After decrying an open source survey issued last month from BlackDuck Software as somewhat simplistic and contrived in its initial presentation of facts, I’m pleased to say that we have a direct response from the company.
Speaking to Black Duck’s Peter Vescuso who is the company’s executive VP of marketing and business development, the Computer Weekly Developer Network offers this short punchy Q&A to provide some insight into what software applications developers really need to know when it comes to some of the most pertinent issues found at the open source coding coalface.
CWDN: Without diving too deeply into code listings and commits, what do software application developers really need to consider when it comes to enterprise-grade open source usage, implementation and deployment given the existing “total proprietary stack” that may face them at the outset?
Peter Vescuso: This isn’t really a ‘stack’ issue as much as it’s a process issue. It speaks to one of the eternal challenges in development: development managers, especially in enterprises, need to be on top of all code from all sources.
It’s common among software developers to do a quick web search to find code components rather than re-invent the wheel, which is how a lot of open source makes its way into enterprises.
The challenge then is to track it and manage its use. Better yet, be proactive, and plan its use – you know you don’t want to write yet another XML parser when there are dozens available – and source it carefully, paying attention to the code contributor’s wishes as expressed in the component’s license.
So for developers to use, implement and deploy open source effectively, it’s useful to have an enterprise policy governing the use of open source, with processes to guide code sourcing, selection, implementation and deployment.
Survey finding: Respondents in the company’s open source survey predicted that the top two trends for open source by 2015 will be the adoption of OSS in non-technical segments (e.g., health care, automotive, government) followed by general enterprise adoption, reflecting maturation in the OSS segment.
CWDN: Which non-technical segments are currently leading adoption of open source? What barriers or obstacles will need to be overcome for the predicted general enterprise adoption by 2015?
Peter Vescuso: Stand out segments include health care, financial services and automotive. In automotive, the GENIVI Alliance, what we call a super-community, is driving OSS use in the ‘headunit’ – the entertainment and navigation systems. We also see use of OSS in other parts of the vehicle, including body dynamics (proximity sensors). Where we’re not seeing it as much is in engine management and braking, two critical safety systems. We think this can be attributed to one of the misunderstandings about OSS, i.e., that code quality isn’t sufficient. Interestingly, this year’s survey points to code quality as one of the top three reasons for adopting OSS. The answer is more and better education of players in the automotive ecosystem. We think this observation can be generalized to include health care and other industries.
Survey finding: Nearly half (43 percent) of respondents named “project maturity” as the most important factor when choosing an open source project for integration into a product or service.
CWDN: Can you provide more in-depth detail as to what developers mean by “project maturity?” What are the characteristics of a mature open source software project that 43 percent of developers taking the survey said was the most important factor for them?
Peter Vescuso: A mature open source project has an active group of committers – how large a community is desired is a point of debate although communities with a handful of developers won’t inspire confidence for many, but a dozen or more can be sufficient — frequent updates or commits, and a very involved project lead.
An active community of contributors helps maintain code quality. In addition, where the project is hosted – the repository – appears to contribute to developer interest, which drives advances in the project and contributes to maturity. Finally there’s adoption. Mature projects like Drupal and Hadoop are used widely, and also benefit from commercial support (HortonWorks, Acquia.)
Black Duck Software’s core suite of products (Code Center, Export and Protex) aim to address the management, compliance and security challenges associated with enterprise scale adoption of open source software (OSS).