Understanding Open Source: Have Open Source Models Reached Traditional Business?

I've been working at Acquia (a start-up commercializing open source Drupal) for almost a year now. It's been a valuable experience working with open source because it follows in the same founding principles of the internet: facilitating collaboration and free, open flow and sharing of information through connectivity. Witnessing the growth of the Drupal community, and open source in general, has really opened my eyes to the power of crowdsourcing innovation and technology.

The results of these open models are very disruptive. They create brilliant technology such as Linux, MySQL, PHP, and Drupal while reducing the adoption costs of these technologies by licensing under a General Public License.

But, I sometimes wonder what percentage of the population truly understands the importance and significance of open source and crowdsourcing. Or, if lawyers and traditional corporate executives understand the underlying principles and why these models are successful. Users of Drupal clearly do, but there's a larger population that still needs to be educated and convinced.  

<!--break-->

We see this often when lawyers review contracts and legal documents pertaining to using an open source technology such as Drupal. Sometimes the questions they raise are redundant and generally pertain to a misunderstanding of the General Public License. Like most legal questions, they stem from fear and misperception that they're adopting a software model that increases risks. When in fact, it reduces risk by reducing vendor lock in and price while increasing the flexibility and feature offering of the software. Open source CMS platforms like Drupal actually help companies stay on top of the latest technology trends on the web. For example, someone built a Twitter module days after Twitter came out. Now there are over 4,000 different modules that provide a diverse and growing array of additional functionality that you can add to your site.

I'm straying from the main point here, but its difficult to not come back to the benefits of open models. In the same way legal misunderstandings provide a hurdle for adoption, security concerns add another layer of complexity.

Security is another concern that stems from a misunderstanding of open source based models. Because the code is freely available to anyone, people first naturally assume that this will create security vulnerabilities that would provide hackers with windows and insight for hacking into, say...the company's website. Although, it depends on the software (some communities take it more seriously than others), the general argument is that open source software is generally more secure than propreitary software.

A partner from Foley and Lardner's Information Technology & Outsourcing Practice explains in a past article, Open Source: Is it inherently more secure than proprietary software?:

Proprietary software, on the other hand, is generally developed by a single company, with the source code being strictly protected. One of the most significant distinctions between the two types of software is that open source is generally provided completely as-is, with no contractual protections whatsoever. Licensors of proprietary software, in contrast, generally provide at least basic warranties, indemnities, and other contractual protections.

Many people argue open source software is inherently more secure than proprietary software. This is because the source code for open source software is readily available and, if the application is popular, will be reviewed by many different people. This is the “many eyes” theory of security, which has been used very successfully in the area of encryption for many years. Whenever a new encryption algorithm is proposed, its specifics are frequently publicly disclosed with the express intent that many people will carefully scrutinize the algorithm for potential flaws. This generally leads to far more secure encryption algorithms than those that are not publicly vetted. The same thinking is applied to open source software: if the source code is made available for public review, it should be more secure than proprietary software because more people (i.e., not just the original developers who may suffer from a severe case of myopia) will review the code for potential security risks.

Crowdsourcing and opening transparency of security may also be disruptive model and could be an emerging trend.

During President Obama's inaugural speech, we asked if secret security could be crowdsourcedby using Microsoft's Photosynth. The technology can piece together thousands of pictures to create a 3-D rendering of a crowd that security officials can use to peruse massive venues without the need of video cameras in every conceivable location.

While security will always remain a concern for any technology, some take it more seriously than others. The Drupal community understands the importance of open source security and tackling these concerns. They're one of the first open source CMS projects with a dedicated security team.

Dries Buytaert, creator of Drupal (he started open source project while in college), explains his  approach to handling security by distributing the workload throughout the community. Compared to propreitary software where security may be limited to a small team of developers, a larger, more diverse population will likely be able to find more security vulnerabilities. This is the general concept of uTest and discussed the concept in an interview with it's founder Doron Reuveni. There's certainly many synergies that can be created by merging models and even working together. But to get started, take a look at Dries' explanation of the path forward:

I think our path forward is this: first, focus on creating security tools that are available to all developers, and integrate these tools seamlessly into the developer work flow. For example, instead of having the security team write all security advisories, provide module maintainers the tools to author their own, through the release management interface, within guidelines established by the security team and enforced with code. Secondly, once the tools are in place, the security team must focus on educating people about how to use them, on creating security best practices, and on holding module maintainers accountable for taking security issues seriously. There is a big role for the security team after the tools are in place, but personally fixing security vulnerabilities should become a secondary goal.

In other words, the security team should consider how every module maintainer can become responsible for managing their own security issues and publishing their own security advisories. By distributing the workload, we scale the security team to work within any size community, and we move the security team -- and Drupal's security model -- to the next level.

The fallout of the news industry may be a by product of more open, crowdsourced news sources. However, it's apparent that even in revered legal thought legals are now getting things wrong.

One of the most shocking and jaw-dropping misunderstands of the web and open distribution of news (Blogs, Twitter, etc.) is a recent proposition from Richar Posner. He's one of the United States Court of Appeals judges, a legal scholar who has been considered a potential nominee for the Supreme Court, and considered to be one of the great legal minds of our time.

TechCrunch points out Posner's proposition to save newspapers by outlawing linking to copyrighted material.

Expanding copyright law to bar online access to copyrighted materials without the copyright holder's consent, or to bar linking to or paraphrasing copyrighted materials without the copyright holder's consent, might be necessary to keep free riding on content financed by online newspapers from so impairing the incentive to create costly news-gathering operations that news services like Reuters and the Associated Press would become the only professional, nongovernmental sources of news and opinion.

You don't need a law degree to know this would be a terrible decision. It goes against all principles of Net Neutrality and open principles of sharing information, code, and knowledge through the web.

The reduced costs of starting a web-based media news portal or any type of web based publishing platform has made it more difficult for newspaper and publishing companies to make money because many more people are reporting news by starting their own blog or media site. Newspapers aren't the primary source of news any more. The general public is. The growth of open source CMS platforms such as Drupal, have made this possible.

I'm not saying that open source is responsible for the decline in Newspaper profitability because there are many other factors, which I'm sure you've read about frequently on blogs, newspapers, and the like. The problem is that newspapers haven't learned to innovate in parallel to emerging web technologies and open based models.

They're slowly learning by adding blogs and portals where the crowd and participate in news generation. But are they doing enough?

Utilizing a more open and crowdsourced based approach can actually reduce overhead costs and potentially add to the bottom line. Are they doing this quick enough?

The survival of the newspaper industry might depend on those two questions.

But, it goes to show that the increasing open and transparent nature of the web and open source based models are very disruptive. Small ripples, logical innovation, and crowdsourced based approaches are widdling away traditional models.

If this is the case, how much of the general population truly understands these open source based approaches? Has the majority caught on? Or are traditional companies and management still learning how to truly adopt and utilize open models.

These are probably some of remaining hurdles before open source CMS platforms like Drupal can cross the chasm and truly become mainstream. I have faith that Drupal will continue to infultrate the enterprise market. The trend certainly suggests it will as its adoption, the number of websites built off the technology and community double, and use of the software for more mission critical, highly trafficked websites such as Recovery.gov use the platform.

What do you think? Join us in our poll below...

[If you're using Drupal, I would love to hear your thoughts on open source based models, Drupal and its adoption, and how your using open based models to accomplish business goals. Feel free to shoot me an email at alex.lindahl [at] acquia.com. I'd love to include some of your thoughts in another article.]