Jonathan Marsh – Vice President, Strategy at WSO2 has penned an op-ed that takes a much closer look at Open Source, and he argues that despite its challenges, open source has never ever been more relevant than it is now.
Independence. Freedom. Agility. These are common requirements for innovative businesses – the kind of businesses that thrive in economies such as those found today in the Middle East.
Relatively young demographics mean large populations of digital natives demanding more and more digital experiences. To achieve this, regional businesses in industries from retail to banking to hospitality are looking for ways to cut costs and untether themselves from expensive or restrictive technology vendors.
One way to do this is by opting for open-source software, where the DevOps team answers to nobody except end users. But a debate around the long-term viability of open source has begun to obscure its many advantages. Let’s look at some of the recent challenges affecting open source adoption.
Security
Open source comes with a global community attached, and is widely recognized as the best architecture for secure software. But not every member of this distributed community can be properly vetted.
Recently, a Microsoft engineer discovered a flaw in XZ Utils, a data-compression tool used in most Unix operating systems, including Linux. Investigation of the flaw led to the discovery of a backdoor installed by a malicious actor posing as a helpful contributor that would allow compromise of any SSH connection initiated from a Unix box with XZ Utils installed. A Wired article characterized the backdoor effect as having the potential to “dwarf” the infamous SolarWinds supply-chain attack.
The previously unthinkable possibility of such an attack originating in open source calls into question the perception of open source being immune to such manipulation.
SaaS
It is easy to see the appeal of cloud-native software. Platform independence is assured, and no downloads or infrastructure provisioning are required.
Many things that cannot run on standard laptops will be accessible through SaaS. On top of all this, versioning is automatic, which removes maintenance headaches. SaaS challenges open source’s claim to be the easiest way to acquire, use and manage software.
Mega-cloud
Powerful cloud players like Amazon pose a competitive threat to SME ISVs that try to offer SaaS versions of open-source products. And so, we see more vendors moving to “source-available” licences to provide most of the benefits of open source to most users, while preventing “predatory” use.
Such source-available vendors include MongoDB, MariaDB, Cockroach Labs, Couchbase, Redis, Hashicorp, and Elastisearch. While for many users there is little practical effect, they lose the benefits of using a standardised licence, and lose trust that the licence terms won’t change further in the future.
Investor sentiment
Traditional VC investors appear lukewarm to open-source startups. Entrepreneurs must find a way to draw an indirect line from product uptake to tangible returns.
To an investor free and open software appears at odds with the concept of monetizable proprietary IP and so it is hard to convince them of a route to quick returns.
To even have a chance of funding, founders may have to build their company under a dual-licensing model, which keeps critical functionality out of open source.
Regulation
The Middle East, and the Arab Gulf region in particular, is awash with regulations on the use of data. With respect to privacy and residency, regulators are strict and issue stiff penalties for non-compliance. Around the world, regulatory frameworks are arising to help establish security assurances for open source consumers.
The US Cyber Trust Mark Act creates a voluntary certification for open-source organisations. The European Cyber Resiliency Act requires self-documentation of security practices, including patching policy, for all software creators including open-source developers.
These efforts may indeed increase confidence around popular open source, but also impose significant burdens on new software emerging in the market, disincentivize the choice to release as open source, and may lead to stagnation in the open source commons.
Open-source – never more relevant
And now for the rebuttal. The plain fact is that despite its challenges, open source is more relevant now than it has ever been. Here are the reasons why.
Better software
In the Middle East, where quality digital experiences are fast becoming the difference between relevance and obscurity, open-source is where some of the best software can be found. Transparency builds up robust best practices over time because a global community is constantly challenging norms and sharing breakthroughs in a marketplace of ideas.
Open source has a tradition of attracting the most knowledgeable devs from around the world. And if one of them comes up with a better, faster way to, for example, connect to a remote database, they freely share it with others, reducing duplicative efforts and enhancing quality throughout the industry.
If someone creates a new tool, it can be evaluated more thoroughly and quickly. This leads to further quality enhancement because a technical consensus can coalesce around the best tools and best practices.
Fairer costs
Traditional software vendors can price out some organisations and even those that can afford their offerings have no say over product direction and maintenance.
Open source is a viable legal path to low-cost software in a market that is transparent enough to give users a stake in the future of solutions.
Software independence
Open source transcends geopolitical tensions ranging from vendor distrust, procurement preferences or restrictions, even up to international sanctions. Even if you can no longer work with a software vendor for policy or legal reasons, with open source you have everything you need to blaze your own path forward.
Our future, our way
The region’s enterprises are focused on playing starring roles in governments’ ambitious economic diversification programs. This requires agility and flexibility, which cannot be achieved if they have to ask permission to innovate.
On this point alone, the case for open source is made. Organisations such as OpenSSF (Open-Source Security Foundation) are working to refine security practices in answer to concerns about open source in this regard.
This is particularly significant when one considers the control over data privacy and residency open-source development enables– something that not all SaaS systems can claim. Software independence and the ability to be self-contained in the face of geo-political instability should be pursued for the benefit of the citizenry.
We should also note that on-premises architectures are growing in popularity as organisations look to “reshore” SaaS to reduce costs. Kubernetes, the open-source container orchestration system, provides all the scalability, reliability, and ease of management of a cloud-native system and it has become an industry standard.
Prospective investors in open source should pay heed to the freedom to innovate when not tied to a single vendor.
Value in open sourcing is often indirect and requires a long view. The region is growing its digital ecosystem and open source is a key to providing the freedom required to flourish.