which provide significantly enhanced functionality, commercial support packages, and management tools.
Providing the software free of charge; but selling the underlying hardware.
Open source software has thrived and played a prominent role in building the Internet’s infrastructure. Many companies rely on Linux-based computers and Apache web server software to display their web pages. The Mozilla Firefox and Google Chrome web browsers have emerged as formidable competition to Microsoft Edge and Apple Safari.
In 2002, Red Hat, Inc. released its RHEL: Red Hat Enterprise Linux distribution. It become the first billion dollar open source software company: middleware, enterprise storage, application development, and cloud computing. Red Hat provides open source software and services that help companies bridge different platforms. While Linux is available free of charge, RHEL: Red Hat Enterprise Linux contains software enhancements and the high level of technical support that corporations require. Red Hat has been focusing its resources on OpenShift which lets software developers build programs which can be run either in corporate data centers or on the cloud.
The Linux Foundation has released data on the most widely used open source application libraries. Census I - 2015 identified the packages in Debian Linux central to the operation and security of the kernel. Census II - 2022 provides a more comprehensive identification of free and open source adoption. Foundational detail is required to support its use in software infrastructure. Report data includes the top 500 npm packages and 500 non-npm packages; there are versioned and version-agnostic and direct and indirect packages.
Produced in partnership with LISH: Laboratory for Innovation Science - Harvard University and the OpenSSF: Open Source Security Foundation, Census II utilizes data from partner SCA: Software Composition Analysis companies including Snyk, the CyRC: Synopsys Cybersecurity Research Center, and FOSSA: Free Open Source Software Acceleration - The aggregated data includes over half a million observations of FOSS application and operating system libraries and utilities. The Linux Foundation and Harvard’s Lab for Innovation Science distribute information to developers and security professionals on widely used open source application libraries. 1
Many software developers consider source code not to be an executable device, but rather a description of device execution. This assumes that source code is not by itself covered by patent law and that the fundamental premise would apply even in countries where software patents are accepted.Independent nation states, negotiated integrated trade zones, and geopolitical spheres of influence apply different regulations and laws to software and intellectual property. Some countries accept software and algorithm patents; there can be ramifications with intellectual property infringement. Open source software packages now include switches or a patch that enable or disable patented code fragments according to the country where the code is used. The availability of source code directly applies to the detection of patent infringement by patent holders, and absence of an organization holding all the rights on the software makes it difficult to use standard mechanisms for defending patent litigation: cross-licensing or payment of royalties.
The recommended practice is that open source code be used with licenses which explicitly grants relevant permissions.
Examples of unambiguous permissions are:
Section 2 of the Apache License, which grants an "irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute".
The MIT license grants "the rights to use, copy, modify, merge, publish, distribute, sublicense".
The GPL v.3 provides "legal permission to copy, distribute, and modify".
Ambiguity about the granted use of code can cause confusion and make open source difficult to use. It is important that an open source license provides the right to make copies - reproduction, modify and adapt - derivative works, and distribute the original and modifications. Licenses can impose obligations in exchange for these rights. A classification system will need to be used to keep track of different licenses and a review system to ensure we stay in compliance. Open source projects function best when there is no ambiguity over the rights to the code.
There have been issues with open source code and intellectual property licenses. The migration of software workloads to the cloud has changed the open source software industry. The Common Clause initiative adds restrictions that limit or prevent the selling of open source software. However, this license has not been widely accepted by the open source community. The SSPL: Server Side Public License is designed to protect open source software against expensive litigation and other issues relating to monetizing intellectual property code. SSPL is being reviewed and evaluated to become an Open Source Initiative-approved license. Apache Kafka has a Confluent Community License which enables users to download, modify, and redistribute code, but will not allow users to provide the software as a SaaS offering. This community license is meant to replace the Apache 2.0 license for certain components of the Confluent data streaming platform. It will not affect the use of Apache Kafka, which was developed by the engineers at Confluent. SQL database provider Timescale uses open source features made available under a TSL license. Some community features will be available at no charge; the exception will be hosted database-as-a-service version of TimescaleDB. Other features will require a commercial relationship with TimescaleDB unlocked and enterprise features available.
Code licensed under the GNU AGPL: Affero General Public License places restrictions on software used over a network which can be extremely difficult to comply with. Use of AGPL software requires that anything it links to also be licensed under the AGPL.
European governments use open source software as a counterbalancing tool to intellectual property law and promote competition, innovation, and the public interest in a free market economy. They support competition more than in the United States. European anti-trust regulators will evaluate and grant access to its markets based upon a balancing among leading commercial software and availability of open source software.
Several European countries have policies which promote government agencies and municipalities to consider open source software as alternatives to monopolistic commercial software such as choice in web browser, Linux in place of the Microsoft Windows operating system, and MySQL in place of a commercial database.
The European Union's GDPR: General Data Protection Regulation took effect on May 25, 2018. It applies to any business that handles the personal data of European residents. The rules cover almost anything that can be linked to an individual: addresses, credit card numbers, travel records, religion, web search history, computer ID codes, biometric data and more. It will take years for Europe's justice system to clarify what it all means. Courts are still debating current EU privacy rules, two decades after they were enacted.Each country has enough discretion under GDPR that there could still be a lot of differences, forcing companies with operations across Europe to comply with multiple potentially contradictory privacy regimes.
Any company that uses personal data of EU residents is required to designate a point person for data protection and certify that processes minimize impact on privacy rights. This must be done even if it has no physical presence in the region. Data only can be collected for an immediate need; information can not be stockpiled for unspecified later use. Data collection policies must be clearly stated and provide transparency. Any loss, destruction, or theft of data must be reported to regulators within 72 hours.The most serious violations can result in fines of up to €20 million ($24.5 million) or 4 percent of a company's annual global revenue, whichever is higher. Individuals may demand to know what personal information an organization holds about them and can invoke their “right to erasure,” asking a business to delete their data for almost any reason.
California Consumer Privacy Act
In the United States leadership is being exercised by the state of California with CCPA: California Consumer Privacy Act - AB-375 and CPRA: California Privacy Protection Agency - 2020 California Proposition 24. CPRA creates and provides funding to a dedicated enforcement agency - CPPA. CCPA is the right to request a copy of personal information, have personal information deleted, opt-out of data sales, to non-discrimination, and take legal action if a company breaches personal information.
CPRA provides all the rights under the CCPA, plus the right to correct inaccuracies in personal information, limits how sensitive personal information is used and who it is shared with, opt-out of targeted advertising when opting out of the sale of personal information. It expands current consumer data rights, defines new rights, and specifies a new type of sensitive personal information. CPRA grants all California consumers’ data rights with additional protections for minors.
CCPA already is in effect and will promulgate implementing regulations by July 1, 2023. CPRA will be in effect Jan 1, 2023 The CPRA is heavily focused on those
for-profit businesses that conduct and perform regular business activities with high volumes of personal information.
Open source projects are supported financially and used by leading information technology companies to shape markets in their own interest. Companies such as Alphabet-Google, IBM, Intel, Microsoft, and Oracle pay developers top salaries to work on open source projects which promote their own strategic objectives.
IBM has been a major backer of Linux, helping to raise it as a competitor to Microsoft Windows and other commercial operating systems. As part of transitioning its business model it has acquired companies based upon source platforms; in the fourth quarter 2018, it purchased Red Hat, Inc.
Google provided financial support to the non profit Mozilla Foundation, which oversees the development of Firefox. Google has developed and contributed to open source projects: web browser - Chrome, operating systems - Android and Chrome, programming languages - GO, containerization - Kubernetes, and dataflow programming - Tensorflow.
Hewlett-Packard, now HP enterprise and HP, Inc. open sourced its webOS operating system. HP acquired webOS from Palm and has been trying to recoup its investment after its failure in the smartphone and tablet market. The open source webOS provides hardware companies with a way to diversify and reduce their dependence on the Google Android operating system. HP could then revamp webOS while having a fallback position.
The Apache Hadoop project develops open source software for scalable, distributed computing. In conjunction with subprojects, it provides high availability software and services for clustered computers in large and diverse collections of data.2
Samsung provides financial support and is a platinum member of the Linux Foundation; this allows it to exert influence in how Linux is developed and the open source projects related to it.
The infrastructure of Twitter, Intank, and Servergy is supported by thousands of Linux servers. They joined the Linux Foundation and contribute to the Linux developer community for improving their own Linux operations and client software services.
SAIC, Accenture, Unisys, and CSC have provided open source services and expanding expertise beyond Linux to cover open source databases, middleware, and applications.
The Open Compute Project was founded by Facebook and Rackspace to improve data center energy efficiency; it is in its early stage of evaluation and acceptance as an international standard.
OpenStack is an open source cloud - IaaS: infrastructure as a service software comprised of interrelated projects which control pools of processing, storage, and networking resources within a data center. It is released under the terms of the Apache License.
Cloud Foundry is an open source cloud - PaaS: platform as a service for developing, deploying, running, and scaling applications. It is governed by the Cloud Foundry Foundation.
Microsoft Corporation acquired GitHub, an open source code repository. It also has been increasing its participation and support in open source projects. Open source software now is an important component of its business strategy.
OpenDaylight is an open source Linux Foundation project launched by leading information technology vendors for creating software that can serve as the foundation for future SDN: Software-defined Networking products and research.
Blockchain technology is an application of the distributed ledger to create a network of connected nodes. There is no central authority that mediates transactions between peers. The direction of peer interaction allows for expedited and secure transactions. Open source blockchain platforms enable developers to create dApps: decentralized applications.
Significant acquisitions in which an up-and-coming open source company has been inquired include the Java Platform and language by Oracle Corporation, MySQL by Sun Microsystems and subsequently Oracle Corporation, SpringSource by VMware, and XenSource by Citrix.
The Java programming language is available in the public domain free of charge; however, there is component code of the platform which requires a specific license from Oracle Corporation. The Java SDK code based on the Java API library also can be downloaded free of charge. A license is required when class libraries based on Java API designs are used and when Java software components are downloaded. The consensus among information technology executives and technologists is that although there are components of the Java language available at no cost and unrestricted in use, the Java platform requires a license which enforces restrictions in use.
Released in 2007, Google wrote millions of lines of new computer code in the Android operating system. It also used about 11,500 lines of code copyrighted as part of Oracle's Java platform. Oracle had sued seeking billion of dollars in damages. Google won the first round when a judge rejected Oracle’s copyright claim; but that ruling was overturned on appeal. A jury then sided with Google, but an appeals court again disagreed. The complexity of the Java language and platform is a legal question involving a mixed set of guidelines. In the Oracle Corporation versus Google Corporation legal action at the United States District Court in San Francisco, Google legal counsel asked Laurence Ellison, chief executive officer of Oracle Corporation under oath, whether the Java language is free open source software. Mr. Ellison’s response was that he did not know.
In April 2021, the United States Supreme Court sided with Alphabet/Google Corporation 6-2 in an $8 billion copyright dispute with Oracle Corporation Google’s creation of the Android operating system used in the global smartphone market. 3
Linux is a stable open source operating system that features development tools, desktops, and applications. Most Linux software is developed as open source software and distributed along with the application. Programmers can make their own contributions to a software package's development, modifying and correcting the source code. Much of the software provided for Linux also are open source projects, as are the KDE and GNOME desktops along with most of their applications. The LibreOffice office suite is an open source project based on the StarOffice suite.
Open source software is protected by public licenses which prevent commercial companies from taking control by adding a few modifications, copyrighting those changes, and selling the software as their own product. The Linux operating system is distributed under the General Public License provided by the Free Software Foundation. The GNU General Public License retains the copyright; the software is licensed with the requirement that the software and any modifications made to it remain freely available. Other public licenses also have been created to support different kinds of open source projects. The GNU: LGPL: Lesser General Public License allows commercial applications to use GNU licensed software libraries. The QPL: Qt Public License permits open source developers to use the Qt libraries for the KDE desktop.
GNU: GNU’s not UNIX software has proven reliable. Many of the popular Linux utilities, such as C compilers, shells, and editors, are GNU applications. Leading Linux distributions will include the GNUC++ and Lisp compilers, vi and Emacs editors, and BASH and TCSH shells. There are many open source software projects licensed under the GNU GPL. With the GNU Public License, there are no restrictions on selling the software or giving it away free.
Several major software companies contribute to the Linux Foundation and provide Linux-variants for their popular commercial software.
The demand for enterprise blockchain has resulted in the creation of industry-specific open source projects where each has a unique blockchain framework. A project is targeted to achieve a specific objective in the industry.
These are the leading blockchain open source projects being developed for multiple industries.
Platform | Description | |
Hyperledger | Frameworks and tools to create enterprise solutions across industries. | |
Hyperledger Fabric | A pluggable architecture which enables confidential transactions and facilitates performance at scale. It has become the de-facto standard for enterprise blockchain projects. | |
Hyperledger Sawtooth |
A collaborative effort between Digital Asset and IBM. Sawtooth leverages PoET: Proof of Elapsed Time as the consensus mechanism for creating trusted execution environments which integrate with hardware security. | |
Enterprise Ethereum | Codebase platform governed by the Ethereum Alliance which ensures transactional integrity and security. It is used to create high performance applications. The Ethereum network is public and permissioned. | |
Corda | Applies strict privacy to the transactional information among peer-to-peer networked nodes which can transact directly. Blockchain interoperably with smart contracts can be written in Java and JVM languages. A flow framework provides managed efficiency in negotiation and communication. | |
Quorum | Enterprise blockchain platform developed by JP Morgan exclusive to the financial sector. It is a fork of Ethereum and as Ethereum matures, Quorum grows alongwith it. | |
OpenChain | Standalone blockchain platform which departs from the design and architecture of a DLT network where transaction information is stored in blocks arranged in a chain. OpenChain is highly scalable and in meeting TPS: transactions per second performance. | |
Multichain | Enterprise blockchain with tools to make application deployment faster: data streams, fine-grained permissions, and unlimited assets. Data streams are created using a key-value. Multiple databases can be connected to at the same time for improved timestamping, data sharing, and high-level encryption. |
Blockchain gradually is gaining acceptance and use. A blockchain open source community has formed. There are blockchain applications in data management, e-commerce, e-governance, online voting, energy, gaming, and other sectors.
Open source software increasingly is being evaluated by organizational enterprise as an alternative to commercial software: affordability, performance, and usability. The strategic objective is to utilize open source software for improving the efficiency of IT infrastructure and innovating for competitive advantage. In order to ensure competition in the marketplace, the governments in different parts of the world are imposing regulations in accordance with their national agenda in order to ensure that there is an open source alternative to the major commercial software products.
Open source software has reached a level of maturity and acceptance, where it has become a standard practice as part of product evaluations to compare open source applications with commercial solutions.
Open Source Software | |||||||||||||||||||||
CETi is in the process of reviewing and
categorizing open source mobile databases. Information can be reviewed
at SYS-ED software specific websites.
Proponents advocate the use of open source software for the following reasons:
Benefit | Explanation |
Avoid Vendor Lock-in | Open source software is built on standard technologies and offers interoperability with commercial software. This can serve to mitigate being held captive to license and maintenance contract price increases from commercial software vendors. |
Commodity Hardware | The use of commodity hardware rather than commercial machines represents a significant cost saving. Both the initial outlay for base systems and hardware maintenance will be less expensive. Architecture independence allows software to be transferred across physical systems. |
Innovation | There are parties in the open source community working to refine and expand the functionality of open source software. Upgrades, patches, and bug fixes typically are released faster than commercial software. |
Security | In many cases, open source software will be more secure than commercial software and fewer remedial activities and resources will be needed to keep systems and data safe. |
Value | Since development costs are shared by a community of parties, open source software will be less expensive than commercial software. |
There also are tradeoffs and disadvantages associated with open source software:
Tradeoffs and Disadvantages | Explanation |
Software Incompatibility | There can be inconsistencies and problems with integrating open source software with existing software. |
Support and Maintenance | There can be uncertainty and risk associated with the support provided with an open source software ecosystem: technical difficulties, maintenance, and troubleshooting. In many situations, there can be no guaranteed response time for submitted questions and problems. |
Costs - Open Source Software | There will be costs associated with free software. The open source software requires investment and development of salaried staff to provided specialized support and service. |
Documentation - Shortcomings | The completeness, quality, and third party availability of documentation associated with open source software typically is inferior to commercial software. |
Intellectual Property | There can be additional complexity associated with open source software. The absence of an organization holding all the rights on the software makes it difficult to use standard mechanisms for defending usage rights and patent litigation. |
CETi downloads and evaluates open source software. OSS is used and coded on and SYS-ED software specific websites. The websites demonstrate and prototype how OSS software can present content and programmatically engage with client organizations. A reviewer service is planned for evaluating the documentation and certification course offerings available through open source purveyor websites. The CETi course search engine presents titles, subject matter, duration, and audience; the objective is to streamline, expand, and diversity the availability of open source training alternatives available in hybrid and cross operating system platform information technology. Research and a cognitive search engine will identify low cost and free training alternatives, provide strategic learning paths, and list digital resources.
Footnote 1:
Footnote 3:
Component code of Java is open source. The Java language in its entirety is not distributed under a General Public License.
This information reflects a review of white papers from Gartner, Inc., Forrester Research, Red Hat, open source project websites, and downloads of open source code. It has been updated to reflect SDT Times
reporting: Open Source at 20 reporting by Christina Cardoza and David Rubinstein, editor-in-chief of SD. Additional information about the open source movement is available at
Bloomberg Business Week, Is Your Blockchain Business Doomed? by Olga Kharif, March 26, 2018
Bloomberg Business Week, Data Protection Solutions / GDPR: What it Means for You, by Jeremy Khan, Stephanie Bodoni, and Stefan Nicola, with Dune Lawrence, March 26, 2018
SD Times Reporting:
Authors from Harvard Business School - Frank Nagle, James Dana, and Yanuo
Laboratory for Innovation Science at Harvard - Jennifer Hoffmann and Steven Randazzo