Black Duck's Dave Gruber and Peter Vescuso: Open Source Is Maturing
"We are seeing rapid adoption of open source software as well as open source management principles in the enterprise. 2012 showed a significant uptick over 2011, with enterprise more than doubling. That is an indication of the maturing of the open source market and the interest in it. The tech companies - the smartphone and software guys -- have always been huge users of open source."
03/19/13 5:00 AM PT
Mentioning open source to a typical consumer will no doubt result in puzzled looks or a reference to that "free stuff." Even in some business circles, the open source concept may only be synonymous with an alternative computer operating system known as Linux.
On the software development side of the computing industry, however, open source is known for much different reasons. Its practices have become a path to secure, rapid product development with many inherent cost-saving features. The open source business model has seen an impressive growth spurt in the last five years.
of Black Duck Software
Perhaps no one knows this better than Dave Gruber, Black Duck Software's Director of Developer Programs. Black Duck is a software management and consulting firm. The company does not specifically market its own open source product line. Instead, it focuses on helping software developers build better software faster through open source.
With thousands of open source projects under development, the software discovery process can be tricky, noted Gruber. To help enterprise organizations find and evaluate open source products, Black Duck operates the Ohloh website. At Black Duck Gruber drives developer go-to-market strategies and programs. He focuses on helping developers gain greater visibility and insights into the world of open source software leading to faster development.
In this exclusive interview, LinuxInsider talks to Gruber and Peter Vescuso, Executive Vice President of Marketing and Business Development for Black Duck, about the maturing open source has experienced and where it still needs to grow.
LinuxInsider: How would you assess the OSS market generally?
Dave Gruber: At Black Duck we have a pretty deep inventory of all of the projects having to do with open source. We stay fairly close to the growth of open source and what is happening within each community. We also have some insight into what is happening regarding trends with software.
LI: Black Duck recently released its open source report on the top rookie projects for 2012. What trends caught your attention?
LI: Are there rookie projects that involve non-browser based functionality?
LI: How does Black Duck keep up with all of this newcomer activity?
Gruber: Some of these projects involve support for what is going on in GitHub. We monitor what is going on at all the forges such as SourceForge and Bitbucket and all the rest. We aggregate information from all of those forges. We continue to see growth across those.
LI: How has all of this impacted on Black Duck in particular and the industry in general?
Peter Vescuso: We track over 900,000 unique projects today. We are seeing rapid adoption of open source software as well as open source management principles in the enterprise. 2012 showed a significant uptick over 2011, with enterprise more than doubling. That is an indication of the maturing of the open source market and the interest in it. The tech companies - the smartphone and software guys -- have always been huge users of open source. The enterprises are following quickly on the heels of that. [*Correction - March 19, 2013]
LI: What changes do you see happening as a direct result of open source?
Vescuso: IDC reported this year that in the Global 2000 market, 30 percent of the code they are deploying is open source. So that is a pretty harsh statistic for us to hang our hat on. The enterprise market really seems to be growing very rapidly. All of these trends, I think, point to the growing trend of all of these companies having an interest in using open source methods inside the enterprise.
By that I mean large organizations and large businesses are looking at what is happening in the open source industry around them. They are seeing all the innovation around cloud and mobile and the speed at which new projects are being created. They are looking at all of the innovation going on with these rookie projects and are saying that activity is compelling. They are wishing to bring those methods to their own companies internally.
LI: What needs to be done to foster more of this growth?
Vescuso: We are trying to do some educating around that with regard with our own consulting organization. I'm saying, however, that it is a general market trend. At the same time, enterprises are engaging directly with communities. These organizations are looking to influence the direction. They want to make sure that their changes and patches, etc. are part of the mainstream so they are looking to become extensions of those organizations. The whole software development process has gone through a lot of very positive changes, all around open source technology and methods.
LI: From a security perspective, are you seeing any fallout from the recent lapses involving Java?
Vescuso: It's hard to say at this point. Certainly we haven't heard anything from people within the community. There is a continuing thick lens put upon those technologies that are broadly used, especially for the masses. When you think of Java, you traditionally think of it as being used primarily on the server side, and what people are writing in the core application infrastructure on top of Java. That is not a place where there has been a whole lot of security exploitation on the core Java infrastructure side.
LI: So you are not concerned about the Java vulnerabilities impacting on open source?
This is not an unprecedented kind of thing for these types of security holes to open up. It's happened across the different platforms in the industry from time to time. I doubt that they will have any impact whatsoever on the really crazy pace of innovation that is going on today in the client side use of Java. So I would say the fallout will be minimal at best. In fact, when these things happen it causes even more scrutiny on the developers' standpoint in making things even better.
LI: In the last five years, what do you see as having contributed to the maturing of the open source model?
Gruber: One of the interesting things is when you think of open source is that while the source code has been open since the beginning of the open source concept, the process in the way that open source is developing has actually changed quite a bit over the last five years. While open source contributions have been scrutinized by often times a handful of committers who drive open source projects, because of the mechanisms now in place that support the open source world, things are much more visible from a profit standpoint than they have been in the past. The processes have matured a great deal in the last five years.
LI: How is the process different?
Gruber: No longer is it that the committers have all the insight while the contributors have their little niche. Everybody now has complete viewing and complete insight. Mechanisms and tools that are available on GitHub allow people to comment right away as soon as someone puts forward a proposal or a commit of code. The entire community can jump right in and start discussing and presenting their ideas and submit feedback.
So the openness of the discussion and the process around the way open source is built has really changed a lot over the last five years or so, mainly from some of the automated mechanisms that are put in place. And there are other public testing capabilities that make it easier for teams to test in multi-platform environments. All of this contributes to the increase in the pace that we are seeing in the overall development.
LI: If you could draw up a wish list, what needs to be done yet to further this new-found sense of openness and fluidity that is maturing open source?
Gruber: I think it's pulling the pieces together. Today, there are a number of discreet mechanisms that the community is depending on to get things done. As we continue to integrate those mechanisms, there will be new ones added. From the way new poll requests are created to the way new ideas are presented to the teams, bringing all of these mechanisms together today, people depend on certain resources to get things done. They are all very valuable in their own right.
But as we continue to integrate the pieces and parts, the value continues to increase. For instance, on Ohloh where we continually aggregate information from many sources, we are continuously looking at how can we provide additional insight to make projects move more quickly, integrating in bug-tracking data or mailing list data, in addition to the commit stream data and integrating in security data information like we do in some of our core Black Duck products. Bringing all these different pieces of information together in a more integrated fashion for people will continue to accelerate people's ability to move quickly and have a broader, more collective insight.
LI: Are communities using the same old methods for communicating, or are you seeing advancements in that mechanism too?
Gruber: I think there is room for innovation there as well. There are traditional core communication methods in place like IRC channels. I was surprised to learn recently that the Ruby community has rallied around Twitter as a communication mechanism. That might surprise you to learn that an open source community would rely on something like Twitter as a means to actually communicate. So there is a lot of room for growth from a collaboration standpoint. The big acts would be around integrating all these pieces and bits together in a more unified approach.
LI: It is evident that open source is thriving on the developer side of the software industry. But that does not seem to carry over to the consumer side as strongly. Is this a failure from a marketing perspective on open source?
Gruber: It is interesting to see the different perspectives that people have on open source. People often say they know all about free software. Of course, free does not always mean open source. The open source community has not really had much of a consumer marketing element to it. You raise a great point. People are not often aware that they are using open source software. I think many Android phone users have a sense that they are using open source. I think that recognition is starting to come over to the consumer side of things.
*ECT News Network editor's note - March 19, 2013: Our original published version of this story misquoted Peter Vescuso as saying Black Duck tracks "over 900 projects today." In fact, Vescuso said the company tracks "over 900,000 projects today." We regret the error.