OpenLogic, a provider of open source packages, has begun the task of quantifying the extent of open source code used on enterprise computers. The company will roll out its global Open Source Census in several phases over the next six months.
In early December, OpenLogic announced the first phase with the release of OSS Discovery under an open source license. The company also issued a call for open source developers, software vendors and large independent software vendors (ISVs) to join the Open Source Census project.
The idea behind a survey of open source use resulted from informal conversations OpenLogic had with its customers. The company offered a free tool, OpenLogic Discovery, to help businesses identify open source products installed on their networks.
“We asked our clients what open source products they used. No one knew. We started to confirm that people were using a lot more open source programs than they thought,” Kim Weins, senior vice president of marketing and products at OpenLogic, told LinuxInsider.
The overreaching goal of the Open Source Census is to paint an accurate portrait of open source usage inthe enterprise, according to OpenLogic. Many enterprises do not know what open source software isinstalled on their desktops and servers. Traditional market research methodologies are insufficient toidentify what open source projects are gaining traction in the enterprise, said company officials.
When pressed to venture a guess about how much open source code an enterprise’s computer network held, responses fell far short of even coming close to what the company’s free detection tool found. For example, an estimate of about 25 products often turned out to be 200 open source products, Weins said.
“Other companies offered a list of hundreds of applications [approved for use]. But we found as many as150 open source products in use that were not on the corporation’s approved use list of software,” shesaid.
Traditional software use surveys do not provide accurate results in trying to count and quantify opensource usage, according to sponsors of the census. Enterprise users often get open source software through downloads since many open source projects are not owned by commercial vendors.
“These methods just don’t give a clear picture that our data shows. The census will aggregate all of thisinformation,” said Weins.
Involving more than free Linux distributions, open source code is used within many applications. Thisdefies accurate cataloging, explained Weins. Companies interested in participating in the survey candownload the free detection software and report results from the OSS Discovery Web site. Other details about the survey project are available here.
To make enterprise users more aware of the software installed on their networks, OpenLogic is working with CollabNet to gather the results. CollabNet, which provides collaborative software development, is maintaining the Open Source Survey Web site.
“CollabNet is excited about the potential of what the Open Source Census can accomplish,” said BillPortelli, CEO of CollabNet. “Now, enterprises will be able to discover, quantifyand learn more about their actual usage of open source. The data will also allow companies to collaborateinternally and with open source communities using distributed development infrastructure such as CollabNet to innovate and ensure the success of open source in the enterprise.”
How It Works
The OSS Discovery tool finds installed open source software by matching program code against an extensive fingerprint library. Open source software has identifiable imprints or fingerprints unique to each open source project.The detection tool works with multiple machines on an enterprise network through remotely executed scans. It can also be used on individual consumer computers.
Each OSS Discovery scan produces a text file that lists the open source packages and versions found. These results can be reviewed for an individual system as well as sent to a server for aggregation and further analysis. Companies wishing to participate in the survey upload the survey report OSS Discovery generates to the survey’s Web site.
The detection tool works on workstations and servers running Windows, Linux or Solaris operating systems. The existing detection tool does not mask identity, but an upcoming release will have an option to let users send an anonymous scan to the Open Source Census.
OSS Discovery can be used under the GNU Affero General Public License version 3.
The next phase of The Open Source Census will be in the first quarter of 2008, when the project will begin collecting data on open source usage from enterprise, according to Weins.
All the basic anonymous aggregate data collected through The Open Source Census will be provided for free on the OSS Discovery Web site. This aggregate data will list the number of times each project has been installed on computers across all participating enterprises.
“This is an ambitious and worthwhile effort by OpenLogic, and it will be highly successful with the active involvement of the leading members of the open source ecosystem,” said Andrew Aitken, CEO of the Olliance Group. “We hope that the community sees the value in participating so we all gain better insight into how open source software is being used in enterprises and government today.”
There is a growing demand for knowing the extent of open source usage, according to OpenLogic officials. Enterprises struggle to sift through thousands of open source projects to determine what might work for them. These reports can help companies benchmark their own open source usage and identify opportunities to leverage the benefits of more open source software.
However, not all industry watchers agree. One enterprise security expert questions the need for a survey.
“I see this as more of a tactic to put the company in the limelight. The industry doesn’t need a census,”Paul Henry, vice president of technology evangelism at Secure Computing, told LinuxInsider.
Open source licensing already requires that the user have knowledge of what open source products a company uses, he said. There are very costly settlements for code infringement.
“Companies know they have to be aware of open source components in software they develop or use. The price they pay in penalties will increase many times for not complying,” Henry explained. “This becomes a due diligence matter for the COO.”