Our Roundtable Sessions are invite-only events hosted by peers for peers that bring together a select group of senior IT leaders from across industries for topic-driven, intimate dialog on current trends and topics. We hosted this Session featuring a group of CXOs and other IT executives. The group met remotely to discuss the future of open-source development, led by the CTO for an American operator of health care facilities. This Session was sponsored by Sonatype.
Open-source enables agility, drives innovation, and reduces time-to-market. From building systems to deploying pipelines and from editors to inter-process communication, you can find a reliable open-source tool for most, if not all, of your business needs. Instead of reinventing the wheel, your developers can integrate working modules into their applications and be more efficient in developing software.
An executive shared that their first experience with open-source software was when they were introduced to Apache in the 1990s. The realization that a few lines of code could enable them to write a customized HTTP server was euphoric for them. It was the first time they got real value from a piece of software- without having to spend too much money. It brought about a shift in the way they perceived, wrote, and maintained software.
One attendee mentioned that they started considering open-source software to cut costs. A few years back, in an attempt to be more fiscally responsible, they swapped out legacy infrastructure for open-source tools and applications. As a result, they had to refactor most of their software, from the legacy, monolithic applications to the testing and deployment scripts. However, it all ended up being worth it because their CAPEX was significantly reduced.
Multiple reports suggest that over 90% of IT shops today use open-source tools or applications. A participant commented that the number should be closer to 100%. In their company, every developer uses an open-source tool or framework. Be it something as complex as a messaging queue or database server or as simple as a logging framework.
One exec talked about innovation being a key driver of open-source. You will inevitably look at open-source software when you need to release products quickly without shelling out a lot of money in a competitive industry. Today, open-source is no longer just about modules or libraries. It's about everything. There is an open-source offering for almost everything from AI models to fully functioning automation servers and version control systems. Open-source catalyzes innovation, not just because of low-to-no costs but also because of ease of customization.
Another important reason people choose open-source is to avoid reinventing the wheel. Why rebuild something from scratch when you can use a free, scalable, well-maintained library/framework that's already trusted by millions worldwide? Even if you end up modifying some parts of it to meet your personalized needs, you will still be saving a lot of time, money, and effort.
A speaker said that they trust both open-source and third-party software equally. Both get tested for risks and vulnerabilities in the same manner. They used to have a contractual regulation requiring vendors to explicitly state all the open-source software they were using. This allowed them to examine the security implications of the contract before signing it.
The biggest strength of open-source, i.e., ease of integration, can also be its weakness. For example, it takes a simple npm install to install an external module for your application. However, if that module has any security flaws, it can introduce vulnerabilities into the application and the overall system.
Having visibility into all the used open-source packages within an organization can help mitigate many related security challenges. However, doing so isn't always easy. For example, one attendee said that most of their developers only use approved/vetted open-source software, but there's no way to know if someone is using an unapproved one unless they report it themselves.
An executive expressed that in the future, we can expect more vendor-neutral open-source applications, like Kubernetes. You will be able to run these applications regardless of the underlying platform or cloud provider. This will fit in perfectly with the rising multi-cloud deployments, giving people more flexibility than ever before.