Why you need to evaluate sustainability

When you’re considering free and open source software, whether for procurement or as a basis for developing new software, you need to take account of sustainability. This means evaluating whether the project is capable of delivering improvements and fixing problems with its products in a timely manner, and that the project itself has a reasonable prospect of continuing into the future.

We’ve posted on this subject many times here at OSS Watch, but this graphic from the folks at Black Duck is a good visual reminder of why this is important:

Pie chart showing project demographics

Source: Ohloh project demographics, via Open Source Delivers blog

 

This shows that a whopping 61.9% of FOSS projects tracked by Ohloh are considered “inactive”, while a further 28.4% have “very low” activity. Only 0.7% and 0.4% are rated as having “High” or “Very High” activity.

As a caveat, its worth noting that Ohloh doesn’t track all project activity, so its possible that there are some false negatives. Also, some projects have low activity because they are highly stable and mature. Its also pretty open to debate what constitutes “low” or “high” activity.

However, in general I think this is useful to highlight the importance of sustainability when considering FOSS.

For more information on how to go about evaluating sustainability, read our briefing note, How To Evaluate The Sustainability Of An Open Source Project.

Open source in education: where does the change need to happen?

In our recent survey on free and open source software in the UK education sectors, we asked colleges and universities for their main reasons for not selecting an open source solution according to 12 criteria. Below you can see how important each of the criteria were rated for software running on servers:

Interoperability and migration problems 80
Lack of support 71
Poor quality software 60
Not what users want 51
Lack of staff expertise, training needs 49
There is no open source solution for our needs 43
Legal issues including licensing 30
Time costs of identifying relevant software 29
Migration costs 25
Existing contractual obligations 18
Poor documentation 15
Solution does not scale 14

The question I’d like to pose today is – if we were to consider these as representing the barriers to greater adoption of free and open source software in education, are the barriers to be found within institutions, or are there issues with the available supply of software and services to the sectors?

To answer this I’ve split the criteria into two groups – supply-side and demand-side. Lets look at the supply-side first of all.

Supply Side Factors

Supply-side factors

Three of the top four criteria are supply-side considerations: lack of support, poor quality software, and not offering what users want.

We could also consider “There is no open source solution for our needs” as being largely the same thing as not offering what users want, which would place it as the top concern.

This would imply that, from the perspective of colleges and universities, the open source software community just isn’t offering the kind of software products the sectors need.

From our experience in compiling the Open Source Options for Education list, this would seem a bit curious. Perhaps the issue is one of awareness and marketing? Or are there significant niches in education where there really are no open source options? We also know that the procurement processes in many institutions would likely exclude open source from consideration – is this also a factor in this lack of awareness?

The second major issue on the supply side would then be the provision of services and support. As we’ve seen in the public sector, having commercial partners is a crucial factor in getting solutions adopted. (There is a chicken-and-egg issue here is that there has to be adoption to support a services market, but lack of services hampers adoption.)

Finally there is the quality issue – are open source solutions aimed at education really poor quality? Or is it that the kinds of solutions being considered are not mature?

Now lets look at the demand side.

Demand Side Factors

Demand side factors

The top issue is interoperability and migration problems – if we also add in the respondents who considered migration costs, then it is by far the most cited reason why open source isn’t selected.

We’ve noted before that there is no simple relationship between open source, open standards, and interoperability; while in principle open source affords the adoption of open standards and greater interoperability, the practice is a lot less clear cut.

However, what we haven’t untangled here is whether the issue is with open source options lacking interoperability features or standards compliance, or whether the issue lies with the incumbent systems they would replace.

The next ranked issue is lack of staff expertise; again we haven’t untangled whether this is a lack of expertise amongst the potential users of the software, the IT operations staff, or the staff involved in the procurement so its hard to interpret precisely. Given the question relates to server software it could be any of these groups.

It may also be the case that this issue goes hand-in-glove with that of lack of support from the supply side; often for server-side software the complexity of configuration and operations can be overcome by contracting a supplier to deal with it on your behalf. For  open source options, if there are no suppliers of services available then its up to the institution’s staff to figure it out.

Finally, the rest of the issues here fall under the category of contractual, legal and procedural issues with procurement itself. While each individual item is not ranked highly, taken together they suggest there are significant barriers still in place in procurement. This is something we’ve been looking into recently in more depth, for example in our Decision Factors for Procurement briefing.

Conclusions?

Taken altogether, the demand side and supply side issues of open source adoption in education carry pretty much equal weight from the viewpoint of the institutions themselves. But what are we to make of it?

I think we can distill it into five challenges:

1. We need to tackle the interoperability question. Is lock-in a problem? Is lack of standards a problem? This is something our friends at CETIS could take a lead on.

2. We need to improve awareness of existing open source solutions available within the sector;  lists like our Open Source Options for Education are useful here, but projects also need to be more proactive in raising awareness, and may need a higher profile at events such as the UCISA and ALT conferences.

3. Institutions need to improve software procurement processes so that they can consider open source solutions effectively and equally with closed source.

4. We need to build up the open source services market for education. ULCC have been very effective with their Moodle hosting, but companies supporting other major open source software solutions don’t seem to have much of a presence in the education sector. (As I mentioned earlier though, this is a bit of a chicken-and-egg problem)

5. Bootstrap projects in areas where there are no existing open source solutions. Of course there are well known problems with funded projects, but there are alternative approaches, for example the Jisc Co-Design programme could play a role here.

Open Source Options for Education updated

We’ve just updated our Open Source Options for Education list, providing a list of alternatives to common proprietary software used in schools, colleges and universities.  Most of the software we list is provided by the academic and open source communities via our publicly editable version.  Some new software we’ve added in this update includes:

SageMath

SageMath is a package made from over 100 open source components including R and Python with the goal of creating “a viable free open source alternative to Magma, Maple, Mathematica and Matlab.”  Supported by the University of Washington, the project is currently trialling SageMath Cloud, a hosted service allowing instant access to the suite of SageMath tools with no setup required.

R and R Commander

R is the go-to language for open source statistical analysis, and R Commander provides a graphical interface to make running R commands easier. Steven Muegge got in touch to let us know that he uses the two projects for teaching graduate research methods at Carleton University. Thanks, Steven!

Gibbon

Gibbon is a management system combining features of a VLE (such as resource sharing, activities and markbooks) and MIS systems (such as attendance, timetables, and student information).  The system was developed by the International College of Hong Kong.  Thanks to Ross Parker for letting us know about Gibbon.

OwnCloud Documents

The recent release of OwnCloud 6 includes a new tool called OwnCloud Documents allowing real-time collaboration on text documents. Collaborators can be other users on the Owncloud system, or anonymous users with the link from the author.  With support for LDAP and Active Directory, could this represent a viable alternative to Google Docs for privacy-conscious institutions?

Open source policies in UK universities and colleges – what’s changed over the past 10 years?

As a result of the OSS Watch National Software Survey, we now have 10 years of survey data on open source in universities and colleges in the UK, so we can look at some long term trends. Today I’ve been looking at institutional IT policies.

Back in 2003, most IT policies in colleges and universities in the UK didn’t mention open source at all, while today that position is reversed.

We’ve also seen the demise of policies that prohibit open source; while at the same time policies that state a preference for open source also seem to be on the way out.

policies

So, are universities and colleges moving towards a “level playing field” approach to open source and setting “equal consideration” policies? Perhaps; though IT policies are only a part of that equation.

We also have survey data from 2008-2013 for what types of software are being considered for procurement and deployment in practice:

effects

So, equal consideration of open source software is on the increase, but there is still a long way to go; and if the rate of change over the past five years is anything to go by, we’ll never get there!

Perhaps what we’re seeing is a lag between changes in policy filtering through into changes to processes and practices – or perhaps its not filtering through at all.

For more information on open source policies and procurement processes, read our briefing note Decision factors for open source software procurement.

The full results of the 2013 OSS Watch National Software Survey will be published in January

Is Open Source Insecure?

tl;dr: Open Source is inherently no more or less secure than closed source software.

banksy stencil with security camera

For a more thorough answer to this question, we’ve just updated our briefing note, “Is Open Source Software Insecure? An Introduction To The Issues” where we look at some of the ways in which software is considered secure, and look at some of the common claims both for and against the security of Free & Open Source Software.

On the whole there are no significant differences in security between closed and open source software as a category. The key differences are between individual products, and the governance processes around security – something which applies to both closed and open source software.

Claims that Open Source is inherently insecure – or, conversely, that it is inherently more secure – are unfounded and should be challenged, particularly in the process of selecting and procuring software. Accepting such a generalisation may actually be increasing security risks for the organisation, by excluding the most fit-for-purpose solutions from consideration.

Photo by nolifebeforecoffee of a stencil by banksy.

Leveling the playing field for open source in education and public sector

Last week I presented at ALT-C in Nottingham on the topic of open source in education and the public sector.

This was partly to invite people to participate in Open Source Options for Education, and partly to open up discussions around software procurement policies and processes in the sector.

The discussion tended to confirm our survey findings that the practice of procurement including open source options varies a lot within institutions, resulting in different biases (both for and against FOSS). So the degree to which FOSS is considered for procurement in education can be quite different depending on who you’re dealing with. To get a more balanced approach to closed and open source software would therefore require engagement with all of the different groups engaged in software procurement to develop their understanding and practices.

Here’s the slides:


OSS Watch joins G-Cloud

OSS Watch has been awarded a place on G-Cloud, the UK Government cloud procurement initiative, and will be making a range of services available through the CloudStore.

Government Procurement Service Supplier logo

The UK Government has been working to make the purchasing of public sector ICT as simple and transparent as possible. All services listed on the CloudStore are part of the G-Cloud framework and so immediately available for the public sector to procure and use.

This means that the public sector can now procure OSS Watch services quickly, easily and cheaply through the Cloudstore. This includes our full range of consultancy services, available under “Lot 4: Specialist Cloud Services”.

For the past 10 years, OSS Watch has provided independent, non-advocacy information and consultancy on all aspects of Open Source for the UK education sector, and we’re excited to be able to offer our services and expertise direct to the public sector for the first time.

For more information, see the G-Cloud information page on our website, or contact us at info@oss-watch.ac.uk.

Open Source and Open Standards key to future of public sector IT

Last week Open Source, Open Standards 2013 took place in London, an event focussed on the public sector. Naturally these being two topics we’re very keen on here at OSS Watch I went along too.

Overall the key message to take away from the event was just how central to public sector IT strategy these two themes have become, and also how policy is being rapidly turned into practice, everywhere from the NHS to local government.

Tariq Rashid, the Open Source policy lead for the UK Government, spoke of the need for IT to be focussed on user needs, and to deliver sustained value, by moving from “special” software procured for the public sector, to services delivered using commodified IT.

Even where services are unique to the public sector, Rashid and other speakers at the event made the case that most elements of such services can be delivered by building on commodified IT. For example, the open source CMS Drupal is used for delivering increasing numbers of public sector IT services, and the Government Digital Service builds its services from open source components.

The two strategies of Open Source and Open Standards are necessary as they create the ‘competitive tension’ needed to drive down cost and improve sustainability.

Mark Bohannon of Red Hat gave an overview of the global landscape of Open Source in government, in the US and UK, and identified the UK policies as being particularly forward looking. Mark positioned Cloud and Big Data as two key areas where Open Source and Open Standards were critical, calling out OpenStack and Hadoop as particular cases, and also provided some great case studies on open source from the military and from space exploration.

Mark made the point that Open Source and Open Standards underpin a more fundamental change in IT, away from big IT projects towards IT that is agile, modular and responsive to user needs.

Ian Levy of CESG dispelled some myths around security and Open Source (“If anyone in UK government says CESG has banned open source send their name to me and I’ll have them killed”) and made the case for a common sense approach to security, whether the software or service is open source or closed source.

Mark Taylor from Sirius has long been an advocate for open source in the public sector, and it was good to be at a point where the message has been heeded! He began with a nice Schopenhauer quote:

All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident.

In the talk he provided lots of practical advice for public sector organisations on putting Open Source into practice, which include calling on those writing tenders to focus on user needs instead of naming technology solutions. Mark also gave a workshop later in the day where he continued this theme, expanding on how public sector organisations and companies had made transitions to open source. Its not very easy to summarise here in a post, but I found the information very practical and useful; for example, when transitioning IT, to start with the systems furthest away from users, such as backend services and infrastructure, to avoid sparking the usual neophobia when you change technologies for users.

Inderjit Singh gave an overview of the NHS standards-based approach to IT, with some nice background on which approaches had been tried and where the current strategy is going. The current approach has been to use a programme of change projects involving SMEs that have engaged 40 new suppliers, and which is accelerating the take up of the standards.

Singh asserted that standards and fundamental for enabling an open architecture, and that open source and open standards go hand in hand in delivering value for users.

After some workshop sessions, we had Alasdair Mangham from the London borough of Camden giving us a look into how they’ve been building services using open source software in collaboration with SMEs. This involved a major shift in contracting – rather than write an huge set of requirements in a tender document, they disaggregated the project and bought in specialist capabilities (in usability, service design, SOA etc) as needed in smaller chunks of time using an agile process.

Graham Mellin gave an overview of the Met Office’s new space weather system built using open standards and using open source software; for their own specialist systems they decided to go down the route of making it Open Source rather than the private partner sharing route as result of an exploitation planning process.

I met with a lot of people at the event, from suppliers, local government, NHS and national government departments, and it was good to get a sense of how the public sector is moving – whatever the pace in individual areas – towards this vision of more affordable, sustainable and user focussed IT, and better utilising the capabilities of UK SMEs and startups.

We pointed out recently in our post in the Guardian, Higher Education in particular is in a strong position in this area as a result of past investments in Open Source and Open Standards, and we now need to think about how we take that forwards.

As Mark Taylor pointed out in his talk, the public sector accounts for over half of IT spend in the UK – and we can choose to either unite and use that market power to shape the future, or be divided up and conquered.

Open Source meets Open Standards

OSS Watch Briefing Paper: Open Standards and Open Source

Open source software and open standards are two of the key interventions in technology policy, whether that policy is made by governments, public sector organisations, or companies.

Open standards can ensure interoperability and assist portability, allowing the switching of solutions and avoiding vendor lock-in. Standards can also help to create new markets, and can also encourage innovation within markets by imposing useful constraints.

Open source software offers benefits of greater flexibility and the potential for reduced development costs and better software quality through collaboration and reuse.

Together, open source and open standards provide the basis for solutions that offer interoperability, cost reduction, and flexibility; no wonder they are seen as such a powerful tool for technology policy!

However, whats often less clear is how the two interact in practice. There is, for example, a fairly widely-held view that open source software is somehow inherently more likely to support open standards. However, in practice this is not necessarily the case, and there are a number of barriers that can actually make it less likely for open source projects to implement standards than their closed-source counterparts.

Open source and open standards should complement one another - but can also counteract each others benefits if policies are developed without paying attention to the way they interact

For example, implementation of a standard requires access to documentation; in many cases this involves payment for access, or paid membership of a consortium – something that open source projects may have difficulty with unless a benefactor or sponsor does this  on their behalf. Also, if a project wishes to publicly claim that it implements a standard, this may involve a formal conformance process requiring paying fees for testing and accreditation.

So for policy makers and CIOs, the selection of standards, and the standards setting organisations they originate from, can have a significant impact on the availability of open source solutions to meet their requirements.

Mandating standards that involve patent licensing fees, mandatory expensive conformance testing and assurance, and restricted access to documentation will exclude many potential solutions and providers. This will have the impact of increasing costs, and potentially eliminating the benefits of standardisation altogether if organisations have little practical prospect of switching suppliers.

Conversely, if standards are selected that provide a low barrier to entry to open source then this can be good not just for individual solution procurement, but for interoperability as a whole.Unlike closed-source solutions, with open source it is possible to inspect the implementation of standards and to conduct independent interoperability and conformance testing rather than rely principally on vendor claims. The presence of open source implementations can also influence uptake of a standard; either by making open source libraries available for use within other products, or by providing a good target for interoperability testing for other entrants.

Open source and open standards are key components in technology policy; but its important to know how they can work together – and potentially work against each other.

A new OSS Watch briefing paper provides an overview of the main issues facing implementation of standards for open source projects and developers; for more information see Open Standards and Open Source.