"I believe that SaaS is a fundamental shift in software development and delivery and that it will be the defining mechanism for delivering new software applications in the future. Open source is revolutionary, but not for the user as much as for the developer. The user wants simplicity, and SaaS provides that."
On April 16, Doug Levin, CEO of Black Duck Software, gave a presentation entitled The State of Open Source Software and Corporate Software Development. This conference report presents the key messages and insights from the three sections discussed during the presentation.
Overview of Software Development
Section 1 of the presentation discussed how trends in software development have changed from the traditional waterfall method to a more hybridized approach that mixes proprietary and open source code. This shift has resulted in new benefits and risks. Software development that relies on open source software (OSS) entails benefits and risks. The key benefits include: i) lower cost of development; ii) adding the contributions of a community to an internal development group; iii) faster time to market; and iv) better code quality. The risks can be categorized into four types: i) code control; ii) operational; iii) complexity; and iv) security.
Customers of solutions delivered using open source are concerned about: i) managing feature creep and customer expectations; ii) poor documentation; iii) lack of support; and iv) hidden costs such as training, documentation, consulting, and license fees. Lowering the total cost of ownership (TCO) is about lowering the cost of providing a solution, not the cost of running code. Hidden costs should be included as part of the total cost of ownership equation.
Several key messages emerged from audience participation during this section of the presentation. These included:
- most OSS is based on software technologies which are commodities and succeeds when it becomes a usable product, not just project file filled with code that runs
- pitfalls of mixed code development include: i) loss of intellectual property; ii) export regulations; iii) security vulnerabilities; iv) escalating support costs; v) software defects; vi) license rights and restrictions; and vii) injunctions
- the life cycle of an open source vendor (OSV) is 2-3 years longer than the life cycle of a proprietary company (i.e., 7-8 years to exit); venture capital firms in Boston and California have adjusted to this
- agile programming methods sometimes cut out communications with users and prevent the incorporation of user feedback into the product
- in an engineering sense, open source code can not be considered components ready to be integrated because most are not packaged or have clean interfaces the decision to release proprietary code as OSS is complex. Many factors must be considered including: (i) selection of open source license, preferably OSI approved licenses; (ii) investment in staff, especially in community development management and development; (iii) changes in company's "DNA"
- the value of open source may be a function of our ability to mashup open source codes, web services, and home-grown code
- quality assurance for a final product now requires new techniques as product development has become a process of combining existing code with third party and OSS code
- OSS is now mainstream and innovators are combining OSS with services oriented architecture (SOA) software development is part of a development ecosystem; a company that ignores its development ecosystem does so at its own peril
- code reuse is good engineering
Trends in Software Development
Section 2 discussed how the new software development trends are creating new business opportunities. The current trend is a move towards software as a service (SaaS) as it provides savings benefits similar to those provided by thin clients. The value propositions provided by SaaS and PaaS (platform as a service) are clearer than the value proposition of OSS. The value proposition of SaaS is driving the adoption of cloud computing, an alternative to local servers or personal devices handling users' applications. Essentially, in cloud computing the technological capabilities "hover" over everything and are available to users.
Other key messages from section 2 include:
- open source as SaaS may provide attractive business opportunities
- the importance of managing software license compliance in mixed development environments is increasing
- venture capital funding for open source has hit an all time high in the US but remains non-existent in Canada
- venture capitalists used to fund old business models which were sprinkled with a bit of "open source fairy dust", causing friction with OSS projects as the main business model was dual licensing. Today we have more mature business models and more venture capitalists who are savvy about open source
- revenue models for software sales are shifting away from perpetual licenses to subscriptions
- Microsoft through its share code initiative is slowly moving towards the OSS model
Overview of Black Duck Software
In section 3, Doug provided a brief overview of the services provided by his company. Black Duck Software helps companies: i) avoid the pitfalls of mixed code development; ii) manage development work flow; and iii) reveal the unknowns in their code base. Their flagship product, protexIP, allows customers to confidently manage software origins and obligations; audit the code base against the approved components and simplify code reviews and third party licensing. Black Duck does not indemnify its customers as it is impossible to operate a real time system that spiders the whole Internet. The company does provide a standard warranty on the use of its software.