Westminster eForum Speech
Today I had the pleasure of addressing the Westminster eForum event on Free and open source software in business, in government. I had a five minute slot following the excellent Karsten Gerloff of the Free Software Foundation Europe, then after speeches from Paul Holt, Andrew Katz and Christopher Roberts we had a panel Q&A with questions from the audience. Here are the notes from my speech, transcripts of the whole event will be distributed around Westminster. The seminar was sponsored by our friends at Sirius.
Hello & Good Morning Ladies & Gentleman.
My name is Alan Lord and I am co-owner of The Open Learning Centre; an Open Source Software Consulting and Services business based in Surrey.
In the few minutes I have I would like to briefly discuss a few of the themes that were suggested for this session.
So, starting with the first one then:
The challenges faced by small, medium and large organisations implementing Free & Open Source Software?
For me, one of the key challenges is Procurement:
Procurement practices have not kept pace with changing times. Existing policies and procedures often struggle with the idea of acquiring something that is ”free”. In addition, in our Free Software marketplace, many suppliers do not have the budgets or resources to participate in lengthy tendering processes and, frankly, often have better and less costly opportunities to pursue elsewhere.
Another challenge is lack of familiarity and knowledge: There is still a significant proportion of the population who haven’t really heard of, or understand what Free & Open Source Software is, even though they may use it everyday. The Open Source community has made tremendous inroads and awareness is definitely increasing, but bear in mind, we are competing against companies with multi-billion dollar marketing budgets.
Now I’d like to move on to mention something about:
The costs of deploying Free and Open Source software?
Firstly, it’s important to recognise that the ”free” in Free Software generally refers to freedom and not necessarily the price; although Open Source Software is frequently zero cost too. It should be recognised that implementing any software solution has costs, whether or not the software itself is freely available.
Time, of course, is not free; training, consulting and other professional services require people and knowledge, all of which have a cost whether they be internally or externally sourced. Although I feel fairly confident in saying that Open Source providers tend to charge comparatively less, I would recommend you use your experience to estimate and budget for the financial costs of the professional services you will need to acquire. Typically, the work required will be similar, in volume at least, for any given project whether Free or proprietary.
The financial benefits of Open Source really make an impact once you start using it: There are no ongoing licensing fees; you may copy and replicate what you have as many times as you wish. Product development, bug fixes and new features can generally be introduced at your discretion, and not that of your software vendor.
Another question that is often discussed is:
Is Open Source Software vulnerable?
Open Source Software is widely regarded as being inherently more secure than comparable proprietary software. Generally I would concur with this; particularly with regard to Operating Systems such as Linux and BSD. However, no software is ever infallible or 100% secure, so as an IT manager one must take all available precautions.
Many of the stories of Open Source vulnerabilities are, in the end, down to lack of skill or knowledge in setting up and maintaining these systems; this is just the same as with the proprietary alternatives. Again, skills and good education are the key to minimising these risks.
Free and Open Source Software is created in a very different way to legacy software. The ‘source code’, or instructions, are public; anyone can look at them. In a well managed Open Source project this visibility actually helps to improve the security of the end product. The benefit of this code-transparency was famously described by Eric S. Raymond, a well known Open Source author and advocate:
“Given enough eyeballs, all bugs are shallow.”
And finally I’d like to touch upon the question:
Who is responsible if Open Source Software is compromised or malfunctions?
Well – to be blunt. You are.
But then how is this different to proprietary solutions? If you’ve ever read a License Agreement for proprietary software then I’m sure you will have noticed that they start by disclaiming all liabilities, warranties and risks. Here’s one sentence taken from a very famous proprietary software vendor’s license agreement:
“The entire risk arising out of use or performance of the OS Components AND ANY SUPPORT SERVICES remains with you.”
If your chosen proprietary software is compromised or malfunctions what happens? Basically, you await the benevolence of the manufacturer, who is hopefully still in business and has a copy of the version of your product. With Free and Open Source Software, you will ALWAYS have a copy of the source code available.
A key feature of Open Source licensing, and something that is specifically NOT offered in the proprietary world, is the empowerment to improve and change it yourself. This doesn’t mean that you have to write the code though, there are lots of developers who will do that for a fair price.