This document provides an overview of open source software including its definition, history, freedoms, development model, licenses, security considerations, and advantages/disadvantages. Open source software gives users the freedom to use, modify, and share the software. It originated in the 1980s with Richard Stallman's GNU project. There are various business models for open source including support/services. Popular licenses include the GPL, MPL, Apache, and BSD licenses which have different terms regarding modifications and redistribution. While open source is not inherently more secure, its transparency and community review can improve security.
3. Open Source By 2011, 80% of all commercial software will contain open source code.
4. DEFINITION Open Source Software / Free Software (OSS/FS) programs have licenses giving users the freedom: -to run the program for any purpose, -to study and modify the program, and -to freely redistribute copies of either the original or modified program Not non-commercial, not necessarily no-charge Often supported via commercial companies Synonyms: Libre software, FLOS, FLOSS Antonyms: proprietary software, closed software
5. HISTORY In 1983, Richard Stallman, longtimemember of the hacker community at the MIT Artificial Intelligence Laboratory, announced the GNU project, saying that he had become frustrated with the effects of the change in culture of the computer industry and its users. Software development for the GNU operating system began in January 1984, and the Free Software Foundation(FSF) was founded in October 1985. He developed a free software definition and the concept of "copyleft “, designed to ensure software freedom for all.
6. FREEDOM Freedom 1: The freedom to study how the program works, and change it to make it do what you wish Freedom 3: The freedom to improve the program, and release your improvements (and modified versions in general) to the public, so that the whole community benefits Freedom 2: The freedom to redistribute copies so you can help your neighbor Freedom 0: The freedom to run the program for any purpose
7. Open source definition -free distribution -source code -derived works -integrity of author’s code -no discrimination among the persons and group -no discrimination against felid of endeavor -distribution of license -license must not be specific to a product -license must not restrict other software -license must be technology neutral.
15. OSS/FS users typically pay for training & support (competed)
16.
17. OSS vs. Proprietary Process/code openness means more & different sources of evaluation information for COTS OSS Bug databases, mailing list discussions, … Anyone (inc. you) can evaluate in detail See http: //www.dwheeler.com/oss_fs_eval.html Proprietary=pay/use, OSS=pay/improvement In OSS, pay can be time and/or money Support can be competed & changed OSS vendors, government support contracts, self OSS can be modified & redistributed New option, but need to know when to modify Forking usually fails; generally work with community
18. Business Models The revenue model: Value creation: definition of the offer generating the highest willingness to pay. Capture of the value created through: The sale of rights (sale of patents, licenses or even client files). The sale of products. The sale of services. The cost structure: Definition according to the cost categories (raw materials, marketing, R&D, administrative) and their types (fixed or variable). Identification of the company’s specific skills which give a competitive advantage. Determination of the capital sources.
19. Typology of different business models The services or indirect valorisation model The value added distribution model Buisness model The double license or commercial open source license model The mutualization model
21. The GNU “General Public License” (GPL) No standard open source license, but GPL most widely used (roughly 85% of open source software); Terms include: User freedom to distribute and/or modify; Requirement that original and modified source code be always made available to the world under the terms of the original license; Must retain copyright notices and warranty disclaimers; Does not include grant of patent licenses;
22. The Mozilla Public License Developed by Netscape for the Mozilla browser Terms include: Very similar to the GPL but, Can charge royalties for modified versions; Can include source code within larger works licensed under different license types, thus license does not ‘infect’ all downstream projects; Must retain copyright notices and warranty disclaimers; May provide additional warranties to downstream users but may have to indemnify original developer for any claims arising as a result; Includes grant patent licenses
23. The IBM Public License Terms include: User freedom to distribute and/or modify; No requirement for source code availability in downstream distribution; The program can be distributed in executable form thus allowing downstream users to develop, sell, and install customized software packages without having to make all customizations available to the world; Must retain all copyright notices and warranty disclaimers; Includes grant of patent licenses.
24. The Apache Software License Governs the Apache web-server software. Terms include: User freedom to distribute and/or modify; No requirement for source code to be made available to the world in downstream distribution; Must retain all copyright notices and warranty disclaimers;
25. The FreeBSD License Unrestrictive license: Only requires preservation of copyright notices and warranty disclaimers
28. SECURITY - Neither OSS nor proprietary are always more secure Many specific OSS programs are significantly more secure; see quantitative studies “Why…” at http://www.dwheeler.com OSS advantage: Open design principle Saltzer& Schroeder [1974/1975], “Protection mechanism must not depend on attacker ignorance” Hiding source code doesn’t impede attacks “Security by Obscurity” requires real secret-keeping: can’t give access to source code, executable program, or website Attackers can modify OSS and proprietary software Trick is to get that modified version into supply chain OSS: subverting/misleading/becoming the trusted developers or trusted repository/distribution, and none notice attack later OSS security requirements: Developers/reviewers need security knowledge People have to actually review the code: yes, it really happens! Problems must be fixed, fixes deployed
29. Advantages : open source license PRICE: Generally no or low license fees; Availability of source code coupled with permission to make modifications; Access open source development community, which may be very active with respect to code used. Continuing improvement; outstanding development; More likely to be built to open standards, so interoperable with other open standards systems
30. Disadvantages: open source license No indemnification; if a third party claims that licensee is using code that the third party developed, the licensee has no one to pay his legal fees and damage award (SCO v. IBM); No maintenance and support (unless purchased separately); No warranties regarding media, viruses, and performance; Staff must be open source savvy; License terms are NOT standard: thus important to pay close attention to terms.