Open Source: Mythen en Realiteit

Deel 2 van 2

Open Source 2:2

When acquiring any asset an organisation depends on, including open source (OS) software, serious risk management is key.

In the case of OS software, you will need to provide answers to questions such as: How many developers does the community consist of? How long has the project existed and is it ‘carried’ by the right organisations? Is it being actively worked on? Am I willing to contribute to the community myself? Is there a helpdesk? The commercial software you use contains OS components, does the supplier have a good relationship with all these communities?

Myths

The term ‘Open Source’ evokes many emotions. Supporters praise the ‘community idea’ and see a group of developers who, out of passion or dissatisfaction, develop software that is more secure, ‘open’, sustainable, cheaper and powerful than commercial software. Critics point to unstable communities, the fact that there are no guarantees and that the money is then simply made through expensive implementations and support contracts. The fact is that there are open source gems like Linux, powerful libraries, security solutions like Keycloak and OpenSSL, powerful databases, CMS packages. Not for nothing does every commercial software vendor use open source components!

Contributors

Reality

The fact is also that a lot of software is used whose open source components are obsolete and some critical open source projects lean on a community of sometimes only 3 members. Also, the assumption that open source is more secure than other software because of peer-review by the community no longer holds true. Software has simply become too complex and only a very select few are able to do a thorough peer-review. Just think how complex the major Linux file systems like the Ext family, XFS, Btrfs, F2FS, JFS, and ReiserFS are.

In addition, it is important to consider whether you have the in-house knowledge to install, implement and manage the software yourself because ‘the supplier’ does not exist in many cases. Things like support, guarantees for new versions or support for new hardware and software can of course be contractualised. But then again, you are simply dependent on third parties who can (partially) take care of this for a financial fee. Support is only as good as your relationship with the community that builds the solution and the companies that support it. No relationship? Then you are a nothing more than a number in a long queue.

Open source and the Dutch government

The Dutch government sees an important role for Open Source software. Common Ground is just one example of such an initiative developed by VNG and now also supported by the government. This project should eventually lead to solutions that allow our government to develop new solutions and services more flexibly, faster and cheaper. The projects and project groups are listed in commonground.nl and give an impression of the amount of manpower behind these solutions. But ultimately, municipalities, ministries and other organisations have the responsibility for installing, implementing and maintaining this software. Just like regular software. And so you will have to decide how to do that; All in-house? Host it yourself and let a third (reliable) party take care of it as a Managed Service? Or purchase as a SaaS service from a reliable partner?

Open Source is a very general term and it is too easy to look only at the, lumped together, advantages. But as with anything, it is precisely the disadvantages that can start to bother you. It is up to you to decide how you are going to solve the lack of contracts, SLAs and other guarantees that you normally get from a commercial software vendor.

Another discussion…

The, sometimes almost religious, discussion about Open Source (or not) is not the right one. What is more important is that the government has a clear strategy and that this is filled in with the right architecture. That part of this architecture consists of Open Source components that the government, or an organisation close to the government, defines, maintains and supports itself is only logical. But then it is up to the organisations themselves to decide how they shape their IT initiatives; in-house with their own specialists, wholly or partly in the cloud with their own specialists or buying as many services as possible as a service from the cloud.

More and more organisations are opting for the latter so that they can focus on digitising and ‘automating’ existing processes and coming up with new and more efficient ones. And what kind of software this is done with will be of concern to many organisations. IT should not be about the form the software is cast in, but about the problems and challenges it solves. And so it should be.

Contact

How can we Enable U?

Contact us right now!

"*" indicates required fields

Upon submission of the form i agree to the collection of my name, email address and possibly telephone number in accordance with the Enable U Privacy Policy
This field is hidden when viewing the form
This field is for validation purposes and should be left unchanged.