News Stay informed about the latest enterprise technology news and product updates.

Golden's Rules: Set your evaluation bar by OSS

Too many discussions of open source are carried on as if open source and commercial software belong to two different universes, and that an organization's choice must be either all open source or all commercial. Many times the decision to use open source is portrayed by open source skeptics as driven by ideology or a bias against commercial software products in general. In economic terms, this perspective is based on a belief that open source products and commercial products are not substitutable goods; in other words, that you can't use one or the other for the same purpose.

I believe that these rationales for using or not using open source are wrong. IT shops should choose the tool that best addresses their organizations' needs rather than being biased toward one type of product based on belief or prejudice.

Often, that tool will be an open source tool.

Let me take this argument to the next level: You can use open source and proprietary software for the same purpose, in many cases. In fact, IT shops should set the bar by the functionality of open source products whenever they do an evaluation. Why? Since, in almost all instances, open source is available at no cost. Any commercial product must be significantly better to be a viable choice.

The presence of an open source product in a market segment is a tremendous benefit for users. It ensures that commercial products must deliver important functionality and continue to improve as time goes on. Today, unfortunately, many commercial products fail to deliver real benefits in ongoing releases, preferring to compete by investing in unnecessary gee-whiz features or, even worse, "branding" efforts.

I believe that these rationales for using or not using open source are wrong.

Because of the direct involvement of users of the product in the product community, their real-world needs are implemented in open source products. The products improve over time to satisfy those needs. As open source becomes a more acceptable choice for users, it will have a salutary effect on their commercial brethren as well, as they will be forced to deliver the same functionality the low-cost alternative has. The competition posed by open source will raise the bar for all products and improve the entire market segment to the benefit of users.

Let's use a popular open source product, Snort, to illustrate my points. Snort is an open source intrusion detection system (IDS). It's widely used in used in TCP/IP traffic sniffers and analyzers.

NSS Group, a European network security testing organization, tested Snort and similar products from 15 major vendors. Snort, the only open source product tested, out-performed the proprietary products. Obviously, Snort is a good product, but it does have some shortcomings. Reviews, articles and users comments to me have revealed that Snort isn't easy to manage, is tricky to install and keep up to date and might not fit in well in complex enterprise environments. In short, it's a bit rough around the edges.

What this means to users is higher operational costs. Managing Snort takes more time and requires a more experienced administrator, both of which mean it is more expensive to operate than its commercial counterparts. To a certain extent, its cost advantage due to lower acquisition cost is at least partly diminished by the extra expense needed to manage it.

This is, unfortunately, all too typical of open source products. The reasons for this lie in the genius of the decentralized development methodology of open source. Because open source is usually developed by immensely capable engineers, they design a product that they are comfortable using, which may be more challenging for less capable users. Beyond this, it is not easy to methodically gather soft requirements for usability in a decentralized environment. There just isn't any way to capture formal usability information when there is no central place (or indeed person) to gather user feedback.

While this "roughness" is very common for open source products, responding to it is not an all-or-nothing proposition. My firm uses the Open Source Maturity Model to formally capture requirements and to get real-world feedback from organizational members learning and using products. With this model, we are able to evaluate how "rough" the product is and to determine if the organization can effectively use the product as it stands.

Where there is "roughness" or are shortcomings, there is opportunity for innovation. In the case of Snort, StillSecure (Louisville, Colo.) created a product, BorderGuard, based on Snort source code. Users say that BorderGuard has easy-to-use features, such as its user interface, product reporting capabilities, and installation from a single management console. In other words, BorderGuard has smoothed Snort's rough edges.

Because StillSecure can piggyback on the investment by Snort's community, it can focus its efforts on specific product areas. By contrast, the other vendors have to develop the entire product, which forces them to spread their investment across more lines of code. The outcome of this can be seen in BorderGuard's price; it is lower that many other commercial products. It gets more bang for its development buck, and can undercut its competitors as a result.

We will see many more open source-based products in the future, and this bodes well for IT organizations. Vendors will take advantage of existing open source products and extend them to improve their usability and manageability. They will focus a smaller engineering investment on adding important functionality and, as a result, be able to offer a lower-cost alternative than other commercial products. IT budgets will stretch further because of this trend.

Golden's Rule

The key issue for IT organizations is the same as it's always been: What is the right tool for the job at hand, taking into consideration all product requirements? Open source needs to be judged by the same standards as commercial software. Does the product in question have the necessary functionality, support, manageability, training, and so on? By considering open source as well as commercial products, IT shops will have more options, higher cost effectiveness, and more control.

Dig Deeper on Linux servers

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.