OSS Software Not Without Risk, says analyst.
Let’s analyse the [link|http://www.theregister.co.uk/2004/11/02/issues_with_open_source/|analysis]:
Open source quality is not guaranteed. The reality has been that some open source products have delivered exceptional quality in terms of design, robustness and ease of use. Apache and Zope are good examples. Open source has proven to be a viable approach to developing software but there is no guarantee that it will deliver a specific quality of product - that depends on the core team and the organization behind it. And this is, of course, quite variable
Well, no SHIT. Different products vary in quality. This paragraph is pure filler. Someone’s getting paid by the word.
There is no standard open source license. Actually there is wide variety of open source licenses, just as there are a wide variety of proprietary licenses. Small companies may not care too much about this, as they probably have never even read a license, but large organizations do care because they have to. No large organization can afford the risk of not knowing the license terms for the use of key software products. The Open Source license is not a commercial contract and this may mean that the user is exposed to some legal risks.
Again, the sky is up, the ground is down, and Bloor has another attack of Bleedin’-Obvious-itis. Windows’ licence is different to Solaris’ licence is different to Oracle’s licence. Another clue: software licences are not contracts.
Open source does present some legal risks. The risk is not so much from source code being copied from proprietary products - because the source is open, there is a strong incentive for open source developers to be completely honest and (the SCO v IBM case notwithstanding) it is highly unlikely that open source products contain proprietary code. Actually it is much more likely that proprietary products do - but as no-one gets to see the code, the legal challenges are few. However open source products can, unwittingly, violate patents and the owner of the patent can legitimately sue the user of the open source. The lawyers go after the money rather than the source of the violation, which means targeting users, as SCO has. The legal risk is probably much higher in the US than elsewhere, as the US is more of a litigious society.
Well, this is arguable. I have been wandering around under the distinct impression that even if software contains code that infringes someone else’s copyright, the end user is not liable. Could someone confirm or deny that, please?
Legal Indemnification. This brings us to the fact that many open source users have a genuine requirement for legal indemnification. The need for this depends upon the level of risk. The level of risk of IPR violation with some open source products is close to zero, because they are simply imitating and extending commercial products in areas where no patents are filed. Many business applications are of this ilk, but some applications are not. An open source product like GIMP, which is an Adobe Photoshop competitor, could easily infringe one of the many photo retouching patents that exist. Thus the risk varies. So far no-one has fallen foul of this, so the risk may be negligible, but it is too early to say.
Wasn’t there a Microsoft case involving SQL Server where end-users were threatened with lawsuits? I’m not 100% sure of the details but I think that Microsoft offered post-hoc indemnification, rather than indemnification up-front. Natch, this contradicts what I said above. Ho hum.
Vendor support. This brings us to vendor support. The strong support among commercial vendors for some products - notably Linux and Apache, is not the general case for open source. There are, roughly 70,000 open source projects and only a handful have what one could describe as strong support from commercial vendors. Computer Associates is standing behind Zope and Plone (as well as its own Ingres). Eclipse has strong support in IBM and elsewhere. Novell owns Ximian and Sun Microsystems and has a clear interest in Open Office. These are however exceptional situations rather than the rule.
I'm presuming for the sake of discussion that the 70,000 figure is pulled from Sourceforge or some other /dev/arse-a-like. So what, basically. The vendor support for many, many commercial products sucks hairy arse.
It's only the license that is free. Even in the above examples where a large commercial vendor has a deep interest in an open source product, the actual support you can get varies widely. Perhaps the major attraction of open source is that the license can cost nothing, but from then on, all other software costs apply to some degree: maintenance, software distribution, upgrade costs and patching, security, performance management, integration, training and so on. We could classify all of this with the word "support". The extra costs here vary and may be trivial for some products, but for others they are not.
So it’s free, but people cost money? This is news? I want Robin Bloor’s job. My first column will be about round wheels and their benefits to motor transport.
The talented techie factor. Some organizations have built up small teams of technicians that can exploit open source products. In doing this they cover the support risk internally and can make good use of the support networks that exist for open source products, so they address the support issue. But this is probably not an option for small organizations and very large organizations. The smaller organization will not be able to assemble the talent required and will rarely have any desire to develop such expertise anyway. The much larger organizations could invest in such a strategy but there is a need to co-ordinate support at the corporate level and the policy is more likely to be to outsource such activity - in which case they need a good support organization to outsource this to. The dilemma for such organizations is that IT support itself is a very complex issue and they already are likely to have too many agreements with too many suppliers. Open source can be seen as a needless complication to an already over-complex situation.
Anyone who has been near an even remotely complex Windows deployment is conscious of the fact that you need talented people who understand the products to make it all happen. This is, apparently, an OUTRAGE when the same requirement exists for OSS products. The last two sentences are speculative filler. What’s the rate per word, again?
The "compliance" factor. Different organizations in different industries have "compliance" standards that they need to adhere to. We're not talking here simply about data protection or Sarbanes-Oxley, but industry best practices that are very different between, say, the pharmaceuticals industry and manufacturing. IT is already a part of this in many areas and its importance will only increase. There is also the factor of local liability laws which are different between Germany, the UK and the US. The challenge for open source is to fit well within such "best practice" schemes and this normally means providing an acceptable support structure. Commercial software vendors are normally well aware of such issues but open source organizations are less so.
Well, this is somewhat away from my experience but I’d speculate (hey, if the analyst can, so can I) that if you’re in the market for a “compliant” product, you’re already aware of various requirements and whatnot. And no, general commercial software vendors are NOT normally well aware of this sort of thing and if they are, they do like MS and put a big disclaimer in the EULA about their product not being suitable for such things.
The sooner we outsource IT Industry Anal-ists to India, the better, say I.
