March 27, 2017 - Ben Lloyd Pearson
The Technical Value of Open Source Software
This article is part of The Comprehensive Guide to Open Source for Business.
Technical value is one of the most important traits of software development and engineering. A mature open source community will often have multiple companies, organizations, and individuals who contribute to and depend on the code base. Any groups that depend on the code are invested in the future of the code, making it much less likely for the code to disappear while simultaneously encouraging participants to play an active role in ensuring proper bug and security fixing processes. This article will explore the ways open source software can benefit a business from a technical perspective by offering improved code stability and greater control over the software stack.
Open Source Improves Code Stability
Software built by a proprietary component provider can typically only be fixed by employees of the vendor company. In an open source community, anyone can test or fix bugs, regardless of association, and contribute to the reporting and tracking of bug fixes; as a result, there are many more avenues for errors in open source code to be discovered. This concept forms the core of Linus’s Law: “given enough eyeballs, all bugs are shallow.” Essentially, this states that when there are more tester’s and developers working together, bugs should be identified more quickly with more people who are capable of addressing them.
Anyone who identifies a bug with open source software can either fix it themselves, or inform the community of the problem in hopes that it will be fixed by someone who has a common interest. Proprietary vendors make commercial and financial evaluations before they implement security or bug fixes; there might not be enough financial incentive for them to make the specific fixes you require and creating this incentive can be extremely costly. Bugs in proprietary code can typically only be found through indirect methods, such as by encountering them while using the code in another product or service. On the other hand, OSS can be evaluated directly which makes it possible to find bugs before the software is even used.
The benefits of OSS for security are much more challenging to completely evaluate because open source vulnerabilities are often highly publicized, whereas proprietary software vendors can rely on security through obscurity since they distribute object code rather than source code. Because of this, bugs and security issues tend to be addressed much more quickly in open source communities with one major caveat: it hinges on the community having adequate bug and security vulnerability reporting and patching practices. There have been multiple high profile security vulnerabilities in OSS, including Heartbleed, which went unnoticed for years as it was deployed in numerous systems all over the world. In recent years, the security practices of OSS have come under much more scrutiny, resulting in the formation of groups like the Core Infrastructure Initiative, which seeks to identify critical open source components and ensure security is given adequate attention.
Ultimately, proper bug fixing and security practices come down to human ability and processes. Proper bug fixing and security auditing processes in an open source community can create code that is exceptionally secure and the high level of transparency open source offers makes it possible to evaluate the community directly. Many communities have formally defined processes for identify bug fixes or security flaws and patching them, all of this can be verified externally which isn’t possible with proprietary software. Finally, all OSS can be built from source code which improves security in cases where object code distribution is a concern.
Open Source Improves Control of the Software Stack
Another major technical benefit of OSS is having improved control of the software stack by means of a relatively unlimited potential for customization, and better knowledge-base of resources and information. Proprietary vendors can restrict the customization of their software and require expensive contracts for customization services. On the other hand, integrators can adapt OSS to meet the needs of anyone.
Mature open source communities often have numerous experts who can be relied upon for customization, whether it be through volunteered effort as a result of a shared interest, or by being hired directly to make the customizations. Since anyone can acquire OSS for learning purposes, there tends to be a much more broad and diverse ecosystem of developers and engineers. Additionally, since open source code is typically built in a modular fashion and governed through a maintainership system, it’s often much easier to find the items that need to be tweaked in the code and to make the required modifications.
One specific example where OSS is much more customizable than proprietary software is in language translations. Since all code is open to the public, anyone who is capable of translating between two languages can adapt the software for their specific language. This allows OSS to be translated to niche languages that might not be cost effective for a proprietary software vendor.
One final way that OSS improves control of the software stack is in the availability of a detailed knowledge-base of information. Proprietary vendors can restrict learning resources for their software however they want, but OSS tends to have a much more robust selection of supporting knowledge material that can be used to build in-house expertise. These resources can include things like wikis, project websites, and forums that provide general information for users and developers, as well as resources that allow individuals to get into direct contact with project experts like mailing lists, chat rooms, and question boards.
Leveraging the Technical Benefits of Open Source
This article should have explained some common technical justifications for why OSS often provides better flexibility than proprietary software. In summary, it provides product creators:
- The freedom to fix any bugs or security flaws that are identified,
- A transparent process for identifying and fixing bugs and security flaws that can be verified externally,
- More options for customization, with a more diverse ecosystem of developers and users, and
- An improved knowledge-base that is publicly accessible.
The next article in this series will explore the ways OSS can benefit a business by simplifying licensing, increasing development speed, and reducing vendor lock-in.
About Ben Lloyd Pearson
Ben handles Open Source Operations for the Samsung Open Source Group. He has a background that spans many areas of technology including digital media, audio / video production, web development, IT systems support / administration, and technical writing. In addition to his work for Samsung, he also runs Open Source Today, a news blog that covers developments in the open source industry. He lives in Austin, Texas, a place he and his wife chose to live in order to experience one of the best scenes for food, music, and technology in the world. He is a musician, aspiring amateur chef, DIY mechanic, and avid gamer.
Image Credits: Open Source Way