As cloud computing evolves, open source software offers a collaborative and efficient development approach that is fast replacing proprietary-only code bases. Open source enables organizations to access common functions so teams can concentrate on building their own intellectual property.
Open source software has become a key standard for developing modern applications. It’s variable and flexible and gives organizations a head start on implementing common functions that underpin every digital experience. From common coding libraries to orchestrating container-based computing, organizations now rely on open source software—and the open standards that define them—for essential functions throughout their software stack.
With the state of cloud computing constantly evolving, open source software (OSS) offers a collaborative and efficient approach that is fast replacing proprietary-only code bases. In fact, in its recent State of Open Source survey, the Open Source Initiative (OSI) reported that 77% of organizations increased their use of open source software over the last 12 months. Further, 79% of these respondents sponsored open source organizations. The leading drivers of that adoption are to accelerate innovation and reduce costs.
“The goal of open source is to build something that illustrates consensus around a certain technology,” says Alois Reitbauer, open source evangelist and chief technology strategist at Dynatrace. “When an industry has a common problem to solve, there is no value if individual companies solve it differently. There needs to be industry consensus around standards. Then companies need to find a way to build the technology together collaboratively.”
What is open source software?
Open source software is any software component that’s publicly available for people to modify and share. A contributor develops software and makes it available under an open source license for others to contribute to, improve, and expand. The scope of OSS ranges from small components, such as a Java class library, to complete systems, such as the Apache HTTP Server Project and the Kubernetes container management system.
When open source software receives reliable contributions from reputable sources, more technologists are likely to adopt and expand it. If the software centers on a consensus-based open standard to solve a common problem, the technology can transform an industry.
“There are closed-source commercial products whose source is available on the internet, but you’re not allowed to modify it,” Reitbauer explains. “With open source projects, others can contribute (to them) and they’re free to use. With one of the well-defined open source licenses, like the Apache license, you can take whatever I develop and change it to whatever you want.”
Why use open source software?
Most functions in cloud-native applications are things many other applications must also do. OSS enables organizations to share these common functions so teams can concentrate proprietary efforts on their own intellectual property.
“Data collection is an example,” Reitbauer says. “Companies are all using the same data. When you go to market, you have to align to one technology standard and not have 50 implementations out there.”
In general, open source software offers many advantages, including the following:
- Saves time and money. Above all, when developers use code that others have developed and vetted it saves time and money. One EU study found that open source was directly responsible for €65 to 95 billion of the EU’s GDP. This is likely a conservative estimate.
- Democratizes development. Open source projects enable experts around the globe with deep investments in the technology to pool their knowledge. Open source democratizes development, benefiting from the contributions of multinational corporations, individual contributors, and students alike.
- Influences the evolution of core technologies. By participating in open source projects, companies and individuals can influence how technologies develop and the direction of future innovation. Companies that contribute connect to new discoveries and industry developments.
- Drives a culture of innovation. While companies historically use patents to measure an organization’s innovation output, contributions to open source projects provide another innovation benchmark. A healthy culture of open source contributions makes an organization more attractive to top talent who wants to influence the state of technology in their field.
What are open standards?
Open standards are measures and norms developed, approved, and maintained for the public by a governing body and qualified contributors using a collaborative and consensus-driven process. Open standards enable interoperability and data exchange among different products or services so technologies can be widely adopted. These standards provide a clear and neutral foundation for OSS contributors to collaborate.
Reitbauer’s own journey with open source started by contributing to open standards for telemetry data.
“The World Wide Web Consortium is the organization that builds pretty much all the standards around the internet,” Reitbauer explains. “We first got involved in collaborating with others on developing new technologies and new standards, most of which you find today in browsers to collect data about website performance. We really wanted collaboration with the industry so we could ensure the technology space is moving in the direction we want it to.”
When competitors become collaborators, everyone wins
Another hallmark of open source software projects is that competitors often find themselves collaborating on solutions to common problems. For example, contributors to the Apache HTTP Server Project come from IBM, RedHat, and Fujitsu-Siemens. But contributors also include hundreds of independent companies, individual professionals, and students.
“Sixty to eighty percent of the time, we’re working with competitors in our field,” Reitbauer says. “It’s faster and more reliable than each party working on their own.” But how do commercial competitors contribute to the same projects without stepping on one another’s toes or revealing intellectual property?
The answer, Reitbauer says, is governance. “A healthy open source project has a governance board where everybody is equally heard across the whole process. It’s like a mini-democracy, where people get voted in and you have representation.” Commercial contributors avoid spilling their proprietary secrets by clearly defining the scope of what they want to contribute and what they want to keep private. The consortium concentrates on common problems and develops common solutions so proprietary offerings can be more impactful and widely adopted.
OpenTelemetry: An open source success story
An example of a successful open source software project is OpenTelemetry. OpenTelemetry is an open source framework that provides tools, application programming interfaces (APIs), and software development kits for instrumenting, generating, and collecting telemetry data. Organizations use it for analyzing software performance and behavior. At its foundation is the W3C open standard Trace Context.
OpenTelemetry grew out of two projects: OpenCensus and OpenTracing, Reitbauer explains. “The whole industry was behind it.” In the past, observability vendors had to reverse-engineer the tracing libraries. “We wanted to be able to build software libraries to add tracing and telemetry directly to them so the observability vendors could consume the data immediately.”
The trouble was extending tracing across distributed systems. “Doing distributed tracing means there’s always a network in between,” Reitbauer continues, including middleware and cloud services. To keep track of traces between entities, developers need two pieces of information to determine the start and endpoint of each span of the trace. “Everybody had these two pieces of information, but nobody agreed on what it looked like. The result was you could not trace across different data providers.” The W3C Trace Context open standard addresses the problem by agreeing on what the fields should be for various data types.
That agreement comprises the standard that forms the basis for OpenTelemetry. “Now tracing kind of works universally across boundaries and across systems,” Reitbauer says. “You can stitch all of these things together, globally across vendors for cloud environments.”
Open source vulnerabilities: Security risks of open source software
All software, including open source, is subject to vulnerabilities. Some of these vulnerabilities, such as the Log4Shell vulnerability in the popular Log4J 2 Java library that emerged in December 2021, make the news because the code is so widely used. But Reitbauer argues that has more to do with how people use the software than the fact it’s open source. Indeed, vulnerabilities in open source code may be easier to detect and fix because more people are paying attention to them.
“The open source software you want to use is actually the one backed by a strong community that validates what contributors put into it and supports the ecosystem,” Reitbauer says. “Log4J was actually fixed pretty fast. Then you obviously need to understand whether these vulnerable libraries are part of the entire environment.”
He also cautions against lax practices that introduce vulnerabilities or malicious code. “Sometimes developers install software from the internet like a 3-year-old in a candy shop. It’s just pick whatever they can grab for dinner, often throwing dependencies into the replications without understanding the tools or making a software bill of materials. They’re not paying attention to how many artificial substances are in there.”
Whether software is open source or proprietary, preventing vulnerabilities requires vigilance and comprehensive application security and vulnerability management practices. However, Reitbauer says, “vulnerabilities eventually get introduced. That’s where organizations must guarantee the identity of all the components they have. Application security is not a one-time thing. Being secure today does not mean you’re going to be secure tomorrow.”
Why Dynatrace supports open source software
With so many technologies available for numerous cloud-native platforms, a company’s support of open source software becomes a key buying decision. “People are asking us, ‘Are you supporting open standards?’” Reitbauer says. “’How open are you? Does Dynatrace work with our tooling?’”
Reitbauer predicts that the age of developing proprietary-only software stacks is giving way to a more open source future. “I eventually see more industries where proprietary-only software becomes obsolete,” Reitbauer says. “Especially when a technology becomes a commodity, very often it’s open source because no one company wants to maintain it. Why would you want to build it yourself?”
To see how Dynatrace embraces open source software and OpenTelemetry, join us for the on-demand Performance Clinic, Dynatrace and OpenTelemetry work #BetterTogether.