DIAGNOSIS OVER NEW VENTURE

OPEN SOURCE SOFTWARE

Open Source

Open SourceIt’s “impossible to avoid”

Open Source

By 2011, 80% of allcommercial software

will contain open source code.

Open Source Software / Free Software (OSS/FS) programs have licenses giving users the freedom:

-to run the program for any purpose,-to study and modify the program, and

-to freely redistribute copies of either the original or modified program

Not non-commercial, not necessarily no-chargeOften supported via commercial companies

Synonyms: Libre software, FLOS, FLOSSAntonyms: proprietary software, closed software

DEFINITION

HISTORYIn 1983, Richard Stallman, longtime member of the hacker community at

the MIT Artificial Intelligence Laboratory, announced the GNU

project, saying that he had become frustrated with the effects of the

change in culture of the computer industry and its users. Software

development for the GNU operating system began in January 1984, and

the Free Software Foundation(FSF) was founded in October 1985. He developed

a free software definition and the concept of "copyleft “, designed to

ensure software freedom for all.

FREEDOM

Freedom 0: The freedom to run the program for any purpose

Freedom 1: The freedom to study how the program works, and change it to make it do what you wish

Freedom 2: The freedom to redistribute copies so you can help your neighbor

Freedom 3: The freedom to improve the program, and release your improvements (and modified versions in general) to the public, so that the whole community benefits

Open source definition

-free distribution-source code-derived works-integrity of author’s code-no discrimination among the persons and group-no discrimination against felid of endeavor-distribution of license-license must not be specific to a product-license must not restrict other software-license must be technology neutral.

Commercial Support

-IBM -SUN-INTEL -NOVELL

-ORACLE -MOTOROLLA-APPLE -HP-DELL -GOOGLE

-YAHOO -MICROSOFT

LIST OF SOME EXAMPLES

-LINUX KERNEL-BSD-GNU/LINUX OPERATING SYSTEM-GNU COMPLIER COLLECTION-C LIBRARY-MY SQL RELATIONAL DATABASE- Apache web server - Sendmail mail transport agent

OSS DEVELOPMENT MODELDEVELOPER

TRUSTED DEVELOPER

TRUSTED REPOSITORY

DISTRIBUTOR

USER

Bug Report

DevelopmentCommunity

Source Code

• OSS/FS users typically use software without paying licensing fees• OSS/FS users typically pay for training & support (competed)• OSS/FS users are responsible for developing new improvements &any evaluations that they need; often cooperate/pay others to do so

Disadvantage of proprietary software

-COST! License fee

Product bundling—example: Microsoft office.Licensee cannot modify or enhance the code;Often not built to open standards, leading to

interoperability problems;Shut off from continuing development and

information sharing in open source community;Some proprietary code is not as good as its open

source counterparts.

OSS vs. Proprietary• Process/code openness means more & different sources of

evaluation information for COTS OSS– Bug databases, mailing list discussions, …– Anyone (inc. you) can evaluate in detail– See http: //www.dwheeler.com/oss_fs_eval.html

• Proprietary=pay/use, OSS=pay/improvement– In OSS, pay can be time and/or money

• Support can be competed & changed– OSS vendors, government support contracts, self

• OSS can be modified & redistributed– New option, but need to know when to modify– Forking usually fails; generally work with community

Business ModelsThe revenue model:

Value creation: definition of the offer generating the highestwillingness to pay.

Capture of the value created through: The sale of rights (sale of patents, licenses or even client files).

The sale of products. The sale of services.

The cost structure: Definition according to the cost categories (raw materials,marketing, R&D, administrative) and their types (fixed or

variable). Identification of the company’s specific skills which give a

competitive advantage. Determination of the capital sources.

Typology of different business models

The services or indirect valorisationmodel

The value addeddistribution model

The double license orcommercial opensource license model

The mutualization model

Buisness model

LIST OF FREE SOFTWARE

LICENSE

The GNU “General Public License” (GPL)

No standard open source license, but GPL most widely used (roughly 85% of open source software);

Terms include:User freedom to distribute and/or modify;

Requirement that original and modified source code be always made available to the world under the terms of the original

license;Must retain copyright notices and warranty disclaimers;

Does not include grant of patent licenses;

The Mozilla Public License

Developed by Netscape for the Mozilla browserTerms include:

Very similar to the GPL but,Can charge royalties for modified versions;

Can include source code within larger works licensed under different license types, thus license does not ‘infect’ all downstream projects;

Must retain copyright notices and warranty disclaimers;May provide additional warranties to downstream users but may have to

indemnify original developer for any claims arising as a result;Includes grant patent licenses

The IBM Public License

Terms include:User freedom to distribute and/or modify;

No requirement for source code availability in downstream distribution;

The program can be distributed in executable form thus allowing downstream users to develop, sell, and install

customized software packages without having to make all customizations available to the world;

Must retain all copyright notices and warranty disclaimers;Includes grant of patent licenses.

The Apache Software License

Governs the Apache web-server software.Terms include:

User freedom to distribute and/or modify;No requirement for source code to be made available to the

world in downstream distribution;Must retain all copyright notices and warranty disclaimers;

The FreeBSD License

Unrestrictive license:

Only requires preservation of copyright notices and

warranty disclaimers

Business / monetization model for the wellknown companies

SECURITY- Neither OSS nor proprietary are always more secure

Many specific OSS programs are significantly more secure; see quantitative studies “Why…” at http://www.dwheeler.com

OSS advantage: Open design principleSaltzer & Schroeder [1974/1975], “Protection mechanism must

not depend on attacker ignorance”Hiding source code doesn’t impede attacks

“Security by Obscurity” requires real secret-keeping: can’t give access to source code, executable program, or websiteAttackers can modify OSS and proprietary softwareTrick is to get that modified version into supply chain

OSS: subverting/misleading/becoming the trusted developers or trusted repository/distribution, and none notice attack later

OSS security requirements:Developers/reviewers need security knowledge

People have to actually review the code: yes, it really happens!Problems must be fixed, fixes deployed

Advantages : open source license

PRICE: Generally no or low license fees;Availability of source code coupled with permission

to make modifications;Access open source development community, which

may be very active with respect to code used. Continuing improvement; outstanding development;

More likely to be built to open standards, so interoperable with other open standards systems

Disadvantages: open source license

No indemnification; if a third party claims that licensee is using code that the third party developed, the licensee

has no one to pay his legal fees and damage award (SCO v. IBM);

No maintenance and support (unless purchased separately);

No warranties regarding media, viruses, and performance;

Staff must be open source savvy;License terms are NOT standard: thus important to pay

close attention to terms.