In a show of support for the Open Solutions Alliance , I attended Wednesday's Open Source Business Conference (OSBC) and took the opportunity to attend "Constructive Disruption: An Enterprise Perspective on Open Source." Highlighting a diverse group of panelists (Sony Playstation, H&R Block, MIT and Christian Science Monitor), the standing room only session focused on the use of OSS in their respective organizations. According to Oliver Marks, Senior Manager Web Portal, at Sony Playstation , they chose to go "100% Open Source," because it gives them much more granular control over what they need to do. Russ Danner, Software Architect at the Christian Science Monitor , explained that as a non-profit organization, cost was definitely a consideration but simplicity ranked highest for them. Daniel Cahoon, Architect at H&R Block , said that although he is new to the Open Source experience, his initial reaction is that Open Source allows him to do much more for less money. In their collective wish list of things they wanted from Open Source, all of the panelists agreed that interoperability and integration with legacy applications were at the top. This sentiment really hit home with me, providing an un-biased testament to the desire for OSS solutions that not only work well together, but that work well with commercial solutions not meant to work well with anything. It also further underscored Palamida's belief that joining the OSA was the right thing for us to do. Here were a completely diverse group of panelists all wanting the same thing — ease of use and integration. Kudos to the OSA for banding together to meet these important objectives and working to further facilitate the adoption of OSS in the enterprise.
All of the panelists confirmed that Open Source is a key component of their application development process but that they each had varying amounts of difficulty in getting the approval to bring it in house. They cited OSS license complexity as well as bureaucracy as their biggest obstacles.
The most fascinating part of the session was the Q&A. Someone in the audience pointed out that although all the companies cite the use of OSS, they seemed to embrace only quasi-commercial Open Source rather than community-based. This was a great observation. Dan, from H&R pointed out that this is due to the comfort level of the management -- service agreements, updates, etc. Only Wilson D'Souza , Director, Infrastructure Software Development, MIT, ticked off the community based OSS his team is using. This got me to thinking about the differences between Open Source and what I'll dub, "Open Source Lite." Another audience member asked why the panelists thought the US lagged behind the EU in the adoption of Open Source. Though no one on the panel could confirm this to be true, they all pointed to the complexities of Open Source licenses and the fact that it was "unfamiliar." The best comment came from an audience member who asked if OSS is really all that more complex than, say, Microsoft's 8b licenses and requirements. Another great observation. I think the "complexity" really lies in the lack of understanding and ambiguity of OSS licenses, but then again, how is that any different than a commercial license?
I posed a question to the panel, in terms of managing Open Source "complexities" such as licensing and vulnerability issues, I asked how many of the panelists actually had a risk mitigation process in place and what were they doing to manage the inclusion of OSS in their code base? Their answers were unfortunately, not surprising. Dan from H&R Block stated that he had never talked to more lawyers in his whole career than he talks to now. Oliver at Sony Playstation noted that he doesn't concern himself with OSS legal issues, the attorneys hash that out. The point worth noting is that none of them mentioned proactively monitoring the inclusion or security of OSS. No company brought up their acceptable use policy and no one pointed to the use of code audits at the front or back end of the build process. While I am all for the use of OSS, I'm way more for software risk mitigation and proper management and use of OSS.
Don't get me wrong, the more we foster open communication in relation to open source, the better for all involved, but I truly believe that we need to ensure the safety and integrity of the open source we're using to drive our growth and innovation.
--Melisa LaBancz-Bleasdale
