The use of open-source software programmes lowers the cost of IT, but it is also a major source of security vulnerability

Javed Tapia, Director (India), Red Hat

The current enthusiasm in India regarding open-source software is past the "Linux advocacy" stage. What sets open-source software apart from proprietary operating systems is that it is generally taken to mean "free". But it is much more than that.

It means that the source code is available to all for modification, customisation, and improvement. Free not only in terms of cost, but also in freedom of choice. The use of open-source software programs lowers the cost of IT in more ways than one.

The first advantage of open-source software is the upfront price. A single fully-supported package costs less than any proprietary alternatives.

Secondly, since Linux is under a general public licensing model, it can be installed on many computers without any restrictions.

Thirdly, a typical Linux CD contains not only the operating system, but also a large variety of other software products. Thus, without buying or downloading anything else, the user has a simple office suite, all the software needed for Internet access, advanced networking capabilities and so on.

Fourthly, whenever the proprietary standards are established, the necessity to follow them is given. Even in an open tender acquisition system, this requirement for compatibility with proprietary standards makes the system biased towards specific software vendors, perpetuating dependency.

This dependency is perpetuated for two reasons: first, software owners have to upgrade the software, even if there is no internal reason in doing so. Otherwise they risk facing a situation where their programs cannot process documents and files created by newer versions of the same product.

The second coercion to upgrade evolving from this dependency is the ending of support for "older" versions. This situation thus has major consequences for the cost side of IT management.

Additionally, for the costs for new licences and update implementation, software users constantly have to be trained in new program versions, irrespective of their needs.

Given that a particular system is working with proprietary standards, migration to another reliable and interoperable technology requires much effort and a high cost.

This is due to the hurdles created by the proprietary vendor in making such migration difficult both in terms of technology and effort.

Through the passage of time the proprietary software vendor does not fear competition, since the client has to take its product irrespective of any choice.

A typical monopoly situation evolves in which the vendor dictates prices, conditions and quality. Open-source technologies offer no proprietary lock-in to any one vendor.

The main apprehension towards open-source and Linux adoption is: is it really free? While it is possible to download Linux for free, make copies of the downloads and distribute them freely, this option includes no support from the supplier, although one can always make use of peer support groups and self-proclaimed gurus.

To benefit from professional telephone or email support from the suppliers, one has to buy the operating system. This option normally includes more software than the free version, printed manuals, days of support and software provided ready on CDs.

The migration to open-source software will lead to lower life-cycle costs. Service, support and maintenance can now be contracted out to suppliers being placed in the competitive environment of a functioning marketplace.

The cost of the service-oriented model of open-source has a positive fallout on the domestic economy through generation of local employment, spurring of local investment and ensuring local technological upgradation.

Finally, open-source software is by nature almost automatically the source de facto standard for any number of protocols or systems both historically and for those developed today.

Having a large base of open-source development helps a region's enterprise and government involve themselves in the standardization process and incorporating cultural factors into the process. So the question is, why should anyone and especially governments use proprietary software?

Shailendra Kumar, Group manager (e-governance), Microsoft Corporation India

As pioneers in the e-governance space in India, we have been working with the various departments of the central and state governments and public sector organisations for the last 13 years.

We recommend that every government department must weigh five basic considerations when evaluating software, which are:

Total cost of ownership: The common perception is that an operating system that is free will also cost less to maintain and operate. However, for most open-source software additional costs cover training, services and support. This implies that in the final analysis, the summary of acquisition costs, application server software, management add-ons, deployment time and support costs in total exceed that of any commercial solution.

Studies show that open-source software can have a higher TCO compared to proprietary offerings.

Transparency: For governments, transparency of software implies access to a software program's source code. In sync with this requirement, we ensure that select government customers can view the code by providing Microsoft Windows in a shared-source code form.

By providing the source code to inspection, governments can examine the code to verify that it performs as advertised and contains no hidden features. Making technology transparent is no panacea.

Most people are trained to understand technical software information in the form of a source code. Traditional forms of product support and basic functionality, therefore, are more important to government customers than source code availability.

Security: In the context of government and e-government networks where several departments, citizens' communities and partners are accessing the same information, security becomes imperative.

In this context, critical parameters like the Common Criteria Certification, an internationally-recognised programme to evaluate software security, become important. Microsoft Windows conforms to this certification unlike open-source programs, which have not undergone any rigorous security evaluation.

Additionally, security vulnerabilities in open-source software, which often go unnoticed with the limited scenarios that actually deploy open-source software, also often remain unaddressed for long periods of time because there is no central organisation driving development.

Evaluating open-source software for security is a complex proposition.

Open-source software is now a major source of security vulnerabilities. The Computer Emergency Response Team reported that open-source and Linux software accounted for 16 out of 29 security advisories for the first 10 months of 2002, whereas Microsoft accounted for seven of these 29 advisories.

Choice and compatibility: Today, governments typically want software that works with a wide range of hardware devices and which can communicate with other software applications.

An important consideration when choosing an operating system is its ability to inter-operate with stand-alone in-house systems. Microsoft has close to 22,000 readily available applications today on the Microsoft platform -- something that can't be challenged by any other software alternative.

Innovation roadmap: Information about a vendor's technology is very important to government decision-makers who need to anticipate and plan ahead for future computing needs. It is imperative that the innovation roadmap be predictable and driven by customer needs and not by the personal fancy of a handful of developers.

Because open-source software has no clearly defined central planning organisation that sets the direction of the operating system kernel, it is more difficult to know the capabilities that will be available in the near future as well as the long-term.