How does open source pay?

As open source gains backers, its security is becoming more robust.

As open source gains backers, its security is becoming more robust.

You may have heard of a Scandinavian developer called Linus Torvalds. I remember a party with people tittering, "Do you know he invented a better operating system than Windows, then gave it away? Look at how rich Bill Gates is. This guy must be mad."

Why do open source developers give their code away free? Are programmers such as Torvalds genuine altruists? Or are they so deeply entrenched in the pizzas-and-programming world of the serious coder that they have forgotten the real worth of their work?

Neither is quite correct. They have motivations like the rest of us, and "open source" does not precisely mean "free".

It is true that open source code is freely downloadable and usable. Typically, the license under which this code is distributed - usually the general public licence (GPL), or GNU public license - even permits you to use the software for commercial applications.

In simple terms, a license fee only applies if you want to redistribute the software in a way that does not fit within the GPL.

So with open source software, the word "free" is meant more in the sense of "freedom to use and modify", rather than zero-cost. Open source developers still hold the rights to their code, but make their systems pay in different ways from authors of proprietory code.

Understanding the economics behind open source means getting your head around a different business model from the "keep it secret" principle of proprietory program code.

The open source model recognises that IT systems have more to them than just double-clickable programs on your desktop. There may be support, installation work, training, customisation, consultancy, hardware sales, online services, and more, which together constitute the whole solution.

It is a common misconception that open source means just Linux. This is like saying all cars are Fords. Linux is just the operating system that has captured the imagination and made open source famous. There are many open source resources, such as Apache (the world's most popular web server), Perl and PHP (programming languages) and MySQL, a database which is claimed to rival Oracle.

Swedish company MySQL allows the free download and use of its database, but charges a license fee to developers that package and distribute it as part of another application. This revenue model is seductive and MySQL appears to be on the road to significant commercial success.

Another example is Sun Microsystems' Openoffice, a product which aims to be an alternative to Microsoft's Office suite. Sun's aims are to facilitate the sales of hardware, and to move the market from a software-purchase to a services-driven business model.

The effect of big names behind open source products is helping the general acceptance of open source software in the corporate arena. These firms understandably want the reassurance that they are dealing with real companies, not just a sandaled, bespectacled techie from internet-land.

So, is open source software is safe to use? If other developers can look for weaknesses in the code, will this expose you to vulnerabilities if you use it?

Many developers and users will try to break the code, and look for security flaws and bugs. But there are more people interested in that code being made secure, resilient and fast than there are people interested in exploiting loopholes in others' systems.

This means that once weaknesses are identified, they quickly become public knowledge, and as soon as word gets back to the developers, it can be fixed. It is in the authors' interests to fix their code if they value their reputation. Open source bugs are therefore usually exposed quite early on in a product lifecycle.

Contrast this with proprietory software in which bugs they can lie dormant until the whole world has bought into the same system. It is up to a small number of privileged coders to foresee and fix vulnerabilities in the code.

I hardly need to name the viruses infecting the largely identical systems of the world in epidemic proportions, simply because vulnerabilities were identified too late.

Tony Butcher, is managing director of web site design company Tribal Internet,

Read more on Operating systems software

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.