Top

Open source software, let’s dispel the false myths holding it back

Although we have been witnessing its exponential growth for some time now, open-source falls victim to false myths that threaten to hinder its development. The fact that open source software can be used freely, and therefore for free (although the guiding principle is that it is free to use, not free) certainly does not mean that open source developers work without being paid. Some do, of course, but most get paid, and this can happen in a variety of ways.

Often, an open-source program is so useful and critical to a company’s workflow that the company pays the developers of the program itself or commissions them to develop or improve functionality or to solve the most critical problems, such as those related to interoperability. Another example is professional support, which is essential when open source software is used within large organisations such as government institutions, universities, or large corporations.

Of course, if open source software uses a copyleft license, all changes to the source code that are funded directly or not by companies are shared with the entire user community, whether individuals or companies. A clear advantage of copyleft licenses such as GPL, LGPL and MPL over “permissive” licenses such as the Apache Software License.

Open source development is done by amateurs and students

Most people identify open-source developers with the stereotype of the misfit nerd, working nights in a crawl space among empty beer cans and cigarette butts. At best, with a fledgling computer science student. Please. Over the past two decades, open-source development has become a key driver of innovation and has involved professionals and companies of all kinds, starting with large international research centres such as CERN, which leverages open source to develop its advanced systems.

Even some companies that once saw open source as a threat and did everything to restrict its development, including spreading false information, as in the case of the “Halloween Documents” invented by Microsoft, have changed their attitude. Today, some of the benchmark foundations for open source software are supported or even see direct participation from companies such as Microsoft itself. The most prominent example is the Linux Foundation, which handles all development of the Linux kernel.

Open source software is not secure

Unfortunately, despite the evidence, there are still many users who believe that the source code transparency typical of open source software poses a security problem. According to these users, the fact that anyone can access the source code and, in pure theory, modify it makes the source code itself less secure. In fact, it is the opposite because if several competent developers are working on the same code, it is very likely that some of them will detect any problems and, together with the others, solve them more quickly than any team of specialists could in the case of proprietary software. Most large open-source projects also have security-focused developers who collaborate with other developers and specialised labs and use sophisticated static analysis and fuzzing tools that subject source code to a thorough periodic verification and review process.

Lack of support for open source software

Most open source projects offer user support in a completely different way than proprietary software companies, but often just as much or even more efficiently through mailing lists and forums where there are volunteers who volunteer their time to solve a problem with the software or answer questions about how to use the tool properly. Some projects have multiple mailing lists dedicated to specific purposes, such as a mailing list of developers to discuss hacking on code and a mailing list of end users to take advantage of product features. In addition, open-source projects use a system to track bugs, to which users can send reports and feature requests and see the status by adding comments to help developers identify problems and apply patches.

Companies that need professional support as they use open-source software strategically can sign an agreement with an associated Service Level Agreement with an organization that provides commercial support and employs developers who can fix bugs and regressions and develop new features.

Open source is a problem for companies

The misconception is that open-source software can harm a company by giving away a product for no profit or forcing a product to become open-source itself. This is not true. Many open-source licenses allow open-source software to be used with a proprietary product as long as the open-source software remains open-source. In fact, open-source code cannot be turned into proprietary, and it cannot be integrated into a proprietary product as if it were proprietary code. Moreover, not all open-source licenses allow linking or use in proprietary products, although the family of “permissive” licenses was created precisely to meet this goal and to allow companies that do not like open-source software to be able to exploit it without giving anything back to the community (I am referring to the Apache, BSD and MIT licenses).

In contrast, the family of copyleft licenses such as GPL, LGPL, and LGPL makes it a condition that all improvements be shared with the community the innovation, robustness, quality, and security features of open-source software to be perpetuated without preventing companies from making use of open-source code.

Open-source software does not generate profits

To dispel this myth, one need only cite the case of Red Hat, which IBM acquired for more than $30 billion, or about 10 times the annual revenue of the Raleigh, North Carolina-based company. Other names could also be mentioned, such as NextCloud, the European company developing a cloud solution that is superior in functionality and respect for user data ownership compared to Amazon, Google, and Microsoft.

Open-source software, let's dispel the false myths holding it back
Open-source software, let’s dispel the false myths holding it back

Of course, it is difficult to make a profit from selling an open-source product, which need not be free (and in fact, we use the concept of “freedom” of use, not “free”), while it is somewhat easier to charge for value-added services such as development and support services, and training and migration assistance.

However, it is imperative that companies that use open-source software strategically learn to contribute to the projects they rely on in one of the many ways available (purchasing a Long Term Support license, paying for the development of a feature or solution to a problem, hiring a developer, etc.) because only in this way can they be assured that the software they are using will be available in the same way in the future.

Open-source software is legally risky

Open-source components are free to use, but they come with a license that must be adhered to to avoid legal and commercial risks. If you abide by the terms and conditions of the licenses of the components you use, there is no risk involved in using open-source software. There are numerous open-source licenses recognized by the Open-Source Initiative (OSI) and compatible with the Open-Source Definition (OSD). Although figuring out how to use them correctly is not an easy task for companies without a dedicated legal team, it is always possible to find appropriate support online or use specific software for managing open-source licenses.

It must always be remembered that open-source software offers many advantages. However, it also carries responsibilities for companies that integrate it within their software products, and not only in the IT field, as the automotive and healthcare sectors today make extensive use of open-source software within their products.

Open-source code does not get along with proprietary code

Open-source software is not a competitor to proprietary code, and it was never meant to be. Often, commercial software companies integrate open-source libraries within their proprietary code to avoid investing resources in code that is already available and often does not need modification and adaptation to be used. In addition to productivity, there are also other reasons to view open source and proprietary code as complementary, such as the ability to integrate with other software packages or the ability to customize functionality quickly and easily.

Antonino Caffo has been involved in journalism, particularly technology, for fifteen years. He is interested in topics related to the world of IT security but also consumer electronics. Antonino writes for the most important Italian generalist and trade publications. You can see him, sometimes, on television explaining how technology works, which is not as trivial for everyone as it seems.