CIOs Must Bleed Open Source

By Samuel Greengard

The widespread havoc caused by the Heartbleed bug over the last several weeks may have some questioning the validity and viability of using open source code in the enterprise. Over the last few years, the trickle of open source users has turned into a torrent. Various studies indicate that the percentage hovers above 85 percent in non-technical industries and much higher at tech firms.

Still, there’s a persistent view that open source comes at a cost as it bypasses the controls that an individual company or vendor might have in place. However, the problem with placing OpenSSL or any other open source initiative in front of a firing squad is that it makes the assumption bugs and vulnerabilities would occur less often and be less nasty in a proprietary world.

Microsoft, Apple and others have proven that concept wrong time and time again. These days, a lot of commercial software is one big Patchalooza. Open source potentially improves quality and security because more minds can hammer away at the task of writing code, more white hats can probe the code for security flaws, and more geeks can congregate to quickly fix a bug or problem.

Interestingly, the motivation for using open source is changing rapidly. For many organizations, it’s less about inexpensive commodity code and more about leading edge innovation. Half of the senior executives surveyed by Black Duck Software for its annual Future of Open Source Survey indicated that they achieve a competitive advantage through the use of open source. The hottest areas: cloud and virtualization initiatives, content management, mobile tools, and security.

To be sure, there’s a growing consensus that the open source model—and the collaboration associated with it—spurs a level of innovation that otherwise isn’t possible.

The problem? Many of the people who volunteer to write code for open source projects say involvement is fairly limited. Also, politics and squabbles can rear their ugly heads, as a recent Linux Foundation report points out.

So, before you condemn Heartbleed, consider that open source is here to stay—and the more that companies and individuals devote resources to open source initiatives, the better off they will be, and the fewer problems everyone will face. Your job as a CIO should be to support these initiatives and work toward making open source an even better business and IT model.

About the Author

Samuel Greengard is a contributing writer for CIO Insight. To read his previous CIO Insight blog post, “Why Gamification Matters,” click here.