Working with Open Source Software Vendors

IBM executive Bob Sutor had a message for attendees at the Open Source Business Conference (OSBC) in San Francisco last week: “Ask the hard questions.”

Sutor, despite himself being an open source software enthusiast (his full title is vice president of Open Source and Linux in IBM’s Software group) said, compared to traditional software vendors, too many companies give open source a pass when it comes to due diligence and scrutiny. And while he said open source has matured quite a bit to where it’s now a proven enterprise asset, that doesn’t mean it should get a rubber-stamp approval.

“Is software good just because it’s open source?” said Sutor. “Just because there are no bugs, that’s not enough … Security, performance and availability concerns do not vanish when you buy open source. Ask the hard questions or you will regret it.”

Sutor ticked off several ideas for making sure that working with an open source software vendor is the right move, starting with the quality of the code. He said some companies may not have the expertise to do a comprehensive evaluation, and if so, they should consider bringing in an independent expert to assess code quality. He also noted that enterprises need to make several other specific checks, not unlike with commercial software vendors, to make sure the investment is appropriate. “Scalability is very important, along with speed and that the software is available on the hardware your company uses or plans to use,” Sutor said.

Another issue is to look at the frequency of software updates. If the updates are coming every six months or more frequently, does that work for your IT staff? Also, who will make the decision to distribute updates? “And, if you customize the software, who is going to tweak it when a new version comes along?” queried Sutor. “It’s good when the software is designed to be extensible.”

He also suggested checking to see what benchmarks are out there for the software you’re considering. “You need to be able compare it head-to-head to other solutions and make sure it matches your requirements,” Sutor said.

One last tip: Check out the documentation. Sutor said the clarity and thoroughness of the documentation can say a lot about the likely care and quality of a piece of software.

IBM’s deep open source involvement

Sutor has addressed the OSBC for several years now, which is not surprising given IBM’s impressive track record around open source. He said IBM first got involved with open source about 12 years ago, which led to its first serious efforts around Linux a decade ago. The company now has hundreds of developers in work that spans more than 150 projects related to Linux. Many of these aren’t high-profile, but are important to keeping widely used open source software stable and growing.

“We do a lot of things you haven’t heard about like libraries in Apache,” he said. “There are hundreds of thousands of open source projects, some are incredible, others aren’t,” he told attendees. “Your definition of what’s ‘good’ is critical.”

David Needle is the West Coast bureau chief at, the news service of <a href=”, the network for technology professionals..