Not all open source software is equal. What are the key differences, and how do CIOs and CDOs decide what use?

We are living in an open-source world. A recent report shows that 84% of APAC enterprises surveyed found open source to be important to their enterprise infrastructure software strategy.

However, with a variety of licenses directing the use of open source software (e.g. GNU General Public License (GPL), Business Source License (BSL), Berkeley Software Distribution (BSD) etc.), it is clear that not all software created under open source are the same. 

How can CIOs and CDOs approach a decision on which open source software to use? DigiconAsia gathered some insights from Marc Linster, Chief Technology Officer of EDB, an enterprise-class database software that extends PostgreSQL, which is an open-source database management system (OSDBMS).

What are the different types of open source licenses and why do they matter?

Linster: There are a variety of open source licenses and they can be classified under two main categories: virulent (or copyleft) licenses and permissive licenses.

Virulent licenses require any software written under the license, such as the full code, modification, and sometimes integrations to be released as open source, including any derivative works. Examples include GNU General Public License (GPL) and GNU Affero General Public License.

Permissive licenses, have minimal restrictions on how users can use, modify and redistribute software written under this license, and often permit use in proprietary works.  Examples of permissive license include Berkeley Software Distribution (BSD), MIT License, Apache 2.0 license, and PostgreSQL license.

Depending on the terms of the license, a company may be restricted on how they can make use of an open source project, especially when it comes to distributing products based on an open source license.

What are the structures behind open source projects and why should they matter to IT leaders?

Linster: When deciding on which open source software to use, CIOs and CDOs have to consider who is financing and running the open source project, and how they (the CIOs and CDOs) may be affected.

Many open source projects are driven by individual commercial companies. These companies finance the project, do most of the development and manage the roadmap largely by themselves. This means if the company slows down or fails, so does the project, which negatively affects the IT leaders relying on it.

As these companies operate in a competitive open-source market where they also face pressures such as price compressions and free software usage, they may also shift to a more profitable model to survive in the industry.

As such, IT leaders may also encounter sudden changes in cost and licensing when working with such companies. For example, in 2018, MongoDB changed its GNU Affero General Public License to a Server Side Public License, causing controversy within their user community.

IT leaders can avoid these risks, however, by choosing community-driven open source projects that are not financed and controlled by commercial companies. PostgreSQL, an open source database, is one such example:

  • PostgreSQL adopts a permissive license based on the Berkeley Software Distribution (BSD) and there are internal rules that prevent the commercialisation and sole control of the software.
  • PostgreSQL is run by a core team guided by rules that prevent any company from controlling it. The PostgreSQL community also comprises a large circle of contributors from different regions, including volunteers, freelancers and representatives from companies who use the technology and are committed to innovation and independence.

Beyond licenses, what should CIOs and CDOs consider when selecting open source software?

Linster: Is the operating model of the open source community resilient? Is it innovative? Is it flexible? Is it capable of fueling long-term digitalization efforts?

These are some key considerations for a CIO and CDO, especially if they plan to use open source in the long term.

Why do community-driven open source structures form a strong foundation for long-term digital transformation?

Linster: Open source projects like PostgreSQL are run by a community of developers who are motivated to work together to create and improve the software for product development and digital transformation efforts over gaining profits.

Community-driven projects are focused on adding value, resulting in increased levels of innovation and the creation of sustainable software.