Those familiar with open source know that it works and comes with many benefits. A testament to the rising adoption of open source is the recent moves by software giants such as Microsoft, IBM, and Oracle into the open-source community.
This corporate migration to open source is continuing as many organizations, both large and small, turn to open source in tough economic times. Amid the continuing adjustments in staffing and operations the pandemic is causing, open source is helping enterprises and industries reduce costs and improve their ability to innovate.
A recent survey by Tidelift found that 68 percent of organizations recently turned to open source during the economic downturn to help them save time and money.
While Big Tech companies have the resources they need to succeed, this begs the question for many smaller organizations and/or development teams considering open source: how can they leverage the myriad of benefits it has to offer in order to be successful?
One way to manage a migration to open-source technology is by using a management platform that monitors the various components in use. As open-source use continues to expand, so have software companies that focus on developing management platforms that offer a complete solution for maintaining open-source components backed by project maintainers.
Organizations are quickly learning that the developer community has a strong affinity for and loyalty to open source, according to Todd Moore, vice president of open tech at IBM. With that knowledge comes the realization that the more open they are to embrace open source in their own development, the better chances they’ll have of recruiting and retaining the top developer talent.
“We’ve seen large organizations come around to embracing open source more than ever in this last decade, and we expect that to increase as it becomes an even more pivotal part of software development,” he told LinuxInsider.
A new survey by O’Reilly Media and IBM reveals some accolades for open source that no doubt reflects its continuing adoption. The survey polled 3,400 developers and technology managers in the fall of 2020. The survey found:
- Open-source software was rated equal to or better than proprietary software by 94 percent of respondents.
- When choosing cloud providers, 70 percent of respondents prefer one based on open source.
- 64.6 percent of respondents preferred skills related to the underlying open-source technologies (such as Linux and Kubernetes), while 35.4 percent preferred skills related to a specific cloud platform (i.e., AWS, Azure, or Google).
- 65 percent of respondents agree completely that contributions to open-source projects impress potential employers and result in better professional opportunities.
Organizations encourage the use of open source because they understand that they often get a lot of value for zero cost over commercial solutions or developing something entirely in-house, according to Odysseas Lamtzidis, developer relations/advocate at Netdata.
“It is often possible that certain needs can be completely covered by open-source solutions,” he told LinuxInsider.
Open Source by the Numbers
In June of 2020, Tidelift conducted its annual managed open-source survey of technologists. Over 600 people shared how they use open-source software today and what influenced the migration.
This survey confirmed what many open-source adopters already experienced. That is, in tough economic times, open source helps companies save money. Even in better economic times, open source contributes to better productivity. Clearly, the COVID-19 pandemic and ensuing recession are changing the way respondents’ organizations think about and use open source.
One key finding Tidelift found is that open-source use is rising during the COVID-19 recession. That finding seems to support a trend in which open-source software can save money on development costs and corporate purchasing expenses.
Forty-two percent of respondents said their organization’s application development budget was cut because of the economic downturn. Only 10 percent said spending had increased. That budgeting adjustment led to a commitment by 60 percent of the responding organizations to use more open-source applications.
Encouragement of open source is even more likely (60 percent) among organizations cutting budgets due to the economy. Interestingly, the use of more open source is also being encouraged at organizations with rising app development spending, according to Tidelift.
The Tidelift report also solidified the recognized benefits of using open-source code instead of proprietary solutions. More than two-thirds of respondents (68 percent) said open source helps them save money and development time by using existing open-source components versus writing new code.
Efficiency was another key factor highlighted in the Tidelift survey results.
Forty-eight percent of respondents reported increased efficiency of application development and maintenance as a key reason for their open-source use. Yet, organizations with more than 1,000 employees were more likely to cite efficiency (61 percent vs. 41 percent for organizations under 1,000 employees) as a reason for encouraging the use of more open source.
The size of the organization correlates to the larger support for open-source use as well.
Vendor lock was a third prominent benefit of using more open source over more costly proprietary applications, according to 40 percent of respondents. The report noted that half of the responding organizations with over 1,000 employees cited vendor lock protection compared to 37 percent for organizations with under 1,000 employees.
In the Clouds
Enterprise users adopt open source either directly from community distributions or indirectly via commercial offerings. They contribute back to the communities to make improvements, drive enhancements, or improve skills, observed IBM’s Moore.
“Because so many companies are moving their workloads to the cloud, enterprise developers are embracing open-source container frameworks like Kubernetes and OpenShift, which has led to an explosion of open-source adoption in the past few years,” he said.
Additionally, many clouds run on a Linux operating system, so new adopters are often embracing Linux as well. A recent O’Reilly survey commissioned by IBM indicates that nearly 95 percent of the 3,400 developers and IT managers surveyed considered Linux important to their careers, while 90 percent of them considered containers to be important to their careers, Moore explained.
Over the last year of the pandemic, organizations accelerated their move to the cloud. This move to the cloud is the bigger driver in the adoption of open source, particularly tooling and frameworks to manage these new cloud environments, according to John Kinsella, chief architect at Accurics.
“We are also seeing organizations get more sophisticated in how they run DevSecOps in cloud environments,” he told LinuxInsider.
Open Source in Demand
Companies view open-source software as a great way to be flexible and avoid possible costly vendor lock-in, noted Netdata’s Lamtzidi. He also sees some good arguments that usually make the case for a commercial project to use open-source technologies.
“Faster time-to-market along with increased security are important considerations. Open-source projects are usually audited by many different contributors, leading to increased code quality and no secret backdoors or vulnerabilities,” he said.
Open source can be a great cost optimizer for certain businesses, he continued. It is cheaper to have a business running on Raspberry PI and Linux than proprietary Windows machines.
“We are seeing this in a number of schools that have replaced their aging computers with cheap, open-source alternatives, such as the Raspberry Pi. Likewise, many companies are looking to use open source as a great way to decrease costs, which is critical given the unusually high uncertainty due to the pandemic,” said Lamtzidi.
In 2019, over 16,000 vulnerabilities were disclosed across proprietary and open-source software. Over 1,000 of those were scored critical, according to Jennifer Fernick, global head of research at NCC Group.
Computer security experts are quick to point out that all computing platforms are vulnerable to varying degrees. Linux and open source are nonetheless regarded as more rigorous and quicker to fix when problems are discovered.
Vulnerabilities are not rare, and both CVE metrics and reasoning through the increased digitalization of our world give us strong reasons to believe that this problem is only going to get worse, Fernick reasoned.
“Open-source software is a significant part of the core infrastructure in most enterprises in most sectors around the world and is foundational to the Internet as we know it. Consequently, it represents a massive and profoundly valuable attack surface,” she told LinuxInsider.
Many of the best things about open-source development invite unique security challenges to overcome. Fernick noted that what is needed to make open source more secure than proprietary software includes:
- Articulating a cohesive threat model of the open-source ecosystem;
- A shared, data-driven identification of the world’s most critical open-source projects;
- Funding for security improvements, audits, and research;
- Interventions to prevent vulnerabilities in the first place;
- Continued research and open-source tool development to scalably find as many vulnerabilities as possible in a codebase in a repeatable and automated way.
A good portion of continued open-source growth is based on trust in the modern open-source community, noted Accurics’s Kinsella. That includes, to a large degree, how the communities respond to security issues.
“In 2021, this definition of trust may change as we start to expect binaries to be signed and security of the software supply chain to become more commonplace,” he said.