Open source vs open core -- the development battle you may never have heard of [Q&A]
There's a battle playing out in the enterprise open source arena right now, but it's one you probably haven't heard about.
It's a clash between pure open source and commercialized open source (or 'open core') versions. While this may be below the radar for anyone not directly involved it has important long-term implications for the industry.
In an exclusive interview we spoke to Ben Bromhead, the chief technology officer at open source specialist Instaclustr to get his view of the battlefield.
BN: Research has begun to show that enterprise open source adoption has spiked this year and is related to changing economic conditions. Assuming conditions improve in 2021, what will that mean for the open source trajectory?
BB: COVID has accelerated myriad changes across industries that were already inevitable. We've all seen this with major spikes in online shopping and food delivery services, and businesses' expanded work from home policies, to name a few. These were trending up anyway; COVID just sped up the transitions. Open source adoption is firmly in this same category. Open technologies across the stack have been an inevitable trend for enterprises -- driven by better software quality, far more efficient costs, and continual innovation -- that has been accelerated by the conditions that COVID has created. Because of those fundamental factors underpinning open source adoption, I expect that the current rising trajectory will outlast the pandemic. Open source acceleration isn't a one-off spike, it's where more enterprises are headed.
BN: As open source has become more popular for enterprises, so has the rift between pure open source and commercialized open source. Will there be a winner, or are they built for different use cases?
BB: I'm strongly of the opinion that pure open source will be the winner. It's an inevitable truth of the open source/open core dynamic that all of the most valuable closed-source features offered by open core software products will be replicated in the pure open source versions. We've seen this many times over across various open source projects (and contribute to this phenomenon ourselves by developing open source tools when customers demand them). As an open source technology matures, it becomes harder and harder for open core providers to identify opportunities for features that differentiate their product from the 100 percent open source version. Therefore, the natural evolution of open source technology includes mechanisms that eventually leave open core strategies out in the cold, and rightfully so.
BN: Open source continues to make headlines for security concerns. What do enterprises need to understand about open source and security? How big a risk is it and what, specifically, needs to be vetted in an open source technology before using it?
BB: One important point to consider here is the different likelihoods that the vulnerabilities inevitably existing within any piece of complex software will be found and publicly reported. Here's what I’m getting at: there's a strong argument that vulnerabilities existing in open source software are much more likely to be identified and reported than those within closed source software. This is one of the many key advantages that open source software intrinsically provides. Open source code is viewed by many more eyeballs, and approached from a much broader range of perspectives. There's a greater diversity of users and of use cases. That naturally results in more vulnerabilities being recognized. So, when comparing the raw numbers of vulnerabilities discovered in open source or closed source software, it's important to acknowledge that finding those vulnerabilities does result in software that is actually more secure.
This leads to another fundamental advantage of open source software, which is that you have an entire community contributing to resolve any bugs and vulnerabilities. The assembled cooperative talent backing open source solutions, and what these communities are capable of achieving, is really a tremendous feat to be celebrated. In comparison, hired teams at companies working to identify and patch vulnerabilities in proprietary software are much more limited in terms of the number of developers on the project, and the scope of what they can accomplish.
As for vetting open source projects, enterprises should evaluate whether a technology is truly free and open, carefully examine licensing terms, and understand the strength of the community and the business motivations of any large commercial entities in that community. The best solutions are supported by communities robust enough to serve the common good, and not be unduly influenced by any one commercial interest.
All that said, using open source software does often demand a greater degree of engineering sophistication than closed source. That's where organizations providing open source support and managed services can manage the risk of adopting new solutions and ensure enterprises can unlock the full benefits of open source software.
BN: Open source, as a term, has just entered its third decade. What's the biggest risk facing open technologies over the next ten years?
BB: The muddying of what open source means through the use of restricted open source licenses is a significant challenge for open source at the moment. At Instaclustr, we favor software governed by open source foundations such as the Apache Foundation, where you can be sure that the governance of the open source project is focused on acting in the best interest of users. And as mentioned, enterprise open source adoption is increasing and on quite a healthy path right now. The challenges of the next ten years may be in better distinguishing true open source offerings, and ensuring that the market gives new adopters the clarity to understand the potential pitfalls ahead when dealing with open core solutions. In scenarios where enterprises don’t control their own code, vendor and technical lock-in are very real threats. Hopefully the next decade will see a stark reduction in the number of enterprises that find themselves in such situations.
BN: Do changes need to be made to make open source project development and maintenance more sustainable than they are now?
BB: Many open source projects have proven themselves to be sustainable over the long term under current arrangements. While projects sometimes go through painful periods, if they’re truly valuable then the community will most often find a way to ensure that they continue to be maintained and supported. I'd be hesitant to recommend any broad-brush changes, because successful projects evolve based on the motivations and capacity of the communities that find them useful. Where changes are helpful, communities will naturally determine and drive those changes. Open source projects feature powerful mechanisms that are the reason they command the success they've achieved, and I'm inclined to continue to trust in them.