Skip to main content

skip to main content

developerWorks  >  Rational  >

Book review

Succeeding with Open Source

developerWorks
Document options

Document options requiring JavaScript are not displayed


Rate this page

Help us improve this content


Level: Introductory

Ricardo Balduino, Rational Unified Process Content Developer, IBM

15 May 2005

from The Rational Edge: This review focuses on a book that discusses how companies can use open source software to optimize their IT investments.

by Bernard Golden
Addison-Wesley, 2005
ISBN: 0-321-26853-9
Cover Price: US$39.99
242 pages

Today's lower IT budgets are forcing organizations to find ways to reduce project costs without losing their competitiveness and sacrificing the quality of their products and services. In their quest for solutions, many IT organizations are turning to open source products for their projects and infrastructure. However, evaluating these products often raises questions:

  • How can we have confidence in a product that offers something for nothing?

  • Can we really trust in software developed by volunteers?

  • Where can we find technical support, documentation, training, and professional services to successfully deploy the software?

Succeeding with Open Source addresses these questions. It proposes a maturity model that IT organizations can use to evaluate open source software as well as ways companies can make money "selling" open source software and support services.

What is open source software?

Open source software differs from commercial -- or proprietary -- software by making its source code available to users. It is referred to as "zero-priced" software, which means there is no cost for distribution in most cases. You are free to download it and either use it "as is" or modify it to accommodate your needs.

The software is created by volunteers, in most cases highly committed developers around the world who are motivated by intellectual curiosity and a desire to improve their skills. Developers from organizations using open source products also participate in the worldwide open source project -- to make these products work better to meet their employers' needs.

Formed by developers, the open source community is open to any users interested in participating. The user community's size and activity level directly impact an open source product's maturity.



Back to top


Open source business models

Although it might seem counterintuitive, companies do make money selling open source products, as this book explains. Their profits are based on a few different business models:

  • Early model -- CD distribution of Linux. Instead of downloading Linux directly, users were able to buy CDs for installing Linux.

  • The next model -- installation, technical support, and consulting. Open source businesses started to offer aggregated value to less technical users.

  • The new models -- open source as a competitive advantage. Incorporating open source software into a product (e.g., as an add-on to an existing open source product) can help an organization reduce time to market and/or the investment needed to create the product.


Back to top


Open source risks

Succeeding with Open Source also describes potential risks IT organizations should consider when deciding whether to use open source, either in their infrastructure or as a starting point to create a product.

  • Licensing risks. Open source licensing is different from commercial software licensing. Although open source licensing seems less restrictive -- by encouraging redistribution and making source code available -- it also imposes responsibilities. Being clear about how you intend to use open source software can help you address licensing risks, which include:

    • Hijacking developers' efforts. Open source is built through volunteer efforts. Organizations should take care not to brand or sell products resulting from these efforts without conducting a careful investigation and instituting formal contractual arrangements if necessary.

    • "Viral" licenses. Some open source code licenses require that derivative work incorporating that code must also be made available as open source. However, products that execute on top of open source are not "infected" by this type of license (e.g., a database running on Linux does not have to be open source). Less restrictive open source product licenses encourage the product's use without imposing onerous conditions on users.

    • Asymmetrical license risk. Organizations (e.g., a software vendor) should be aware that their licensing risks will rise if they incorporate open source code into a product intended for redistribution. If they plan to use the open source software internally only, with no intent to distribute it, the risk is quite low.

    • Security and quality risks. An organization might be worried about both quality and security vulnerabilities that have potential operational and financial consequences, or may even expose the company's infrastructure and proprietary data. Many of these risks are not unique to open source, which may actually carry lower risks, because the source code is available for anyone to inspect.

    • Premature commitment risk. Ease of download and installation could result in product proliferation inside an IT organization, in turn raising operational costs and ruining standardization efforts.

    • Unchanging process risk. Processes for selecting, procuring, and implementing commercial software have been in place for many years. IT organizations may need to create new ones for dealing with open source software.


Back to top


The Open Source Maturity Model

Golden explains that IT organizations demand a certain level of maturity for software products before they will consider putting them into production. He identifies two types of users:

  • Early adopters who are comfortable using "unfinished," cutting-edge products that might give them a competitive advantage.

  • Pragmatists who prefer to wait for mature products backed by full feature sets, high quality, market longevity, good support, and robust behavior. These users represent the vast majority of any technology market.

Naturally, the pragmatists have been less aggressive than early adopters about moving to open source. Golden sees this as a mistake that may permanently place the pragmatists far behind in a competitive marketplace.

To help IT organizations evaluate the maturity of the plethora of available open source products, Golden proposes a formal methodology with a standardized analytical framework. He calls this the Open Source Maturity Model, or OSMM. By applying this model, Golden claims, an organization can more easily identify open source products worthy of further testing in a pilot project and future adoption in the production environment.

OSMM assesses a product's maturity in three phases:

  • Phase 1: Assess element maturity. This involves assessing the maturity of each element: product software, product integrations, documentation, support, training, and professional services. Each element is assigned a maturity score via a four-step process.

    • Step 1 -- Define organizational requirements. Determine what functionality you need, based on your organization's purpose.

    • Step 2 -- Locate resources. Determine whether necessary resources -- such as an approved partner -- are available to assist your organization in implementing the open source software.

    • Step 3 -- Assess element maturity. Determine where the element lies on a maturity continuum -- from nonexistent to production-ready.

    • Step 4 -- Assign an element maturity score. Assign each element a score from 0 to 10 that you can use to document organizational consensus.

  • Phase 2: Assign weights to each element maturity score. Assign a weight to each element's maturity score that reflects its importance to overall product maturity. For example, documentation maturity might be less important to the product's overall maturity assessment than the maturity of available professional services.

  • Phase 3: Calculate the product's overall maturity score. Add up the element scores to yield an overall product maturity score on a scale from 0 to 100.

Table 1 shows a template for recording assessments.

Table 1: Assessment template for the OSMM

Phase 1Phase 2Phase 3
Define RequirementsLocate ResourcesAssess Element MaturityAssign Element ScoreAssign Weight FactorCalculate Product Maturity Score
Product Elements
Product Software
Support
Documentation
Training
Product Integrations
Professional Services

Although the OSMM provides a solid foundation for the decision-making process, it does not preclude a more detailed evaluation, such as a pilot project. Golden recommends minimum scores that vary according to whether the organization is an early adopter or a pragmatist:

  • A low score (25 to 40) suggests that the organization should experiment with the product / technology.

  • Mid-range scores (40 to 60) warrant applying the product in a pilot project.

  • High scores (60 to 70) indicate the organization is ready to apply the product in a production environment.


Back to top


Conclusion

This book is useful for a wide audience. Part I (Chapters 1, 2, and 3) is a sound introduction for people who know very little about open source and want to understand what an open source project is, what the business models are, and what risks are associated with using open source products.

I would definitely recommend Part II for software professionals interested in assessing open source products. Chapter 4 introduces OSMM, and Chapters 5 through 10 discuss in detail how to assess each of the open source product elements: the product itself, technical support, documentation, training, integration with other products, and professional services, respectively. Chapter 11 walks readers through an OSMM analysis for a Java-based, J2EE-compliant application server product called JBoss, which is a real-world application. Although Succeeding with Open Source does not cite any real-world examples from companies that actually apply OSMM to assess open source products, the methodology seems highly credible, and the hypothetical examples make for interesting reading.



About the author

Author photo

At IBM Rational, Ricardo Balduino is a senior software engineer and IBM Rational Unified Process,® or RUP,® content developer. Previously, he spent four years as a software engineering specialist at IBM Rational in Brazil, delivering training and consulting services to customers in various industries and helping organizations to customize and adopt RUP. He has also developed software for financial services, industrial process automation, and other specialties. He holds a B.S.in computer science from the University of Sao Paulo State, Brazil.




Rate this page


Please take a moment to complete this form to help us better serve you.



 


 


Not
useful		Extremely
useful
 


Share this....

digg Digg this story del.icio.us del.icio.us Slashdot Slashdot it!



Back to top