Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
Open Source's Deep-Seated Conflict
Heartbleed showed that it doesn't matter whether open source projects can patch bugs faster. The real issue is whether they can generate enough revenue to stay alive.
1 Min Read
Despite the rivers of ink that have flowed regarding the recent Heartbleed vulnerability, I believe the developer community has not addressed the right problem. Developers have fixated on a debate about one of open source's most touted advantages: With many eyes looking at the code, is open source able to correct bugs faster than closed-source projects?
But this discussion misses the central issue, which in my view is not technical, but monetary. The OpenSSL team, whose project was the home for the Heartbleed vulnerability, discussed with remarkable candor how much the lack of funding from the product's users has limited their development work and, by extension, their ability to find and remediate such defects. It turns out that major users of OpenSSL, such as Cisco and Google, among others, had incorporated the software into the important products, but sent little or no funds to the developers.
Faced with this embarrassing revelation, the companies quickly got together, pooled some money, and assembled a committee that agreed to dispense funds to worthy projects, starting with OpenSSL. This is a hurried patch -- one that will temporarily relieve the problem, but not address its root cause.
The root cause is a fundamental conflict at the heart of open source: the opposing forces of building community vs. deriving a sustainable level of revenue from an open source project.
Read the rest of this story on Dr. Dobbs.
About the Author
You May Also Like
More Insights
