Jürgen Fälchle - stock.adobe.c

Open source adoption faces reality checks

Industry leaders lauded the power of open source to drive innovation but warned that its adoption requires significant effort, due diligence and a clear understanding of inherent complexities and licensing challenges

The power of open source software to drive innovation and support software development was a central theme at a panel discussion at the recent ATxEnterprise conference in Singapore, but industry leaders were quick to temper enthusiasm with warnings about its inherent complexities and costs.

Saju Pillai, senior vice-president of engineering at Kong, an open source software company known for its application programming interface (API) gateway, noted the considerable effort required to build open source software.

“It takes a lot of energy to pull an open-source project off the shelf and run your production workloads on it,” he said. “If you make a mistake in your code or break an implied promise, it can be quite damaging to someone who’s using it, like a large business or public infrastructure that’s running on your product.”

Shubham Agnihotri, chief manager for generative artificial intelligence (AI) at India’s IDFC First Bank, pointed to the work that needs to be done before open source software can be deployed, particularly in regulated industries.

“Being in a bank, we are thrown with a lot of compliance and security challenges that stop us from using it off-the-shelf, so there’s a lot work on the developer’s end,” he said.

Pillai also made the distinction between open-source projects and software products, which are more often associated with proprietary software: “When you think about open source, you have to think ‘project’. But when you think about the closed sourced solutions, it’s more about the product, which comes with warranties, security robustness and so on.”

He advised organisations to consider when an open-source project suffices versus needing a commercially supported product, which might itself be built on open source.

Sunny Bains, chief architect at PingCap, an open-source database company, pointed to control as a key driver for open source adoption, adding that companies do not want to be beholden to the release cycle of proprietary software companies.

“If there’s a bug, they’re not going to wait for that,” Bains said, echoing Richard Stallman’s original motivation for driving the free software movement where developers can fix things themselves, adding, however, that if not done right, free and open source software can be costly in terms of security and reliability. 

To mitigate the risks of open source adoption, Harpreet Singh, chief technology officer at Watermelon Software, a software reliability platform, advocated for “layers of assurance”, such as integration testing, scalability and reliability checks: “If you miss even one game, you’re open to threats and other implications.”

Licensing can also be a challenge with open source. Singh asked: “Do people really understand open source licensing?” He recounted an experience where the licence of a core open source component in Watermelon’s platform had changed, forcing the company to use an earlier version of the software.

“While you embrace open source, your architecture and design should be fluid enough to be able to take some jolts,” Singh said, adding that this is why commercial versions of open source software exist to offer insurance for enterprises.

Pillai said Kong has a formal process to govern the use of open source software: “When our software bill of materials changes because a developer decides to pull in a library, the associated licence goes to a legal and compliance team for approval before we’re allowed to use it.” 

Bains was unequivocal that open source licensing can be a minefield, adding that PingCap has donated its core scalable storage technology to the Cloud Native Computing Foundation (CNCF) to provide customers with licensing stability.

The discussion also touched on the impact of generative AI (GenAI) on the open source world. While acknowledging its potential, the panellists urged users to verify its outputs.

“With AI hallucinations, how do you know what’s being churned out is great?” Singh said. “AI-generated code potentially needs some kind of additional assurance.”

Agnihotri shared his experience with using AI to convert code written in a monolithic architecture into microservices. “It looked really beautiful, but did it work? No, it’s still not there yet,” he said.

Pillai predicted a shift in developer roles due to AI: “Developers, instead of writing code, will start leaning more into becoming reviewers of code.” Bains added that PingCap uses AI to boost productivity, particularly for “level minus-one support”, helping to answer frontline questions and reducing the burden on support teams. 

Ultimately, the panel agreed that while open source is an indispensable engine for software development and innovation, its adoption requires organisations to invest in due diligence, security and ongoing management, so they can harness its benefits without succumbing to its potential pitfalls.

Read more about open source in APAC

Read more on Open source software