When a movement becomes mainstream, managing it demands a strategy. In August 1991, Linus Torvalds, then a 21-year-old student of computer science at the University of Helsinki, casually announced through a Usenet posting: “I'm doing a free operating system, just a hobby, won’t be big and professional like GNU….” As it happened, his hobby resulted in the development of the world’s first free operating system, the Linux kernel, and kickstarted the open source software movement. Exactly three decades later, “open” has become one of the major ways in which software is developed. Companies use open source software extensively, and it’s increasingly shaping enterprise software architectures. Developing and deploying open source software is no longer just a novel idea. It’s a strategic necessity in a fast-changing digital world.
There’s no way around open source software, which can be defined as software that developers can inspect, copy, modify, and redistribute. Proprietary software-providers still dominate the market, but open source software plays an equally important role. For instance, open source Linux powered 75% of the public cloud workload in 2020, and its share is expected to rise to 85% by 2024. Some of the most popular software development stacks – such as the LAMP (Linux, Apache, MySQL, and PHP) and MEAN (MongoDB, Express.js, AngularJS, and Node.js) stacks – are open source software. Last year, around 85% of the world’s smartphones ran on Android, the open source operating system built on the open Linux kernel (See Exhibit 1.) Unsurprisingly, the ability to work with open source software is fast becoming a requirement for all software.
Business use of open source software is soaring. As many as 80% of IT departments plan to increase their use of open source software over the next 12 months, with 95% of IT specialists agreeing that open source has become strategically important (See Sidebar 1.) Software developers and data analysts, the driving forces of digital transformations, rely heavily on the open source community. They often prefer to use open source software, especially as a foundation, because the software selection and screening process is simple and lengthy negotiations are unlikely. That choice therefore allows the rapid roll-out and adoption of innovative applications. In addition to improving the speed to market, using open source software also prevents vendor lock-in and, obviously, reduces costs.
Moreover, companies are learning to tap into the open source community for talent and to upskill themselves. Some have gone beyond reluctantly accepting the use of open source software to encouraging participation by their employees in open projects. CIOs and CTOs are waking up to the fact that they have to rethink their approach and prioritize the development of open source software in order to get ahead of rivals. They’re increasingly wondering: Do we have an open source software strategy for the 2020s?
Open source software differs from proprietary software in several ways. Unlike proprietary software, for which business must pay, open source software isn’t owned by anybody. It’s available for use free of charge, but there is no support from the community for it unless, as we describe below, companies license its use from a commercial vendor. Moreover, in contrast to the source code of proprietary software, which vendors keep confidential, open source software is developed publicly, so it can be easily tested, modified, and freely distributed.
Developing and deploying an open source software strategy has become imperative for several reasons. Open source software developers, individually and collectively, look for the optimal solutions to technological problems, which makes the software they create reliable, secure – and free. Because of their incessant efforts, the software becomes better over time. Several foundations, such as the Linux Foundation, which supports open source across several technology domains, the Apache Software Foundation, and the Eclipse Foundation, facilitate the process. In partnership with digital giants such as AWS, Facebook, Google, IBM, Microsoft, Netflix, and SAP, as well as hardware makers such as Cisco, Intel, and Tesla, they set standards. They also create vendor-agnostic homes for projects, provide financial support for infrastructure, help with marketing, and appoint committees to make key decisions about projects.
The first startups catalyzed by open source sprung up three decades ago to offer support, paving the way for a second generation of firms that developed software internally, but released the source code so the community could test and refine it. Firms using this open core model – open source code at the core with proprietary code around it – offer a free product that is limited in features as well as a proprietary, features-rich version for which users must pay a subscription or license fee – essentially, a freemium business model. The extent of the product’s openness ranges from a large, open core with a small, closed crust, which can be called a thin-crust offering, to the other extreme – a small, open core and a large, closed crust, also known as a thick-crust offering.
Building on the open core model, several branded software vendors now mix open source and commercial software and offer it as a licensed cloud-based service, monetizing the support and services they provide. They offer a paid version of the software and a package of bundled services for a subscription fee. Customers receive add-ons such as dashboards and analytics, updates to ensure security and performance, security certifications, and other clearances for regulated industries. The vendors guarantee that they will support key applications even if the software becomes outdated. They also provide software maintenance, coordinate and install updates, and even offer live software support. They often act as consultants about software selection, and train customers’ employees. By using this Software as a Service licensing model, open source commercial vendors, both big and small, have succeeded in gaining ground in the marketplace. (See Sidebar 2.)
These vendors rely a great deal on the open community. In addition to employees, freelance and hobbyist programmers participate in projects, partly to gain credibility for their technical skills and mainly because of their passion for software development. More recently, some corporations have released the codes of features and adaptations they’ve developed, so they can be integrated into more software. In 2020, over 56 million developers worked on the 140 million projects (repositories) listed on GitHub, the leading platform for open source collaboration, making over 1.9 billion contributions. Amazon, Facebook, Google, IBM, Intel, SAP, and Microsoft, none of which are open source companies, are among the biggest contributors on GitHub.
No company is more emblematic of the shift in attitude to open source software than Microsoft, which initially waged a legal battle against it. The digital giant now uses open source software extensively. Most of Microsoft Azure runs on Linux, and it has created a compatibility layer, Windows Subsystem for Linux, to run Linux binary executables natively on Windows. And Microsoft has made open the source code for .NET, the software framework for Windows, Linux, and macOS operating systems, as well as the programming language TypeScript, and PowerShell, its task automation and configuration management framework. The digital giant has joined the Open Source Initiative, acquired GitHub for $7.5 billion in 2018 – then the largest enterprise software acquisition ever – and its employees are heavily engaged with GitHub, with over 5,000 of them contributing to open source projects in 2020.
Before drawing up a strategy, companies should develop a nuanced understanding of the merits and demerits of open source software.
The Pluses. There are half a dozen reasons why open source software has become so popular over time.
One, the open source software community is large, technically diverse, and committed to solving problems with digital technologies. Its virtuosity and vibrancy provides an edge, with the community ensuring that applications are developed rapidly. The bigger the problem, the more developers are drawn, like magnets, to work on it.
Two, the community uses a collaborative approach to software development, which helps drive innovation. It’s not an accident that the latest technologies, such as AI and ML, run on open source software. In addition to infrastructure, open source software powers the latest technological leaps such as edge computing for autonomous vehicles. And the next generation of hyperplexed enterprise software, which will enable the use of highly distributed systems, is likely to be open source.
Three, open source software is backed by a large number of developers. For example, over 15,500 developers from around 1,400 companies have contributed to the Linux kernel since 2005, and they add 10,000 lines of code every day, making it the world’s fastest evolving project.
Four, in contrast to closed source software, open source code can be fully accessed and customized. It is usually modular, so vendors can tweak parts of the code or add features to it to customize it for each business. That’s another reason why open source software often works as well as proprietary software at any layer of the enterprise stack for which it’s available.
Five, enterprise-grade open source software faces a lower risk of obsolescence because of the community’s involvement. Companies that rely on proprietary software run the risk of software getting discontinued or having to pay more over time, which is magnified by the fast-changing nature of digital technology.
Six, finding the talent to execute digital transformations is a challenge for most legacy companies, so they can turn to the open source community. It’s an ocean of talent and tools, with a depth unlikely to be found anywhere except in the world’s biggest software firms. Besides, it’s easier to find developers who are familiar with open source software, given its wide applicability, than it is to find people familiar with the specific tools that proprietary software demands.
The Perils. Like everything in life, there are some risks to using open source software. Compared to commercial software, whose owners offer crystal-clear legal agreements for its fees and use, licensing from commercial open source vendors can sometimes be ambiguous.
Some agreements, such as the popular MIT and Apache licenses, contain only the bare minimum requirements about software redistribution. While the MIT license is worded quite simply, the terms in the Apache 2.0 license are more detailed, so the latter is more popular with large open-source projects designed for enterprise-scale deployment such as Docker, Kubernetes, Swift, and TensorFlow.
Other licenses, such as the GNU General Public License (GNU GPL), require the free redistribution of the source code of the modified version. That implies the disclosure of the source code of even proprietary software that has incorporated open source code, which is called copyleft, and will worry business. Companies should keep in mind the cascading consequences of copyleft when using open source software.
As open source software’s business use grows, the biggest risk is that no entity will bear the liability for adverse consequences. The lack of culpability causes legal complications, especially when companies use it to develop mission-critical applications such as, say, controlling the braking system in an automobile. Companies must learn to strike a balance between reaping the benefits of such software and knowing that they will bear legal liability if anything goes wrong.
Open source software is usually secure. The open source code allows many pairs of eyes to review it and ensure it is secure. However, under-funded projects can sometimes have far-reaching security issues. Take, for instance, OpenSSL, an encryption software library used by web servers, websites, and operating systems to securely process sensitive data such as passwords and credit card details. In 2014, a vulnerability was found in OpenSSL, named Heartbleed, which led to a security-related emergency. Before Heartbleed was patched by the OpenSSL community, one-fifth of the internet’s secure web servers were vulnerable to hackers because of the bug. At that time, only one fulltime person worked on OpenSSL.
Software developers almost instinctively turn to open source software when they have to deal with technological challenges, so it’s critical to have a strategy in place that governs its use in an organization.
The first step is to clearly articulate the purposes for which employees can – and cannot – use open source software. Doing so will help employees figure out in which domains they’re allowed to leverage such software and how to select tools, so the organizational risks of using open source software are tolerable. The key factors that will shape those decisions are the software’s popularity, maintenance costs, and its degree of security.
Every company needs to set up governance, legal, and risk structures for using open source software. It must stipulate whether it prefers a standard license or would like to draw up its own license, and how comfortable it is with the copyleft provision. Although the latter may be most equitable, most companies avoid licenses that contain the copyleft requirement.
Depending on their appetite for it, corporations must develop the capabilities to manage open software’s use. Most of them set up program offices that act as one-stop shops for open source-related activities. They coordinate internal activities around legal, technical, and security issues as well as outward-looking activities such as marketing and communications.
Other companies have established open communities of excellence. They identify the open source software each department in the organization uses, and foster collaboration as well as best practice sharing. Catalyzing exchanges between enthusiasts and getting the various functions to share success stories help companies realize the full potential of open source software.
Finally, businesses should decide if employees can contribute to open source initiatives, either as part of their jobs or in their own time. Much will depend on the company’s ambitions, but it’s not as much of a stretch as it may appear. In recent times, Walmart has released an open source cloud-management system, ExxonMobil has unveiled a developer toolkit to help energy companies adopt standard data formats, and JPMorgan and Wells Fargo have invested in Hyperledger, an open source software suite for enterprise-grade blockchain deployment.
Smart companies will follow in their footsteps by identifying the range of benefits they seek from open source, from attracting talent to growing revenues. They will then decide how to operationalize their objectives by, say, using the software, contributing to projects, or participating in the activities of the foundations. They can start by participating in small projects, such as contributing fixes, and scale their involvement over time. Importantly, companies can influence the development of emerging technology standards by building open source ecosystems. For instance, in 2014, Google launched an open-source container orchestration system, Kubernetes, which is becoming the de facto standard for container management.