There’s a persistent perception that open source software is being ignored in the enterprise, that IT management fears it and it ends up being more costly to deploy than proprietary solutions. That’s certainly the perception that some major software vendors would like you to have. But it’s Jeffrey Hammond’s job to dispel those perceptions, at least when they aren’t accurate. As an analyst for Forrester Research, Hammond covers the world of software development as well as Web 2.0 and rich internet applications, so he sees how open source is being used on a daily basis. He’ll be speaking at OSCON, the O’Reilly Open Source Convention, talking about the true cost of using open source, and he gave us a sample of what’s going on in the enterprise at the moment.

James Turner: To begin, can you just talk about the areas you cover for Forrester?

Jeffrey Hammond: Sure. I’m in the Application Development and Program Management Group at Forrester, which means I write for folks like developers, architects and development managers. And open source is a little bit of an interesting topic for me because it kind of crosses roles. But what we tend to find is that a lot of time it’s developers and maybe development managers that are pulling open source into the enterprise. And that, I think, is why I have it as a research area. But in addition to open source, I also cover Web 2.0. I cover rich internet application development. I cover software change and configuration management and application life cycle management, software modeling, mobile development, IDEs and programming languages. So a pretty wide-variety of development related stuff.

James Turner: There’s obviously a lot of apocrypha and maybe even some downright misinformation about how open source is being used in the enterprise. Can you illuminate things a bit?

Jeffrey Hammond: Sure. You know, it crosses a wide-variety of spectrums. But anyone who tells you that it’s not being used strategically for mission critical applications isn’t talking to the right people, because I see it used that way as well as on individual projects at the departmental level. I’ll give you one example: I have talked with a large organization that’s using multiple open source products and projects and frameworks as the core of it’s reservation systems, and they’re pushing 30,000 transactions a second through what’s essentially an open source infrastructure. So I defy anybody to say that that’s not mission critical. And it certainly contributes revenue to their business. I’ve also talked to organizations that are almost completely open source in their development environment. So all of the software code that they write is being built with open source tools. I think all you have to do is look at the latest data from the Eclipse Community Survey, which they published about three weeks ago, and it’s pretty hard to make the argument that open source adoption is not pervasive and accelerating in the market.

James Turner: What are some of the real success stories you’ve seen with open source in commercial settings?

Jeffrey Hammond: Well, I just mentioned the one about the travel and transport provider, but I’ve seen open source used as the basis for in-store sales systems that are PCI compliant. So that would counter another fallacy that you often hear; you can’t build secure software with open source. And I defy you to find an example of a system which would need a higher level of governance and qualification than something that’s handling credit card data. And, yet, we see organizations successfully deploying software with things like OpenSolaris and networking stacks that are based on open source software. I’ve also seen it used in financial services organizations and by a major airline in Europe, which is using open source at the core of their operating system strategy. And they’re running their SAP installations on top of an open source operating system framework and saving a million dollars simply by doing that.

So the uses are many and varied, but generally, the goal is to save money. That’s where organizations tend to start. And then what tends to happen is the more that they become comfortable with using open source, and the more that they apply it successfully, the more they start to realize that there are benefits other than cost savings that they can take advantage of. And that’s when you start to see them turn from open source opportunists into open source advocates. It’s interesting to watch that transformation happen over a year or a two-year period at a large company. They start looking for opportunities to replace commercial products, things at the app server level, things at the business intelligence level, things in the web content management space. And all of these are opportunities where there are real, credible, open source projects that are used by large organizations successfully.

James Turner: Just to be balanced, what are some of the perils that companies need to watch out for when they start to adopt open source?

Jeffrey Hammond: I’ll tell you: The number one peril that I run into is an overinflated set of expectations. And it usually goes something along the lines of, “Well, we’re going to dramatically reduce our software costs.” And there are some scenarios where that can happen. But in reality, what open source does, especially at the start, is it tends to shift your software costs. So, yes, you’re reducing the capital expenses and expenditures that you are paying for software bits and bytes. But, in most cases, firms that are starting with open source are still buying support contracts from organizations.

If you’re using Spring, you’re buying support from SpringSource. Or if you’re using MySQL, you’re buying support from Sun, or a third party. So support costs don’t necessarily go away. And those costs can parallel what you’d pay for commercial software. The other thing that we tend to see is that sometimes your labor costs go up because, like it or not, using open source tends to mean that you’re implementing a best of breed technology architecture strategy. And that means that somebody’s got to integrate all of the piece-parts. The good news is at least you can integrate the piece parts. And you’ve always got the source if there’s no out-of-the-box integration. But the bad part is that you’ve got to have skilled architects. You have to have skilled developers. And, in general, the more skilled the individual practitioners are, the higher their labor costs are. So we generally do tend to see a little bit of an increase in the overall labor cost component of the total cost model with an organization that adopts open source.

So if you’ve got a lot of processors, and you’ve got a lot of per processor software licensing costs, and you’re ripping those things out, well, the savings in capital costs can make up for the increases in labor costs. But if you’re not a large organization, if you don’t necessarily have a lot of software licensing fees and you don’t have a lot of the existing resources that have talent and skill, it may be a net wash, or even a minus, for your organization. And I think that that’s one of the reasons that we see a little bit of an adoption gap when we look at midsized firms and how many of them are using open source versus firms that are very large and firms that are very small. And it gets back to, I think, Mårten Mickos‘ saying that open source is for people that have more time than money. Very small corporations don’t have the money at all, so by default, they have more time. And very large organizations have the resources and the people, i.e. the time needed, to invest in open source. And they have the opportunity to realize significant savings from the application of it. And that’s why I think we see a U-shaped adoption curve when it comes to open source in the enterprise.

James Turner: There’s a perception that open source developers and projects can be dismissive or even downright hostile toward the corporate world. Do you think this is a fair perception?

Jeffrey Hammond: There’s a certain amount of that going on. But you know what? To some extent, I don’t think the enterprise IT world cares. I mean, they see potentially valuable projects, potentially valuable frameworks. And one of the beauties of the open source licenses is you can’t discriminate by use. So a large bank has every right to use that application framework as a non-profit organization. And so regardless of whether the attitude’s there or not, it certainly doesn’t color the interest or decrease the amount of interest that enterprise organizations have in open source in any way.

James Turner: What are the real sweet spots right now for open source in corporate settings? And where do you think the open source world still needs to improve their coverage?

Jeffrey Hammond: We tend to see adoption from the inside of the IT organization out. So you would expect things like operating systems and the application servers, or HTTP servers, would be very popular. Development tools in particular are an extremely attractive space for open source these days. If you look at the most popular IDEs out there, you’d have to say that Eclipse is certainly there in the Java market. It’s really highly used, and there are other open source Java IDEs and alternatives to that. Again, if you believe the Eclipse Community Survey data, you’ve got three out of four organizations saying that they’re using an open source SCM tool.

I think one of the reasons that we’ve seen such aggressive adoption of development tools is because developers are most comfortable with open source. And the potential liability issues with distributing code outside your own firewall are a little bit lower. So that’s one of the reasons that we’ve seen aggressive adoption in the enterprise there. But we are slowly starting to see interest move up the stack. So I’ll tell you we’re seeing increased interest in open source content management systems and enterprise content management systems. Things like Drupal and now Alfresco. We have an analyst in our organization, Stephen Powers, who’s just been writing in that area. And we’re seeing increased interest in open source BI. There’s really a number of very good solutions out there, you know, Jaspersoft, Pentaho, Spago BI, and Actuate, all build core solutions around open source components that are very interesting to organizations. Traditionally, they have to really think about how they deploy BI because it’s expensive, and it can’t really be widely deployed to lots and lots of users without spending hundreds of thousands or millions of dollars. And the idea of an open source BI model is something that excites a lot of organizations and has got them thinking about what that might do to the way that they deploy business intelligence in their organization. So gradually moving up the stack, but still strongest at the core of the IT organization.

James Turner: This is breaking news today, so I’ll understand if you don’t feel like you can comment on it at this point. But I’ve seen reports that the London Stock Exchange which was, I believe, one of Microsoft’s Get the Truth poster children, is pulling back from their Windows deployment. Does that say anything to you?

Jeffrey Hammond: Well, it’s difficult for me to comment on the reasons or what’s going on there. But we’re going to see these sorts of switches back and forth. And you could argue that running open source on Microsoft platforms is also a very interesting way to go. I wrote recently about what Microsoft’s done with their Web PI products that take PHP and make it and PHP-based applications very simple to install on the Windows platform. And so there are both good and bad from Microsoft’s perspective in terms of open source.

The one thing I’d add here is that, to some extent, as we start to see systems migrate into the cloud, what operating system to some extent becomes a little bit less important than the overall cost of maintaining the stack and deploying the stack in that hosted environment. So it’s possible that you could see Windows versus Linux being much less of an issue in the overall open source software debate. Certainly a lot of the organizations that I talk to happily continue to run Windows as their core operating system platform but still use other kinds of open source products like Eclipse, like Apache and Tomcat, like Spago or Jaspersoft. And really look at it as a mixed environment, not a pure open source or pure commercial type of situation.

James Turner: You’re going to be presenting at OSCON on a panel called, Beyond the Hype: The True Cost of Open Source. Is there anything else at the conference that’s caught your interest, or that you’re particularly looking forward to?

Jeffrey Hammond: Honestly, I haven’t had a lot of time to scope out some of the sessions that I want to attend. And that’s just reflective of the way that Forrester works with the end of the quarter and everything that’s been coming together. But, in general, wherever possible I’m looking to gauge the level of pragmatism in the community versus religious fervor, because certainly in the enterprise space we see pragmatism ruling the day. And to some extent, I think it’s important to see who at the conference is understanding of that attitude and is adapting and reacting accordingly. And who is maybe dismissive of the interests of enterprise IT. And I’ll give you an example of that; one of the things that most tends to concern enterprises is the security of open source software. And if you look at any of the defects in the bug reports when you look at the NIST reports and that sort of thing, I think there’s no justification to say that open source is less secure than commercial source. But it’s a perception that is held in the enterprise–that’s just the way it is. So the community can do one of two things. They can either understand that perception is there and deal with it and put data up that disproves it. Or they can say, ‘Well, the enterprise doesn’t know what it’s talking about. Aren’t they stupid? And they don’t know what’s going on.” And I think that that dismissive approach is counterproductive from a business standpoint. So I’ll be looking for sessions and seminars and attitudes that show that there’s an understanding of the myth and the realty of open source, that, if properly dealt with, can really help the folks that believe in it as a fundamental business model be more effective in working with enterprise organizations.

James Turner: Well, Jeffrey Hammond from Forrester, it’s been a real pleasure to talk to you. We look forward to seeing you at OSCON. And hope to see you there.

Jeffrey Hammond: Thanks a lot. Can’t wait.