InformationWeek

The paper also drew return fire from those who saw flaws in the open-source bazaar approach. Critics pointed out that the bazaar approach suffered from the same kind of bickering, infighting, and political gamesmanship that has plagued the cathedral builders, with their committees and hierarchy. The critics also noted that much of the support for open source came from people with strong agendas that have little to do with software development, such as the anything-but-Microsoft agenda or an antiprofit viewpoint.

The raucous debate triggered by The Cathedral And The Bazaar probably did much to dampen initial IT enthusiasm for open source, even as open-source products such as Apache, FreeBSD, Linux, Perl, and Sendmail were quietly wending their ways into the business systems infrastructure.

Although nobody at that time seemed ready to bet their core enterprise resource planning system on open source, (SAP, for example, now runs on Linux), IT managers were, often unknowingly, trusting their Web and directory servers and all manner of Internet infrastructure to open-source systems. Even now, misconceptions about open-source systems continue to persist among IT executives. For instance, people mistakenly think that open-source software is the work of high school and college students, Ballard says. In truth, professional system administrators and developers from major global companies who are trying to solve real problems do much of the open-source work.

Some also think that open-source providers are fly-by-night companies that won't last. That's not necessarily so: IBM--not exactly a fly-by-night operation--provides Linux for the S/390.

But even if a vendor goes out of business, users of its open-source software still have the source code, which leaves customers far better off than when proprietary software vendors fold.

Another misconception revolves around security. Open-source contributors are perceived as hackers intent on creating security holes, making open source inherently insecure. On the contrary, the nature of open-source development, by which everyone sees every line of code, goes a long way toward removing security threats. "If somebody sees a security problem, it gets fixed fast by the open-source community, often within hours," Crater says. By comparison, proprietary software products suffer from security holes that the vendor may be reluctant to disclose and slow to fix--Microsoft is an obvious case.

The same can be said about open-source reliability. The open-source process subjects code to the most rigorous code review imaginable--thousands of developers, for instance, review every line of Linux. No proprietary software vendor subjects its code to this level of scrutiny.

If anything, open source is more reliable than any proprietary software on the market, says Jim Johnson, chairman of the Standish Group, a research and consulting firm in West Yarmouth, Mass. Standish Group research shows Linux servers have about 14 hours of downtime per year, amounting to 99.6% uptime during average peak operational periods.

By comparison, Standish found the average Microsoft Enterprise Cluster to have just over 99% uptime or about 30 hours of downtime during the average peak operational period. In terms of actual hours, the Microsoft server cluster will be down more than twice as long as a Linux server.

Standish Group's direct experience with open source confirms what its data revealed. Standish used Microsoft technology to build its corporate Web site, "but the reliability and performance were terrible," Johnson says. Faced with building an important customer decision-support application, Virtual Advisory, it turned completely to open-source products using PHP for development, MySQL as the database, Linux on the server, and Apache as the Web server. Unlike its company Web site, Virtual Advisory has been problem-free. And the technology cost nothing.

"The software not only is free, but the community is supportive," Johnson says. "If you have a question or need support, there are a ton of people out there who'll help you."

The open-source support question, often cited as a major objection, "has become a nonissue," says Nikolai Bezroukov, a systems consultant and a professor at Fairleigh Dickinson University in Madison, N.J.

With IBM, Sun Microsystems, and other major computer companies offering Linux support, IT managers will find contract support options that rival anything a proprietary software vendor can provide. Similarly, companies will find a growing array of open-source apps, from Lutris Technologies' Enhydra application server and Zelerate's E-commerce suite to Sun's Star Office desktop suite.

However, corporate IT departments have some legitimate concerns about open source in general and Linux in particular. "Linux is another Unix, and large enterprises already have a lot of Unix. It will cost them money and effort to add another Unix platform," Bezroukov says.

However, proprietary Unix vendors are adding popular open-source components to their own Unix implementations, blurring the distinction between the two operating environments.

IT also should pay close attention to the open-source license. In general, modifications to open-source code are sent back to the person or company managing the original code base. In addition, there may be constraints on how you can distribute your own products that incorporate open-source code. These license complications make executives and lawyers uncomfortable.

"Corporations aren't very fond of GPL," Bezroukov says. Of all the open-source licenses, he prefers the BSD license because it "permits contributions of corporate developers without imposing any restrictions."

If IT managers can get over their hangups about open source, they can experience the benefits Standish Group found: highly secure, reliable, flexible software at a fraction of the cost of conventional offerings. With ready access to the source code, they no longer have to wait until some vendor decides to make an enhancement that they consider important.

Johnson is convinced this represents the future for an increasingly large proportion of company systems. The only exceptions are those must-not-fail systems too critical to be trusted to Microsoft, Linux, or any general platform, proprietary or open. These, instead, require one of the very high-end, fault-tolerant platforms, such as Compaq's Himalaya. "We now feel more comfortable with Linux than with Microsoft," Johnson says. "But until you've tried open source, you can't know."