Is Open Source .NET Beneficial?

[ERR!]
added by Simon Timms
3/20/2015 5:02:53 PM

1183 Views

I'm interested to see what people think of open source .NET

Read the full story
.NET OSS
12 comments
Robert Greyling
3/20/2015 5:11:00 PM
Good question @stimms - I'm guessing there are two schools of thought here in the enterprise specifically: 1. The "nobody ever got fired for choosing Microsoft" gang, who, regardless of Open Source or not wil be all over it because now it's sanctioned by the big boys. 2. The ones who detest and mistrust any Open from reasons you describe to the ones that say vulnerabilities are easier to exploit if it's Open. The second group definitely exist in large quantities in the enterprise and may very well start a witch hunt in their origanisations to dig out anything that has gone Open Source. I expect this will be very expensive, and where the sunken cost is too great they will just have to accept it, but handle existing code with kid gloves and new projects may be pushed to other closed platforms. It's a tough one to call, but I expect we'll see which way it goes in the near future.
Simon Timms
3/21/2015 2:10:31 AM
My experience with companies that dislike open source is a few years ago now. I was rather hoping that they would have died out by now or, more accurately, that those responsible for such decisions would have retired. It sounds like you're still seeing those thoughts in modern times.
John Atten
3/21/2015 2:45:04 AM
I'm thinking that more and more companies have/are coming around to OSS, particularly OSS that is actively developed and supported, in the open, but trusted vendors. I suspect that the value of certain licensing options, and/or at the least, the cost savings achieved by access to source/allowing devs to dig in and see what's what have begun to outweight the perceived "risks" associated with Open Source in previous years. Note that "open source" does not mean "free," although that is often an obvious advantage. Not to mention, more and more large corporations are achieving success with a significant portion of their code base consuming OSS libraries. Lastly, more and more exploits are happening in a very public way against software which is (presumably) closed-source. The advantages of the closed licensing model are beginning to decay. I think the more aggressively open source license models ("copy left") may drive away some companies, who aren't looking to publish their IP, particularly when that IP represents a significant revenue driver. In general though, I think the companies in camp #2 in the OP are going to diminish, and I don;t see this impacting MS adoption nearly as much as if they had FAILED to start down the path they are on. Remaining closed/proprietary, for Microsoft, would have meant a continuing slide into irrelevance over the next decase IMHO. It's the right move, at the right time (or maybe a few year after the right time, but timely nonetheless).
Bob Senoff
3/22/2015 3:15:02 PM
The @dotnet folks have posted this timely Infographic on The state of .NET Open Source on GitHub. https://twitter.com/DotNet/status/578933457914466304/photo/1
David Paquette
3/23/2015 1:37:44 PM
I have been fortunate enough to work for companies that have not been afraid of using open source tools and frameworks. I did work at one company where my products were put through a fairly vigorous open source audit process. This involved a combination of me telling them what I was using and some fairly sophisticated automated source code analysis. I *think* the purpose of this was to ensure that we were only using open source products with a license that was approved by the company. I have never taken the time to fully understand the implications of various open source licenses. I am curious if anyone else has encountered a similar audit process.
Simon Timms
3/23/2015 3:07:24 PM
A company I was at had a policy around it but I would hesitate to go so far as to describe anything done there as an audit. We were basically concerned about GPL code as there was a belief that if we shipped anything using that license our software would become GPL also. I don't think that was a good understanding of the license but I am not a lawyer. https://en.wikipedia.org/wiki/Viral_license
Paul Wheeler
3/23/2015 3:04:19 PM
I contracted with one of the large banks for a while. We were allowed to use open source libraries if Microsoft didn't provide an alternative, *but* we had to pull a copy of the code into our codebase so it could be run through special bank compilers that would supposedly catch malicious things.
Jeremy Morgan 
3/23/2015 6:41:58 PM
The only possible downside I could see are those companies who believe open source is insecure. As much as I hate to be dismissive but if your company still believes this, you may be in trouble. These days it's very difficult to run any enterprise without some form of Open Source software. Whether it is more or less secure is probably another discussion entirely, but having recently worked for such a company (I left) I can say it relegates you to costly or old tools and it's a huge burden on the company.
John Atten
3/23/2015 11:51:25 PM
@JeremyCMorgan - I agree, but I think the point of education needs to be aimed at the companies who somehow thing closed source offerings are "more secure." IMHO those who believe closed/proprietary systems are somehow more secure engage in a dangerous self-delusion. It's not so much a matter of demonstrating that OSS is "just as secure" as it is pointing out that closed systems are not only no more safe, but probably less so. At least, if an exploit is discovered in an OSS code base, either the maintainers can patch it, or the company's own devs can (or SOMETHING). With a closed source code base, you are at the mercy of the owner to implement a fix, on their schedule, IF they decide the time/resource expenditure is warranted.
Jeremy Morgan 
3/24/2015 12:03:50 AM
Absolutely good points. I have also heard the argument that "software is built better when your company is riding on it" but we've all seen evidence to the contrary. Another consideration is a "you get what you pay for" attitude with software. No matter how often it's true it still isn't a hard rule. But I there is a certain tipping point where a company charges so much for their software that more people purchase it, and I've seen that play out in several companies I've worked for. I have even implemented full solutions as a proof of concept and had them rejected because the upper management would frown upon something they're getting for free. This is why I consider the free software + paid support model such a good idea. You give people the software for free and you'll get more people using it and talking about it. If it's open sourced you can most likely get improvements made, and then you charge for support and customization. This shows the company that you have a liability to them and won't leave them hanging. It's the direction many companies are headed but only time will tell if that model wins out.
D Nemec
3/24/2015 2:07:12 AM
Although I'm not surprised that companies think that way, I feel like any company advising against open source hasn't really thought things through. It's hard to deny that Java isn't a major player in the enterprise development space, yet most of its source code is entirely public. I would guess that more often than not, developers at a large company will tend to ignore any legal guidance for some of the more permissive licenses. It's easy to police your dependencies with a small team where your entire company revolves around a single product, but in a company where each of its 1000 teams own 10 different assets, having to get approval to use jQuery in each new project is a real pain. I agree with @xivSolutions that Open Source makes it easier to stay secure. When the POODLE vuln hit, we discovered that one of the libraries we use actually forced the use of SSL 3.0 in its WebRequest, but we had to wait for the team who developed the application to fix the issue before our application would work again (the servers were patched to reject SSL 3.0). On the other hand, we wanted to use an open source request throttling package in a WebApi project but the package was built for .Net 4.5 (we use 4.0). After retargeting and replacing a few 4.5 features with their older equivalents, we had the ability to reuse the important code (throttling logic) with very little effort on our part.
Claus Sørensen
3/23/2015 11:56:51 PM
I hope that finding Microsoft on this path says something about the attitude towards OSS from big corporations in general. I have not personally encountered a strict anti open source policy anywhere I have worked, just a healthy and necessary interest in licensing models and the communities surrounding the open source products we used. I think corporations who completely dismiss open source software need to wake up and realize that OSS can help you focus on what actually matters to the business, and to stay competitive. That Microsoft is starting to embrace open source is a great advantage for .NET developers trying to get the companies they work for to show an interest in open source software. If anything I think this will help persuade more people to give OSS a chance.