As I sit here in a hotel in Istanbul after spending time with partners and customers, I’m reflecting on the growing concerns expressed by both due to the open source evolution changing the market.
For customers, using open source offers the promise of something for nothing. For our partners, the perspective is quite different – they face the challenge of, yet again, stepping up to be a good trusted advisor. The partners have legitimate doubts about actually getting something for nothing and struggle to find the best way to advise customers on open source use.
I believe the real problem is that this change in the market around using open source has crept up on us. Like many things that suddenly pass the desk of the CIO, this shift into large scale open source use is driven by individual decisions, not any explicit changes in company policy.
Open Source Evolution
Originally, company policy regarding use of open source started as denial. The original inclination was eject it, keep it out of the company. This isn’t unusual – look at early smartphone policies, which denied personal devices access to company email. But human nature found a way, and most companies not only allow personal devices to access company email, but require it (or at least the immediacy and availability that seems to go with that access). Developers use open source because it is free to access, fulfills the requirements, saves time and increases efficiency. It’s pretty difficult to deny developers access to something that offers so many obvious advantages.
Now, as customers are suddenly wrestling with the idea that 40% (or more) of their application is made up from someone else’s code, the light starts to come on. Initially, they want to establish what exactly is in their code… provide a scan… an audit… a manifest. Around that time, they realize that they need to know not only what the developers say they put in, but what open source actually is in the code. Essentially, they want a bill of materials showing the open source components, including the versions and licenses in use.
Next, customers may come to a moment of realization. Not only do they need to make sure that they are complying with the licenses for the code in use, but they need to look at the potential vulnerabilities in their code. The next step is to fix compliance issues and prioritize any possible vulnerabilities and resolve them. Finally, they need to find a way to make sure that they are prepared for license changes and newly discovered vulnerabilities, and can resolve them without hitting the panic button.
Of course, a good trusted advisor has the answers to all of these questions. They can help prioritize the license and vulnerability issues that are highest risk, offer remediation advice, and help their customers set and implement open source policies based on each individual company’s acceptable risk levels, ensuring that the right people are involved in developing the exception process.
My advice to partners who are watching open source marching across their customers roadmap is simple: don’t fear the loss of a customer, celebrate the opportunity to help your customer navigate safely through this open source evolution – by maintaining visibility into their code.
The post The Open Source Evolution – from the Partner Perspective appeared first on Open Source Delivers.