Comment Articles

Why choose open source?

Tags:
Proprietary Software,
Open Source

John Carroll ZDNet.com

Published: 01 Jun 2004 16:40 BST

This is part three in a four-part series of articles that is roughly a response to "The Magic Cauldron," the seminal work on open-source economics written by Eric Raymond. This instalment discusses Raymond's "five reasons" for choosing to create or use open-source products. (You can find part one of this series, How the software economy is driven by proprietary work, here, and part two, Open source vs proprietary: Both have advantages, here.)

The first two reasons are related to each other, so I'll list them together:

a) Reliability / Stability / Scalability are critical b) Correctness of design and implementation cannot readily be verified by means other than independent peer review

Item a) assumes that reliability, stability and scalability are better delivered by open source. This is often based on the notion that the public nature of an open-source product enables thousands of eyes to pore over the code. This makes it more likely that problems will be found, leading to more bulletproof code.

Scalability depends on proper design and the application of good ideas which relate to the construction of scalable systems. Though some might disagree, open source doesn't have a monopoly on good programmers capable of making good designs. Will they be more likely to produce such good designs when they don't have a financial interest in the outcome? Empirically speaking, proprietary software has taken the lead in scalability, as proprietary Unix was considered more scalable until only recently (and the big Unix implementations still tout themselves as being more scalable in enterprise computing environments than Linux).

Regarding reliability and stability, finding flaws assumes "the community" truly scans the code for errors. Big projects might manage that, but smaller projects would have a harder time given their inability to attract developer attention. Witness the proliferation of "open-source orphans" in the Sourceforge database. The open-source nature of such projects is not in itself a guarantor of reliability or stability.

Furthermore, consider that proprietary software historically has done a much better job of providing the features that matter to ordinary consumers than open-source software. As noted in the Theory section, this is necessarily true, as proprietary companies are the only entities with the close interactions with customers required to discover these features, not to mention the financial resources to orient developers towards those needs.

What will be the track record of companies that view security as a feature? I'm not suggesting that there isn't advantage to publicly vetted code. There is. On the other hand, there are also advantages to be derived from companies with financial incentives to solve problems as quickly as possible. Microsoft appears to have succeeded in this regard, managing the shortest time between the announcement of a vulnerability and a fix. Furthermore, Microsoft's Trustworthy Computing initiative is an unprecedented effort to apply the revenue of a profitable software business towards the construction of a more secure operating system.

In other words, I think the jury is still out whether open source is inherently more secure than proprietary software. Publicly vetted code has certain advantages, and large companies such as Microsoft could benefit from that by endeavouring to release more source code. On the other hand, proprietary software's track record in the realm of features could translate into more secure proprietary operating systems when consumers (due to the internet) actually demand security.