Going Public: Corporations and Open Source

by Matthew Langham

Triggered by an otherwise very interesting visit to a major European corporation yesterday, I feel that today I should rant a little on the corporate use of Open Source.

Now, I am not ranting about the fact that commercial entities are actually using Open Source - I want to rant a little about the fact that they (often) don't publicly say so!

Or to put that into perspective - often the groups/units etc. that use Open Source are not allowed to mention the fact outside of their office. It's a "secret".

Now this fact often actually hinders the group in their use of the open source software. They can't benefit from many of the advantages - because they are not allowed to.

So they resort to fixing bugs themselves - instead of getting them fixed in the Open Source project. They write new components when the ones in the Open Source project don't quite fit what they need. They can't ask questions on the mailing-list (unless they disguise themselves by using a generic mail-domain). In return, they cannot give back to the project and so the project also loses.

From my experience, the people working with Open Source are extremely frustrated by this and it can take a long long time before the "powers" agree that these facts can be publicly made.

So, my question is what do we - in the Open Source community - need to do to help those enthusiastic supporters of Open Source inside major corporations convince the "powers" to go public?

What can we do? Post your ideas here.


2003-01-22 10:05:27
Corporations do products
2003 will not just be the year of the notebook. It will also be the year in which big corporations go open source - and will talk about it. Safari is a good example. But, don't forget, Apple worked a full year on Safari without making any noise. This is because corporations do *products*. And products better not fail in public. So, give it a bit more time.

2003-01-22 12:06:35
Corporations do products
You are right in the fact that I should have stated clearer which corporations I'm talking about. Granted if a company wants to build their own product on top of an open source solution then they are wise to wait until the product is finished. But once the product is publicly available (remember this might be a service and not an actual "box product" like Safari) then they should go public on the fact that they are using open source!
It would be a great benefit to the open source projects if they were able to say "look that corporation is using our software".
It is also something of a "chicken and the egg" problem. Companies will say that they are not prepared to use a certain open source project - because no other company is using it. At the same time, companies are not readily prepared to say that they are using open source .....
2003-01-23 14:31:30
security issue
Say you run a website and you use an open source shopping cart program. Would you want the world to know what program your running? I would think not. Every script, every application running on the web surely has a security hole, by letting the would-be attacker know what software youre using would only be asking for trouble. Once a hole or bug is found in your opensource software hackers would then be able to hack your site, at least until you fix it. Am I wrong in thinking like this?
2003-01-23 14:57:00
Nothing new
I've worked in marketing at software companies for years. They usually have a corporate policy about if they reveal what their systems are based on. The fact that it's open source doesn't change this. It would be nice for the movement but the solution used is also often viewed as a competitive advantage for a company (especially if it's cheaper and easier to maintain) so they don't want competitors to know.
2003-01-27 22:39:58
security issue

Once a hole or bug is found in your opensource software hackers would then be able to hack your site, at least until you fix it
This is an interesting statement :-). Isn't the same true for closed source? Remember the SQL Server attack from this weekend. How do you fix holes like that? You have to wait for the patch (or get the patch) from the vendor. You _can't_ fix the bug/hole yourself.

I think your customers will be more positive towards you if they know which software you are using and are aware (!) of the advantages. Often - especially if you are in an area where innovation matters - open source is the only way to go because that is where the innovation happens quickly. There _are_ drawbacks to open source and you have to be aware of them. But I don't think security is one of them really.