Open Source Transparency: The End of FUD
Dan Kusnetzky, EVP Marketing Strategy and Paul Sterne, CFO
An Open-Xchange Position Paper
|This position paper will address the question, "Can the open source approach to software development promote transparency and remove FUD — fear, uncertainty, and doubt?"
By requiring that the source code is freely available to all, the open source movement has made transparency and peer review two of its guiding principles. Transparency undermines FUD because all users have the ability to see exactly how the software works. Transparency increases quality by subjecting all aspects of the code to constant peer review. Transparency and peer review negate FUD by shifting the debate to the objective "what is it" (or as Kant said, "the thing itself") from the subjective "who is it".
IBM is credited with inventing FUD to undermine competitors when it had a virtual monopoly in the mainframe era. Today, proprietary software vendors are trying to protect their franchises by spreading FUD about open source software. These proprietary software companies raise fear and create uncertainty and doubt with the goal of causing organizations to abandon deployment open source software.
Open-Xchange believes that the open source model will have the opposite effect and lead to transparency and the end of FUD. Universal access to the source code and intense peer review will replace FUD with objectivity.
This is another in a series of Open-Xchange position papers on IT management topics. Each of the papers will focus on a trend Open-Xchange has observed, what impact this trend is expected to have on the industry and how Open-Xchange, Inc. will help organizations respond to that trend.
The Origin of FUD
IBM invented the concept of FUD during the mainframe era. IBM perfected a three-pronged sales strategy based on the subjective Who and its corollary, fear, uncertainty, and doubt. First the ’42 Longs’, young athletic white males, secured the beachhead by winning over the secretaries guarding the executive suite. Then trust was deepened as the executives bonded with account managers, older 42 Longs, on a private IBM golf course. And finally the Se’s or Sales Engineers concreted the deal by offering the IT professionals job security – no one ever lost their job selecting IBM. The misfits outside of this comfortable inner circle were feared because they threatened the status quo.
The advent of the personal computer and client-server architecture changed the playing field. The What became more important because users were getting firsthand exposure to computers and software. But the What was restricted to features and functions because users only had access to object code.
The confluence of the Internet and the open source movement in the early 1990’s changed the landscape completely. Now everyone could access information previously available only to the inner circle. The What became more important than the Who as people gained access to the source code, "the thing itself", as evidenced by the Linux operating system.
The Source Code Requirement
To be designated open source software, the source code has to be made available to all and it must be easy to locate and download.
The most prevalent open source license form, the GNU General Public License, Version 2, states it this way:
"Our General Public Licenses are designed to make sure…that you receive source code or can get it if you want it…"
In the legalese, the GPL license continues to emphasize the importance of the source code principle:
"You must make sure that they, too, receive or can get the source code."
The scientific method, which is the underpinning of most intellectual progress, is based on experimental replication and the ethos of peer review. The Open Source Movement applies these two fundamental tenets to software development for the first time. Instead of a closed system restricted to owners of intellectual property, the open source movement opens up software to the unfettered scrutiny of the public at general.
By giving all interested parties access to the source code, the open source movement makes peer review possible by enabling experimentation and testing. Everyone can see how it works. Everyone can offer suggestions and improvements, not just members of a single vendor’s development team. Major open source software projects are downloaded hundreds of thousands of times. Each one of these downloads is an opportunity for peer review and improvement.
Each user of open source software is encouraged to find bugs or suggest enhancements. More enterprising users are free to actually implement their suggestions and submit their enhancements to the community.
Open Source Means No Hidden Code or Functions
As organization adopt open source software and "join the open source community", they have the opportunity to inspect each and every aspect of the code they’re running. This means that the entire open source community has complete transparency of the ‘stack’ from the operating system to the middleware to the application layer. If anyone in the community discovers a flaw, it’s a straightforward task to isolate it and determine whether the cause is within the application, the middleware stack or a component of the OS distribution. Once a bug is isolated, it is a straightforward task to fix it, test it, and enter it into the "plain vanilla" code base.
Keeping the code branch consistent, what we call "plain vanilla", is important because code branches slow innovation by increasing fragmentation and dissipating energy/focus. Hence, we see little difference between the proprietary software companies and open source vendors who customize the ‘stack’. Once the ‘stack’ is customized, the democratization of software is violated and prevented. At Open-Xchange, unlike our competitors Zimbra and Scalix, we do not customize the open source distributions or the middleware stack that our code relies upon.
What versus Who
Although many in the industry bandy about the statement that users want ‘one throat to choke’, we disagree. Users want control of their environment. And control is attained by having a transparent view of the entire stack.
Open-Xchange believes that security is better served by knowing what you are working with than who you are working with. Having access to the objective what gives the user much more control than contact with the subjective who. Being dependent on a single vendor’s ‘black box’ is not a sign of control and certainty, but the hallmark of powerlessness and dependency. Access to the source code, i.e., transparency, means that it is nearly impossible for a vendor to insert code that adds "hidden" functions or services that could provide the gateway for a security breach or malicious mischief.
Open-Xchange has always developed software based upon "plain vanilla" open source components and international standards. Open-Xchange Server uses only standard APIs, protocols and data formats. This obsession with reliance on open source software and compliance with open standards has made it easy for our customers and partners to implement, integrate, and customize their collaborative solutions.
Since its inception, Open-Xchange Server has architected its collaboration platform based on a modular structure at both the component and data object level. This means that Open-Xchange can integrate open source middleware and application components such as Apache, Tomcat, PostgreSQL, OpenLDAP, Postfix, Cyrus, ClamAV, Spamassassin, and Open SSL into its collaboration framework with relative ease. At the data level, by relying on standards such as WedDAV, IMAP, iCal, and vCard, Open-Xchange can provide a unified collaboration solution.
This architecture has enabled Open-Xchange, from the beginning, to offer integrated email, calendar, contacts, tasks, folders, and projects, together will role-based document sharing, centralized knowledge and bookmark stores, and pin or bulletin board functions. Over time, the Open-Xchange community and its partners have developed and will continue to develop OXtenders that make it simple to add tools, such as Instant Messaging, blogs, Wikis, Voice-over IP, into its integrated, secure collaborative environment.
Open-Xchange’s objectives are to:
1. Offer state-of-the-art functionality and usability at a disruptive and unbeatable price.
2. Only provide core server software that is open source and transparent.
3. Base our integration platform on a stack of "plain vanilla" open source components.
4. Adhere strictly to open, international standards.
Open-Xchange encourages peer review of its open and standard software. Every bug that the community helps us fix makes the software more useful and productive. Every enhancement or extension that the community creates enlarges the user base. The guiding principles of transparency and peer review make Open-Xchange an ideal choice for organizations seeking an open source collaborative solution. By embracing open software, we are working towards the end of FUD.
If you have any questions please contact:
303 South Broadway
Tarrytown, NY10591, USA