The document discusses the real costs of open source software for enterprises. While open source provides benefits like reduced costs, increased innovation, and improved quality, it also presents risks if not managed properly. These include a lack of documentation, unknown license obligations, slow response from communities, difficulty attaining expertise, and lack of commercial support. The document advocates managing these risks by conducting open source audits, identifying where support is needed, monitoring for security updates, and maintaining vigilance over open source software usage.

1. 1© 2016 Rogue Wave Software, Inc. All Rights Reserved. 1
Top open source lessons
for every enterprise
Episode 2:
When is free not free: The true costs of
open source

2. 2© 2016 Rogue Wave Software, Inc. All Rights Reserved. 2
Richard Sherrard
Director of product management
Presenter
Rogue Wave Software

3. 3© 2016 Rogue Wave Software, Inc. All Rights Reserved. 3
Poll #1
What percentage of your mission critical software is open source?
A: 0 to 25%
B: 26 to 50%
C: 51 to 75%
D: 75%

4. 4© 2016 Rogue Wave Software, Inc. All Rights Reserved. 4
Agenda
1. An explosion of open source
2. Real cost of open source
3. Managing the risk
4. Summary
5. Q&A

5. 5© 2016 Rogue Wave Software, Inc. All Rights Reserved. 5
An explosion of
open source

6. 6© 2016 Rogue Wave Software, Inc. All Rights Reserved. 6
Open source evolution
OSS in the enterprise
1980’s
Freeware/
shareware
BBS
GPL
Unaware
1990’s
“Open source”
Apache,
Tomcat,
JBoss
PHP, Python,
Ruby
Linux
Early tests
2000’s
FUD
OSS company
explosion
Insurance
plays
Git
Android
Keep out!
2010’s
Package
explosion
GitHub
ascension
Full speed
OSS adoption
Docker
Swift
Adoption
2016
“OSS first”
policies
CentOS in
enterprise
Cloud OSS
Cognitive
computing
Ubiquitous

7. 7© 2016 Rogue Wave Software, Inc. All Rights Reserved. 7
Innovation drives open source adoption
 Open source components provide critical functionality
 Improves developer productivity
No license fees
 “More eyes” can improve quality & security as long as static
and dynamic analysis are also used
Leveraged development effort
 Apache, Tomcat, Wildfly, Jakarta Commons, jQuery
 Communities continuously improve features
Mature, commoditized applications and libraries
Community peer review

8. 8© 2016 Rogue Wave Software, Inc. All Rights Reserved. 8
Poll #2
What do you see as the biggest benefit you
get from using open source?
A: Innovation
B: Cost
C: No Vendor Lock-in
D: Quality
E: Security
F: Other

9. 9© 2016 Rogue Wave Software, Inc. All Rights Reserved. 9
Leverage the benefits of OSS
“Open source is the way of the future. Yes,
there will always be software companies
that make money from software; however,
open source is an excellent way to get a
quality product.”
– Andrew Carr, enterprise architect,
in Stack Overflow
"While CIO’s may be wary of OSS, they
realize that using it and contributing to the
open source community attracts bright
young minds, and may lead to kudos for
the organization."
- CIO Magazine
Innovation
Quality
Cost
Security
No vendor
lock-in

10. 10© 2016 Rogue Wave Software, Inc. All Rights Reserved. 10
Growth of open source
Use of open source continues to grow
at an extreme pace
90% of companies use
OSS components in
commercial software
(Gartner)
>80% of a typical Java
application is open-
source components and
frameworks
(TechCrunch)
11 million developers
worldwide make 13
billion open source
requests each year

11. 11© 2016 Rogue Wave Software, Inc. All Rights Reserved. 11
Open source crossed the chasm
99%
of Global 2000 companies are using open
source in mission critical applications

12. 12© 2016 Rogue Wave Software, Inc. All Rights Reserved. 12
Real cost of open source

13. 13© 2016 Rogue Wave Software, Inc. All Rights Reserved. 13
Real cost of open source
Acquisition Implementation Production
Package
choice
Package
configuration
and set up
Production
downtime
Documentation
is sparse or
inaccurate
Unknown
license
obligation or
conflict
Slow
response
from
community
Version
maintenance
Developer
training

14. 14© 2016 Rogue Wave Software, Inc. All Rights Reserved. 14
Acquiring open source
Package selection
Developer skill sets & training
Architecture design

15. 15© 2016 Rogue Wave Software, Inc. All Rights Reserved. 15
Implementing open source
"Unchecked tactical adoption of OSS creates
unmanaged risk and unrealized returns,
and application development professionals should
not tolerate it."
Configuration & setup
License compliance
Documentation
Development issues

16. 16© 2016 Rogue Wave Software, Inc. All Rights Reserved. 16
Open source in production
"The way to think about it is that support is
unbundled (from the software) but widely
available."
Production downtime
Community responsiveness
Version maintenance

17. 17© 2016 Rogue Wave Software, Inc. All Rights Reserved. 17
Poll #3
How do you support your open source today in your organization?
A: Every developer supports themselves
B: Reach out to community for help
C: Internal OSS support team
D: Contracts with commercial support vendor
E: Not sure

18. 18© 2016 Rogue Wave Software, Inc. All Rights Reserved. 18
Risk of OSS

19. 19© 2016 Rogue Wave Software, Inc. All Rights Reserved. 19
Risk of open source
Open source software is “Free as in free speech, not free as in free lunch”
How do you manage OSS risk?
Poor
documentation
Incorrectly
advertised
features
Major security
vulnerabilities
Difficulty attaining
internal
knowledge
When OSS misbehaves in your critical infrastructure, the damage could end up
costing more than commercial solutions
No commercial
support

20. 20© 2016 Rogue Wave Software, Inc. All Rights Reserved. 20
Risk: How open source is different
Navigate complex OSS packages
requiring broad and deep expertise
Who do you call when your “mission-
critical” open source application has an
issue?
Developers have to negotiate wasted
cycles and downtime while waiting for
fixes from the community
No formal training provided on the OSS
package
Developers do not have anyone to help
with risks and development pitfalls
You are dependent upon the OSS
communities to provide you help and
fixes

21. 21© 2016 Rogue Wave Software, Inc. All Rights Reserved. 21
Managing the risk

22. 22© 2016 Rogue Wave Software, Inc. All Rights Reserved. 22
Managing the risk
OSS Maturity state
Past
Didn’t understand OSS
“Don’t worry, it’s free”
Low grade noise on
licensing
Unaware
Present
Security is making
headlines
Licensing lawsuits
Reactive
Intermittent attention
(Un)known unknowns
Experimentation
Near future
More diligence in
supporting production
Visibility into OSS use
Open source
experience is a hiring
attribute
Intentional

23. 23© 2016 Rogue Wave Software, Inc. All Rights Reserved. 23
Do you know
what OSS
you're
using?
Can you
trust what
OSS is in
your
code?
Do you monitor
for security
flaws in your
OSS on an
ongoing basis?
How do you
determine what
legal,
compliance, or
copyright issues
are in your OSS?
Are you
possibly at risk
for unknown
security flaws in
your OSS?
How do you
track your OSS
inventory?
Do you know
where & and how
OSS is being
used throughout
your
organization?
Measuring open source risk

24. 24© 2016 Rogue Wave Software, Inc. All Rights Reserved. 24
Example audit report
Open source Bill of
Material (BOM) License
information Compliance
information

25. 25© 2016 Rogue Wave Software, Inc. All Rights Reserved. 25
Time
Difficulty
Expertise
Integration
Support
Inconsistency Team cost
Slows
response time
Many
tools
Deployment
Traceability
The sources of open source risk

26. 26© 2016 Rogue Wave Software, Inc. All Rights Reserved. 26
Technical risk
Expertise
Support
Team cost
Slows
response time

27. 27© 2016 Rogue Wave Software, Inc. All Rights Reserved. 27
Value of open source support
Support offerings range across the top open source packages.
 Access to enterprise architects ready to support you
 Avoid downtime and wasted cycles
 Navigate complex OSS packages requiring broad and deep expertise
 Mitigate risks and development pitfalls
 Architecture review & performance tuning
 Receive formal, instructor-led training across several OSS packages
 Gain the peace of mind that comes with 24X7 support coverage

28. 28© 2016 Rogue Wave Software, Inc. All Rights Reserved. 28
Poll #4
What do you see as the biggest technical risk of open source?
A: Support
B: Slow response from community
C: Expertise
D: Inconsistence
D: Other?

29. 29© 2016 Rogue Wave Software, Inc. All Rights Reserved. 29
What now?

30. 30© 2016 Rogue Wave Software, Inc. All Rights Reserved. 30
Supporting OSS
Five best practices for supporting OSS:
 Be proactive
 Get smart
 Stay informed
 Keep watch
 Maintain vigilance
Action plan:
 Do an OSS audit so you now exactly where, how, and why OSS is used
 Identify where support is needed and get the expertise
 Pay attention to security updates, patches, and latest versions

31. 31© 2016 Rogue Wave Software, Inc. All Rights Reserved. 31
Q & A

32. 32© 2016 Rogue Wave Software, Inc. All Rights Reserved. 32
Watch on demand
• Watch this webinar on demand
• Read the recap blog to see the results of the
polls and Q&A session

33. 33© 2016 Rogue Wave Software, Inc. All Rights Reserved. 33
Follow up
Free newsletter: vulnerabilities, industry news, and enterprise support stories
openlogic.com/products-services/openlogic-exchange/openupdate
For OpenLogic support customers:
OSS Radio
Get a free OSS support ticket to experience our expertise
roguewave.com/freeticket

34. 34© 2016 Rogue Wave Software, Inc. All Rights Reserved. 34
Stay tuned
Top open source lessons for every enterprise
July 13: Open source applied: Real-world uses
Examine actual field issues, from architecture to production, to better select and use the right
packages.
July 27: Top issues in the top enterprise packages
Dive into specific packages with two architects to discover what goes right and what goes wrong.

35. 35© 2016 Rogue Wave Software, Inc. All Rights Reserved. 35