April 30, 2009, 11:14 am
You know who loves open source software? Developers love open source software. Developers, and IT staff. If open source was a band, these guys would be the biggest fans. They‚Äôve downloaded it, they‚Äôve used it, they know it works ‚Äî and they know it saves them loads of both time and money. They tend to use open source software whenever it makes sense to do so.
But when open source fans try to use open source software at work they often find that their manager, or their manager‚Äôs manager, has a lot of concerns. After trying to battle them, they usually end up bringing in an outside expert to talk their manager into it; or they simply abandon their plan altogether.¬† It‚Äôs just too much work to convince management that it‚Äôs okay to use open source.
Now, we don‚Äôt want to point any fingers, but you know what often happens next. Authority is questioned, quiet revolutions happen and the next thing you know, open source software is being used ‚Äî discreetly, unofficially ‚Äî just to prove that it works! There‚Äôs got to be a better way. Well, fortunately there is. In this article we‚Äôll outline some strategies you can use to convince your manager to use open source software, along with tips on how to make those strategies effective.
- Make sure you understand how proprietary software is acquired.
- Find out what your manager thinks about open source.
- Address all of management‚Äôs questions and concerns ‚Ä¶ preferably in advance.
- Bust the prevailing myths about open source software use.
- Create infrastructure.
- Take a shortcut or two (at your own risk!).
- Build your plan.
Make Sure You Understand How Proprietary Software is Acquired
Often, developers don‚Äôt really know how their company acquires software. They need something; so they tell their manager and a piece of software somehow gets purchased and shows up on their desk. (Or, probably more likely, they are told what software they need to use and they just download it from a central repository.) At most large companies, there‚Äôs a whole software procurement process. Many have tried simply adding open source software to the existing process.¬† Although open source doesn‚Äôt usually fit the existing¬† process perfectly, it‚Äôs best to try to use as much of that process as you can¬†‚Äî while simply adding steps to address the issues that are unique to open source software.¬† So, while it‚Äôs unlikely that you‚Äôll be able to fit open source software into your procurement process without making any changes at all, being able to discuss how you‚Äôve addressed all the issues your company cares about concerning the procurement of software will certainly help your case. Examples of things that a procurement process normally covers are:
- Price. Both up front and on-going costs are at issue. This includes the price of acquiring the software, installing and integrating it, and providing maintenance and support. It‚Äôs best to address each of these potential costs, even if your company‚Äôs particular use of open source software may not involve them all.
- Source Code Escrow. The procurement process usually addresses what will happen if the software company goes out of business. Often there‚Äôs a clause stating that the customer will get a copy of the source code, along with the right to continue using the product. While this isn‚Äôt usually an issue for open source software, it is worth pointing out what you‚Äôll do if your contract with a provider of open source software ends or if the company goes out of business.
- Support. Who is going to support this software? With the proprietary software procurement model, it‚Äôs often obvious who is responsible for support; which means this issue is really more about the terms of support: 24√ó7, work hours, numbers to call, etc.
Find Out What Your Manager Thinks about Open Source
Don‚Äôt assume that you know how your manager feels about open source software. There‚Äôs a chance they know all about open source software and use it all the time at home. There‚Äôs also a chance that they‚Äôve fallen for every myth. Your manager:
- may be a big open source fan. In which case the problem may be your manager‚Äôs manager.
- may not know anything about open source software and be afraid to admit it. In this case, provide lots of information in a non-threatening way.
- may think open source is bad or threatening. Right or wrong, your manager may have already decided open source software is bad. If you can, try to figure out why they‚Äôve reached this conclusion. Maybe someone they know has had a bad experience or maybe they read an article with misinformation.
- may believe every myth you‚Äôve ever heard, and some you haven‚Äôt, about open source software. Be sure to address all the myths, not just the ones that are anti-open source. Addressing all of them, even the ones that would help your cause, makes you look knowledgeable (and impartial) about open source software ‚Äî which will ultimately help your cause.
Outside sources can also be helpful in addressing management‚Äôs¬† concerns about using open source software. Depending on your manager‚Äôs learning style, you might point them to online resources like Wazi or to books like the Cathedral and the Bazaar (you can find a list of books here) or to conferences like OSBC.¬† You could even pull in an outside expert to speak to them ‚Äî perhaps on the phone to start with.
Address Management‚Äôs Questions and Concerns‚Ä¶ Preferably In Advance
If your manager (or their manager) is not familiar with open source software, they‚Äôre going to have a lot of questions. Be sure to anticipate and answer them before you make your proposal. Note that open source software is generally considered more secure than proprietary software for a number of reasons, including: many, many more people reviewing the code, many people testing and submitting bugs and more frequent releases to address any issues.
Here are some questions and concerns that managers often have about open source software.
Why Are These People Doing This for Free?
One of the things that often baffles management is why these people (i.e., developers) are working on open source software for free. They aren‚Äôt necessarily worried that you get what you pay for. They are more suspicious that developers may have ulterior motives and, without understanding those motives, they can‚Äôt evaluate whether or not open source software is free.
Open source software developers write open source software:
- to ‚Äúscratch an itch‚Äù. The most common reason people start writing open source software is because they want something. For example, they want their screen to flash instead of beeping when they get new mail because they can‚Äôt hear or they spend lots of time in meetings. They want the weather to show up on their desktop. They want to be able to share their files with their friends.
- to fix a problem they‚Äôve had or a problem they‚Äôve seen. This is an extension of scratching your own itch. Once people discover they can solve their own problems and they release their software, they discover that others find the software useful as well, and will submit bug fixes and ideas for features.
- for recognition. One of the most powerful forces behind open source software is one that is often not recognized. Open source software is a meritocracy and individuals are recognized for the strength of their code. Being known as someone who writes good code and maintaining your reputation is a strong motivator.
- because they enjoy writing software. You may want to leave this reason out, as it‚Äôs really hard to convince people that don‚Äôt write software that it is true. People who write code really enjoy writing code. Coding is often not only fun but very addictive.
Where Does It Come From?
This is closely related to the ‚Äúwhy do they write it‚Äù question, but with a slightly different spin. When a manager asks this, it‚Äôs like they‚Äôre saying: who are these people? The answer is, they are software developers. They‚Äôre professionals who write software for pay during the day, and write open source software during their free time or for their employer (see addiction & itch-scratching, above). You can find several studies with more information on the web, but here are some rough stats:
- 40% of open source software developers are paid to work on open source software. The rest are volunteers.
- It‚Äôs easy to tell if an open source software project relies mainly on the work of one company.
- Most open source software developers are men (less than 2% are women).
- Most have families and full time jobs.
- Most are employed as full time software developers.
- Open source developers are a very international group. (Red Hat recently created an open source activity map that shows where open source software developers live worldwide.)
There‚Äôs No Support
Support in the open source software world looks a little different than support in the world of¬† proprietary software. Naturally, this often leads people to conclude that there is no support for open source software. It‚Äôs not true! There are often even more support options for open source software than there are for proprietary‚Äî at least for the more popular projects. In the proprietary software world, it‚Äôs obvious that if you buy AIX from IBM, you are going to buy your support from IBM. In the open source software world, you may get Linux from a random website and then purchase support from any number of vendors.
It‚Äôs a Security Risk
Because open source software is written by individuals spread out across the world instead of by large companies, and because all of the source code is visible, people often initially assume that it‚Äôs a security risk. The open source community has successfully shown this isn‚Äôt true. Today open source software is viewed as at least as secure as proprietary software.
It‚Äôs a Legal Risk
There‚Äôs been a lot of fear created around open source software and legal risks. The truth is that any business action carries some legal risks. The legal risks of open source software are just different from the risks of using traditional proprietary software. A good policy can help address and mitigate the legal complications your company might face. See Best Practices for Creating an Open Source Policy for more information.
You‚Äôll Give Away Our IP
Many people are very fearful of the copyleft nature of the GNU General Public License (GPL) under which a lot of open source is released. They are afraid that if they use GPL-licensed software, they will have to give away all of their software. Often they allow the use of open source software, with the exception of any licensed under the¬† GPL.¬† Clearly, if you want to make sure your company doesn‚Äôt prohibit software licensed under the GPL, you should address tis one early. There are many ways to make sure you don‚Äôt accidentally copyleft your software. They range from not copying any GPL-licensed software into your code base, to not linking to any GPL software from your code, to not distributing any GPL-licensed software (or anything derived from it.)
Bust Prevailing Myths
Here are some of the more common myths concerning open source software. Address both the ‚Äúgood‚Äù myths and the ‚Äúbad‚Äù myths. It will help in the long run if your management really understands open source software.
- If you don‚Äôt modify the code, you‚Äôre good. Many companies believe that as long as they don‚Äôt modify the source code, they don‚Äôt have to worry about which license open source software has. Some even create a policy that prohibits the modification of open source code because then, they think, they are risk free. While modifying open source software may cause support problems, modifying code isn‚Äôt usually what triggers anything in the license.¬† For example, the GPL says that if you make modifications to the software, you have to distribute those modified source code files with your binaries.¬† But it‚Äôs the distribution that triggers that clause, not the modification.¬† So if you distributed the binaries unmodified, you‚Äôd have to distribute the source code.¬† And if you linked statically to those GPL-ed binaries, you‚Äôd have to distribute your source code as well ‚Äî but only if you distributed your product.¬† If you‚Äôre just using it within your company, it really doesn‚Äôt matter whether you modified it or not ‚Äî except from a support perspective.
- If you modify GPL code, you have to give the modifications back to the project. While it is smart to contribute your modifications upstream (i.e., back to the project), it‚Äôs not a requirement.¬† Under the GPL, you only have to give the modified source code to anyone to whom you distribute¬†the binaries.¬† It‚Äôs smart to contribute your modifications back upstream because then you are using the standard product, not a special, forked version. If there are any problems, it‚Äôs much more likely someone else will also encounter them and a fix will be made quickly. It also makes upgrading to the next version much easier, and open source software projects typically release new versions often.
- Distributing GPL code under a non-disclosure agreement (NDA) doesn‚Äôt really count as distribution. Many attorneys believe that distributing GPL code under a NDA doesn‚Äôt really count as distribution.¬† Further, they think that the recipient can give that GPL product to anyone they want to ‚Äî under the terms of the NDA ‚Äî regardless of what the NDA actually says. Unless you‚Äôre comfortable releasing your software under the GPL license, don‚Äôt release code linked with GPL code under non-disclosure.
- If you are only using open source software internally, you don‚Äôt have to worry. Actually, you probably do need to worry a little. First, you should remember that software rarely stays internal. It‚Äôs almost always shared with a partner or vendor, or a company is acquired or sold.¬† Second, many licenses have clauses that are triggered by something other than distribution.¬† Sometimes they‚Äôre simple, and sometimes they aren‚Äôt.¬† For example, one license says that you have to buy a copy of the developer‚Äôs book for every developer on your team, regardless of whether you redistribute or not. Another license says you have to buy the developer a beer if you see him at a conference. These may seem like trivial clauses to you, but company attorneys are paid to worry about things like whether or not every employee will even recognize the developer at a conference, let alone buy him a beer.
- Anybody can sue me for the misuse of open source software. Only the person who owns the copyright for a piece of software can sue you for violating the license.¬† Typically, the person who owns the copyright is also the person who wrote the code.¬† They can, however, give that copyright away.¬† They can even give it away and keep it for themselves ‚Äî so now two people hold the copyright.¬† The copyright holder is also the only person who can change the license on a piece of software.¬† This is why SCO lost their lawsuit.¬† (SCO sued IBM for allegedly contributing SCO intellectual property to Linux, but in the end the court ruled that SCO didn‚Äôt hold the Unix copyright, so it couldn‚Äôt have been their intellectual property.)
- There is no support for open source. First off, lots and lots of products are open source.¬† The support options vary widely, from the do-it-yourself variety to multiple companies competing for your business.¬† (OpenLogic supports hundreds of open source software products.) The challenge is that you sometimes have to do a lot of research ‚Äî a product‚Äôs name doesn‚Äôt necessarily give you a direct clue to the company that supports it; or you might come up with more than one name and have to compare several companies.¬† Regardless, there are lots of companies and individuals out there supporting open source software.
- Freeware and shareware are open source. Freeware and shareware are not open source.¬† All things free are not open source.¬† Just because it‚Äôs free, doesn‚Äôt mean it‚Äôs open source. (There, we‚Äôve said it three times now, in three different ways.) The freeware and shareware licenses are very different, and they do not meet any of the traditional open source guidelines around things like providing source code, allowing modification, and redistribution.
Many companies decide they need an open source policy and an open source governance process before they use open source software, but then stall in the process of deciding how to create that infrastructure. It may help you to have a preliminary draft of an open source software policy and governance process that is specific to your company‚Äôs needs. The danger is that if you make it available, your project may be stalled until the policy and process are approved. On the other hand, showing that you‚Äôve not only thought about the policy but have created a draft¬†based on research might help show that you understand the risks and benefits of open source software. It could be a relief to your management.
- Bring in an outside expert. Often it‚Äôs just easier to trust an outside expert. Remember when you were a kid and your mom wouldn‚Äôt believe you, but she believed the neighbor? It‚Äôs the same here. If you do bring in an outside consultant, make sure you work with them closely and help them understand your company‚Äôs internal situation as well as what you are trying to accomplish.
- Just do it. Ask for forgiveness instead of permission. Do this one at your own risk! Sometimes it works to just use open source software and then show that it‚Äôs been working for a while, saving you time and money, and nothing disastrous has happened. Be sure you can show that you‚Äôve considered all the risks, addressed all the issues, created an informal policy, etc.
- Have a fire. There‚Äôs nothing like creating change in an organization like finding a problem that can only be fixed in time ‚Ä¶ with open source!
As promised, here‚Äôs a plan you can use to convince your management that it‚Äôs in your company‚Äôs best interest to use open source software. You‚Äôll have to do quite a bit of preparation work, but in the end it‚Äôll be worth it because of the time and money your company will save by using the open source software solutions you‚Äôve found in a way that minimizes the risks.
- Know what software you want to use.
- Make sure it works well. Know it.
- Figure out how to address all the points that your company normally would in acquisition.
- Know where your management is concerning their knowledge of, and beliefs about, open source; and know how to address all of their concerns and perceived risks.
- Put together a document that:
- States the problem you are trying to solve.
- Describes the software you want to use.
- States plan for transition, support, etc.
- Addresses risks.
If your manager is already an open source fan, then convincing her to use open source software might be really easy, and the two of you will be able to focus on building the plan and creating the infrastructure to use open source software effectively. If your manager is not familiar with open source software or has an active fear of the risks associated with it, it might take you a little longer. But you‚Äôre not alone! Many open source fans have successfully used the strategies in this article to bring open source software into their companies in a way that saved their companies time and money ‚Äî improving their businesses. If you are one of those people, please share any additional tips or suggestions you have in the comments!
Best of luck to all you open source fans!
Stormy is Executive Director of the GNOME Foundation and a passionate evangelist for open source software. She founded the Open Source Program Office at Hewlett-Packard and the Expert Community at OpenLogic, and she‚Äôs a frequent keynote speaker on business aspects of open source software at prominent conferences as well as for government organizations such as the United Nations and the European Union. Stormy has lived north of the Arctic Circle, traveled around the world solo, and‚Äîmost impressively‚Äîtaught classes to twenty-two eight year olds. She currently spends her spare time working with Kids on Computers, where she's helping to set up a computer lab in Mexico (using open source software, of course).