In this issue, Bernard Golden, author of Succeeding with Open Source, discusses open source software, its pros and cons, and how to choose the right Linux implementation for your business.

What is open source software and how is it different from traditional software?
The primary difference between open source software and traditional software is the licensing conditions under which open source is distributed. Traditional software licenses tightly control the use and distribution of the software in order to ensure consistency, so they can realize revenues from license sales. This means, for example, you are usually restricted as to how many machines you may install the software on.

Open source software, by contrast, is distributed under licenses designed to encourage widespread use with few restrictions. This means you can use the software on as many machines as you choose.

Another important difference between open source and traditional software is that open source is distributed as source code, which users are encouraged to modify and redistribute. Users can modify the product to better serve their needs rather than being forced to live with the product's functionality as is. One of the few restrictions about open source is that, should you modify the product and redistribute it, you are expected to make your source changes available.

This is a general overview of open source software licenses. There are additional nuances depending upon the specific license. For most IT shops, license differences don't really mean anything because they don't modify the product and don't distribute to other organizations. If you want to know more about licenses, Larry Rosen's book Open Source Licensing: Software Freedom and Intellectual Property Law (Prentice Hall PTR, 2004) is an excellent reference.

Is all open source software also free?
Open source software tends to be extremely inexpensive, available on CDs at a low price, and usually also available for download at no charge. Open source products are usually not built by commercial entities but rather by informal project teams, so there is no company as such that distributes and charges for the product.

Anyone can take an open source product and distribute (and charge) for it; however, open source licenses preclude a distributor from imposing conditions on users and preventing them from further distributing the product. What this means, in effect, is that even if a commercial entity distributes an open source product at a given price, the purchaser can then make it available to others for free. Essentially, this forces distribution at no cost, or at the cost of distribution. So, open source software tends to be available at no cost.

This discussion applies to the software itself. There are many organizations that offer open source support, training, consulting, and other services, all of which have a price. Since software has virtually no marginal costs associated with additional copies, open source software tends to be free; however, open source services have significant costs like labor, marketing, and capital, and therefore are not free.

What questions should managers be asking their employees when the employees suggest using open source tools?
The most important question a manager should ask is, "How mature are the product elements our organization needs?" Because open source is so easy to download, many times implementation of the software begins before other important organization requirements like training, documentation, support, and so forth are considered. A formal process to assess the product in its entirety is important. The Open Source Maturity Model, described in Succeeding with Open Source, is a tool that enables IT shops to perform open source assessments. Without asking the question about the maturity of all the product elements, the organization runs the risk that it may be unprepared to support the product it has implemented.

What are the basic advantages and disadvantages of using open source software?
For most organizations the biggest advantages of open source are its low cost and control. We've talked about pricing already, but control can be just as important. Using open source, organizations have a lot more ability to use software in ways that work for them. They can implement as many copies as they want, rather than being limited to only installing on certain machines. Organizations can control how often and how soon they want to upgrade to a new version of the software, rather than being forced to move based on the vendor's plans. There's no vendor lock-in either, since the software is not usually provided by a commercial entity. Finally, the availability of source code means that, should it choose, the organization can modify the product to better suits its needs - no one-size-fits-all situation.

The downside to open source is implied by the answer to your third question. Open source is much more of an unbundled product compared to its commercial counterpart. The other product elements users can usually depend on (training, etc.) need to be found and assessed by the user organization. In effect, IT organizations need to take on an integration role. This integration responsibility is the flip side of the enhanced control described above: the control carries responsibility along with it.

There are so many open source software packages around. How do I know which ones are "ready for prime time"?
As noted, a formal process like the OSMM is important to determine if a given product is suitable for your organization. Relying on "buzz" or opinions expressed on product forums is dangerous because the organization's requirements aren't taken into account. Only by assessing all of the product's elements in light of the organization's requirements can it be determined if the product is "ready for prime time."

Which open source packages provide the greatest value for users in terms of overall capability and maturity?
This is a great question. Many organizations have realized excellent ROI on their Linux implementations and are eager to consider other open source packages, but aren't sure where to turn for other open source candidates. The broad coalition of major technology providers that endorsed Linux is not so obvious for other products, so it takes a bit more persistence to find good products. I call this search "reaching into second- and third-tier open source products," not so much because they're not good quality, but because they're not so well known. The best established of the lesser-known products are MySQL (www.mysql.com) and JBoss (www.jboss.org), both excellent candidates for the enterprise software stack. MySQL is a very fast SQL database, while JBoss is a fully certified J2EE application server.

The Apache Software Foundation (www.apache.org) is an umbrella organization for a number of valuable open source applications like Struts (Java Web applications), SpamAssassin (anti-spam software), and some Web services software like Axis.

Zope (www.zope.org) is an enterprise content management system designed to enable decentralized control of Web site content. Plone (www.plone.org) is a portal product built on top of Zope. Computer Associates has recently announced support for Zope and participated in the creation of the Plone Foundation.

Snort (www.snort.org) is a network Intrusion Detection System that helps organizations improve their security by doing network traffic and protocol analysis as well as packet logging and attack detection.

This is by no means an exhaustive list; there are over 80,000 open source products and it's impossible to keep up with all of them. The critical thing to keep in mind is that each of them must be assessed for maturity in light of an organization's requirements to ensure that the product in question will serve its intended purpose.

About Bernard Golden
Bernard Golden is the CEO of Navica.
bgolden@navicasoft.com