Trickle Down Open Source
As Linux, and open source in general, enters into its third decade, we are finding that many of our initial assumptions should be readjusted. Software such as Linux and MySQL are no longer the scrappy outsiders rebelling against the Death Star of proprietary code, but rather a force all their own.
Not too long ago, one of the prevailing worries was that the large software and cloud companies would suck up all the open source software, make money selling it into enterprise IT, but leave the work of maintaining said software to the independent volunteers.
Well, the first part of that forecast has certainly come true, as everyone from Red Hat to Amazon Web Services uses open source software as fundamental components in their services and offerings. But, as it turns out, they also contribute heavily to the open source ecosystem as well. In fact, they have to in order to stay competitive, argued Wim Coekaerts, senior vice president of software development at Oracle, which is certainly one of the companies that benefits from free and open software.
Coekaerts made his case on stage at the Linux Foundation’s Open Source Summit, held in Seattle this week.
“One of the nice things with open source is that it forces companies that rely on it to actually contribute. If you don’t go upstream, you basically screw yourself long-term. You have a lot more work to do on maintenance,” he told the audience.
Software companies and cloud services are in a competitive market, and they must rely on open source to get their back-end operations up and running as quickly as possible. And once the developers get the service up and running, they will need to maintain it. As a result, “They really have to keep up with the upstream releases. No matter what the product is there are security updates, there's new functionality. And if folks don't contribute patches back upstream, it becomes harder and harder to maintain and house.”
There’s also the issue of responsibility. When something goes wrong with the software that a company is repackaging, the company can’t exactly shift the blame to some other party. Enterprises pay companies for, among other things, “a throat to choke” when something goes wrong.
“If your servers are compromised, it’s your customers, right? And you're losing face. So whenever these bigger companies are using open source components in their stack, they really have to take ownership of that and make sure that that's really well done,” Coekaerts said. And the only way to ensure security in these high-priority environments is to push fixes upstream as quickly as possible.
Certainly, this is true of Linux. In the latest survey of who contributed to the Linux kernel, Red Hat, IBM, Intel, Samsung, Oracle and Facebook all offered considerable updates.