The use of open source code is on the rise. Red Hat’s 2021 Enterprise Open Source Report (link resides outside ibm.com) found that 90% of companies use open source code and 79% of IT leaders expect their business use of open source to increase. Also on the rise, unfortunately, is malware and ransomware up 158% in 2020 according to a recent report (link resides outside ibm.com) by cybersecurity firm SonicWall. Attacks which often take advantage of code that is not kept up to date and protected from the latest vulnerabilities. Do you keep your enterprise open source code up to date?
Using open source software has many advantages which includes being free of charge to use. However, as the old saying goes, “There is no such thing as a free lunch”, and this certainly applies to open source software. Indeed, it is now generally understood that, while open source software is free to acquire, it’s Total Cost of Ownership (TCO) isn’t zero. This is because you still need to cover the costs of running the software which includes getting the software installed, properly configured, maintained, and supported. It is that last component that we will dive into in this article.
What happens in case there is a problem with a piece of open source software your system depends on? To whom are you going to turn to get your problem fixed? This is not a question you want to ask yourself when the problem arises. You need to have a plan so that your system doesn’t come to a halt while you’re going around looking for an answer.
With proprietary software you typically have acquired a license to use the software as part of a contract that includes some level of support. So, the answer is simple: you turn to your provider which, based on the level of service you have contracted for, will address the issue to get your system going again. When it comes to open source software, what are your options? Here are three:
The first option is probably the first one anyone would think about however, it’s not without its challenges. First, it requires knowing how to contact the community. Hopefully, there is some documentation along with the software that gives you some info on how to do that. Maybe it’s an email address to contact the developer(s) or a mailing list or chat channel on which interested parties hang out. With that information you send your request for help and wait for an answer to hopefully get your system going again.
Unfortunately, there is no way to know how long you will have to wait and whether the answer you get, if any, will actually be helpful. In this regard, it is worth pointing out that the nature of the “community” typically plays a big role. The bigger the community the more likely you will be able to get help. This is why you should always look into who’s behind any software you decide to use in the first place. Is it a lonesome developer who’s only active on the weekends with just a few users, or is it a large group of committed developers with a large community of users some of which may have developed serious expertise?
Not that there is anything wrong with being a hobbyist developer. Some of them deserve a lot of credit for their contributions and are very responsive to requests for help. In general, though, it will likely be easier to get help from projects supported by a large community which has more resources dedicated to the project and helping others. Either way, there is no guarantee you will get the help you need in a timely fashion.
Whether you can’t get help from the community or don’t want to depend on it, your second option is addressing the problem yourself. However, this obviously requires having resources with the skills and knowledge in the software you are using to even be considered. Apart from very simple pieces of software this typically doesn’t come easily. You need to have people who have invested significant amount of time to develop the expertise to narrow down the source of the problem; is it merely a configuration error or is it a bug in the software?
If it’s a bug they’ll need even deeper expertise to find their way through the software, and figure out a way to fix it. Once they’ve found a fix, you’ll want them to submit it for inclusion in the open source software — what’s commonly referred to as “upstream” — and hope it gets merged in so that you don’t have to keep maintaining your own version of the software with all the pain that comes with maintaining a fork — a different version than the official one. Clearly this is not an option that is practical for most businesses.
The most practical option for most businesses is to ask a service provider to take care of the problem. Typically, it’s not when facing a problem, you will want to go look for such a service provider though. Instead, this is something you will want to do at the time you decide to use the software so that you know you’re not jeopardizing your business by starting to use a software nobody is responsible to maintain for you. In fact, when it comes to support, open source software is not really different than proprietary software. Even though in theory you have the advantage of being able to access the code and fix it if something is wrong, as we discussed, in reality this may not be a practical option for you.
So, just like with proprietary software you are better off contracting a service provider to support it for you. The question then becomes a matter of choosing the right service provider. It should be evident that you don’t want a service provider that would find itself in a similar situation as the one you would be in — having to rely on the community for help, not having the expertise for fixing the problem.
You should choose a provider who is already part of the community and already has the expertise in the software.
This is what differentiates IBM from many other service providers. IBM is heavily invested in many open source projects such as The Linux Foundation’s Hyperledger Fabric, and has resources fully dedicated who work day in and day out on these projects. As a result, IBM has some of the best experts in the world and it is thanks to that expertise that IBM can offer you unparalleled support, freeing your company from having to worry about what will happen if something goes wrong. Not only can IBM experts help quickly figure a solution to the problem you are facing but their involvement in the community also means they can work on getting the fix merged upstream.
But the benefits go beyond getting issues fixed. IBM experts essentially become your company’s ambassadors in the open source projects they are engaged in. Informed of the challenges your company faces they can work on developing the software in a direction that best addresses your needs.
For more information on blockchain open source support for Hyperledger Fabric, visit our support page.
IBM Blockchain Services can help bring your ideas to life. Explore the use of blockchain and digital assets in your business.
Learn how Hyperledger makes revolutionary cooperation and innovation possible
Connect with the blockchain experts