Comments on: Forrester survey discovers that virtually no one uses open source (?!?)

Forrester has new research suggesting that absolutely no one is using open source. The problem with this conclusion is that it contradicts all other available evidence.

[jimmyed2000]

Matt, it all depends on who takes the survey.

If it is IT guys: they know that open source is being used all over the place and will give you the `truth` about usage of open source.

If it is CIOs: they are often blind to the adoption of open source within their own company, Sun's Schwartz has blogged about at least on example of this. I have also heard of a CIO who thought that his company was getting Tomcat from the 'Apache Company' and was surprised to learn that there was none. CIOs are also more risk adverse and less educated about open source.

It also depends on how you ask the question. If you ask me if expanding my investment in video games for the Wii is a priority for me my answer is no. If you ask me if I expect my investment in video games for the Wii to increase my answer is yes. Its not a priority for me, but I see it as inevitable.

From these results I would predict that the decision-makers taking this survey were mainly CIOs. If this is the case Forrester?s mistake is in surveying the weak link in the open source adoption chain. I say that CIOs are the weak link because they are less educated about open source than the IT community, they are largely unaware how deep and wide open source adoption already is within their organization. They think that they should be making decisions about the adoption of open source but don't realize they are too late. They need to be doing audits and putting governance in place. Otherwise the 'C' in CIO is more likely to mean 'Canute' than 'Chief'.

Forrester's report does highlight a perception issue that open source has amongst certain communities. This provides open source advocates a clear target to shoot at. Upon hearing about Bernard Golden?s upcoming report at OSCON on Open Source in the Enterprise someone asked me if I thought this was old news, generally accepted already, and not worth reporting on. Forrester?s survey show that open source advocates need more facts and reports at their disposal. I am looking forward to his report although none of the people who really need to hear it (CIOs) are likely to be at OSCON.

James Dixon

[TimBowden]

I'd have to agree with James here. My experience is that open source goes from the middle up. Tech level staff will often be quite up to date about the state of open source, and be happy to use it where needed. Senior management often have no idea. Once they are told there is a solution to a business problem and they don't need to pony up buckets of cash, the issue often disappears from their radar. It is only later that they tend to find out about how much foss they are using across the enterprise, and from all reports it often gives them quite a shock. Still, I think the message is slowly getting further up the chain than ever before. Believe it or not, but one of the driving forces seems to be Ubuntu. As the poster child of desktop linux, it seems to have begun driving awareness and acceptance of open source sideways beyond the traditional IT geek savvy crowd. Another more important driver may well turn out to be the ultra mobile PC sector with offerings such as the Eee PC. In this segment it's leaving winXP to eat Linux dust. This is a route to putting the open source question on senior managements desks (literaly) without waiting for the message to percolate up from the tech ranks. It will be interesting to see how this plays out over the next few years.

Tim Bowden

[Savio.Rodrigues]

Matt, I think you should look at the 2 questions they asked respondents ALREADY using opens source like Hibernate or PHP. Nearly 50% of these respondents said, "nope, we're not using OSS". See: http://weblog.infoworld.com/openresource/archives/2008/06/forrester_surve.html

So, this is a perception problem. CIOs (i.e. the likely candidates who responded to the survey) don't know what is being used in their shops.

Don't believe the hype about OSS being "more secure". Yes, having the source available means more eyes can scour the source code for potential holes. However, the leap of faith you must take is that there *are* eyes scouring the code. 99.9999% of the time the source code isn't even downloaded. Also, no two projects are the same, so just because Linux is "secure", doesn't mean all OSS will magically be. There is no magic but for great developers with great experience to draw upon. Some OSS projects have this in spades, others don't....no different for commercial software though.

[Savio.Rodrigues]

also....

The results are what they are. Some CIOS don't know they're using OSS.

OSS vendors will have to convince these CIOs before the check gets signed. It doesn't surprise me that CIOs aren't wholly aware of what their developers (or managers) are using. We experienced this in spades during the early days of Linux.

Instead of dismissing the results, I think it would be more productive to think about ways to educate CIOs that they are in fact using OSS and should get support (like their colleagues who knowingly use OSS said they do -- support is #2 on the list of concerns).

[Matt Asay]

@savio. I don't across-the-board buy the "security through transparency" argument - it really depends on each project and how security response works. But I can tell you from personal experience that for those enterprises that do want to muck in the code (and there are far more than we normally think), they *love* having access to the code to be able to make changes well before their vendors get around to doing so, including on the security side.

[jeffreyhammond]

Hi guys,

As the author of the report I feel compelled to jump in here. To be clear the data is part of an annual independent survey that we field very year to enterprise IT decision makers. I want to stress that I am simply presenting the data from questions as responded to by survey participants. Had I been influenced by some ill will against open source I would have simply presented the initial data from the participants and let it stand. I think if you look at the follow up charts I present there is an alternate conclusion, which is that it looks like IT decision makers DO NOT REALIZE that in many case their developers are using open source languages, frameworks and products. They know Swing but not the license - they know PHP but not the license. This is why I put the data about open source languages and framework use in- to highlight the lack of awareness that decision makers seem to have when it comes to what open source products are already in use in their organizations. I think that open source has a perception and awareness problem, but not necessarily an adoption one - but we'll need to do some follow up work to be sure. Note in my "what is means" section I specifically state: "Decision-makers aren?t aware of their use of open source wrapped in commercial products from IBM, Novell, and Sun." and "Open source frameworks such as Spring and languages such as PHP are better known by name than license model." This quantitative research backs up what I see anecdotally- that many IT decision makers are only beginning to realize that developers have already brought significant amounts of open source in house and are happily using it. Other surveys I have recently done with developers and software architects suggest that even at this late date as many as one out of three organizations (many of them Microsoft shops) still do not have an official corporate policy in place with respect to use of open source.

You can certianly dispute the findings - and my interpretations of them, but I assure you the data was not tampered with or influenced in any way.

Thanks,

Jeffrey