Open Source in Mobile Development Part 2
The Role of Open Source Software
The use of open source software is increasing as software developers address the opportunities, and the corresponding challenges, of the telecommunications industry transformations, at the same time as facing global economic and competitive pressures. The reasons include the following:
- Open source software’s agility and cost advantages provide considerable choice to the catalogue of specialized components that software developers can call upon. For example, the Insight Report “Open Source Software Impacts on Telecom Services, 2011-2016” mentions over 23 telecom-focused open source companies in 4 major categories of: Network Infrastructure, Business/Operational Support Systems, Service Delivery Platforms, and Open Source Software Support. At the same time, there are hundreds more companies serving the overall open source space which is also utilized by telecom software developers: from data-bases to XML tools.
- Using open source software components is becoming one of the key strategies to address the ever more complex integrations that are required in ever shorter time frames. Open source software increases the solution options available to systems integrators and mitigates the lock-in and cost increase risks by a few large and powerful vendors who may often also be competing with the systems integrators. There are currently over 17 companies offering open source software and middleware for systems integration.
- As software systems constantly evolve, their use of 3rd party components creates a dilemma. On the one hand, by using existing and proven components from 3rd parties, business opportunities can be addressed faster. On the other hand, use of 3rd party components creates a dependency: the 3rd party component supplier needs to be responsive to the evolving needs of the developers using their components. If the 3rd party supplier does not respond in a timely manner because of business priority, direction or ability issues, then there is a major risk to the developers depending on the supplier. Open source can better enable evolution and mitigate future risks in two ways. Firstly, it increases the number of component vendors offering a larger number of options for evolving needs. Secondly, using open source components can offer more control to the business by ultimately allowing in-house critical code changes to be made, when it becomes clear that these are not going to be offered by the 3rd party suppliers.
- In business consolidation scenarios, the software assets being valued as part of the M&A increasingly include open source software introduced through in-house development, outsourced development, or 3rd party software. There can be significant legal licensing and intellectual property obligations, security risks, export regulations risks, and support costs associated with the software depending on the pedigree and licensing terms of the software. There may be anonymous source code introduced into the code stream with uncertain pedigree. Therefore, there are major software risks for both parties in an M&A situation: deal loss, valuation loss, delays, and unpredictable future costs to the business. These risks need to be managed.
Open source software risk management
While use of open source software in the transformation of telecom can bring significant benefits, the risks need to be managed:
- Support: While open source software source code is freely accessible, the building, packaging, testing, and the on-going maintenance of evolution of this code needs continuous investment or it becomes undependable, particularly as the code develops evolutionary branches. There is a need for a bill of materials for an existing code base, so that the developers are aware of what is in the code base and who supports the software components: internal, external volunteers, or a commercial organization.
- Security: CSPs and their vendors are at the core of the global information flow and their focus on security risks is, therefore, absolutely required. As the sophistication of open source software grows, its sources become much more diverse, and its use much wider, the risks of security vulnerabilities being introduced to the CSP solutions also need to be robustly addressed. Again, having an accurate bill of materials that provides an reliable view of what source code components are in the software base is critical, as are methods of identifying code components that can increase vulnerabilities.
- Legal: There is a range of different open source licensing terms with differing legal obligations. These range from the restrictive Gnu Public License (GPL) with strict “copyleft” to the permissive BSD licenses with only attribution requirements. The terms of the license will determine whether a company’s software investment has to be opened up also to its competitors. Some open source component licenses have implications on the ability to patent, or the possibility of infringing on patents, for the adopting organization. Therefore, the legal risk must be addressed robustly as part of a disciplined software development lifecycle approach using appropriate tools.
Open source license management is a cornerstone of a risk management strategy appropriate to the sophistication, scale, and critical role of telecommunications software. Protecode’s Open Source Software Adoption Process (OSSAP) can be parlayed on an existing development quality development process without replacing or hindering existing practices.