Does Heartbleed show it is time to 'corporatise' open source?

The exposure of the Heartbleed bug that causes a major security vulnerability in many websites has handed a gift to the anti-open source lobby.

One of the most popular claims boasted by the open source community is that its code is inherently more secure because anyone can read it, and anyone can spot flaws.

The fact that Heartbleed – a small but significant bug in the code for the widely used OpenSSL encryption software – had been in existence for at least two years without being spotted or fixed rather weakens that argument.

But open source should not be dismissed just because of this one problem, no matter how significant it may be.

We have moved on a long way from the time that for most businesses “open source” meant using Linux instead of Windows.

Major organisations are adopting open source both as a way to adopt “free” software and as a cultural approach to software development.

Channel 4, for example, has built its big data strategy around open source products and contributes back to the relevant development communities.

The UK’s Government Digital Service (GDS) has mandated that all software developed using public money should be published as open source – as a result, the New Zealand government is using the Drupal-based web publishing platform that GDS created for the Gov.UK website.

That sort of corporate backing for open source goes a long way to convincing IT leaders of its merits, and of the role it can play alongside proprietary products – which of course still have their place in the corporate IT infrastructure.

But there must be a danger – as demonstrated by Heartbleed – that open source hits a tipping point where the scale of use outweighs the resources of the community that creates it.

In local government in the UK, there is a growing body of IT leaders that would like to see open source products developed to replace the cumbersome legacy applications that the sector is locked into.

But trying to create a local government open source community to develop and support such products is a huge challenge that even a determined body of enthusiasts would have to take on.

Perhaps this demonstrates that in some areas, open source needs to have a more corporate approach – not from software vendors, but from its growing group of corporate users.

If IT leaders want to use more open source software, they will increasingly need to back that with resources – people and cash – to help support the wider community.

Corporates need to acknowledge that open source is not just a way to develop software, but a cultural approach to IT that needs their full support if they are to achieve the many benefits it offers.