Even SAP is using more open source

SAP signs on for Black Duck Suite, a tool that manages use of open source software

Yesterday SAP took another step into the open source world by signing on to use the Black Duck Suite. The suite is a collection of tools that helps a company find open source projects. It also confirms that developers are using the code securely, in compliance with its license and not violating the company's internal policies (i.e. not exposing code they don't want to release as open source).

Open Source
What's interesting about this news is that SAP's relationship to open source is an odd one. On the one hand, it invests pretty heavily in open source projects. At one point or another its investment unit has funded Alfresco, GroundWork, Intalio, JasperSoft, Zend, MySQL and Red Hat. It recently upped its membership in Eclipse.

On the other hand, its flagship products are not open source. And the company, which bills itself as “the world's largest business software company,” loves software patents. The German-based company holds more than 2,000 U.S. patents (including pending ones), according to a quick search on Patents.com -- plus hundreds of European patents.

Its strange stance on open source caused the Linux Journal last month to write an article entitled SAP: Open Source's Friend or Foe? The article concludes that despite SAP's investments in prominent projects, its attempts to convince the European Commission that software patents must be protected don't do open source any favors. The writer, Glyn Moody states:

We can see here how SAP and CompTIA are implicitly drawing on SAP's argument that there's now no fundamental difference between open and closed source, and that “mixed models” prevail. That being the case, they argue, it would “harm” open source to insist on open source only. That is why SAP spent so many pages “proving” this: it needs it to support its earlier objection.

I imagined that the SAP/ Black Duck news represents an uprising by the poor downtrodden developers at SAP. Their colleagues all over the world (including those at competitive start-ups or their enterprise customers) have entered a golden age of collaboration with open source. Meanwhile, these poor dudes and dudettes were stuck in the dark ages, writing their own code with an eye towards getting a patent on it, even if (maybe especially if) it means reinventing the wheel. (Disclosure: that's a fantasy -- I have no direct knowledge that SAP developers are locked in a basement without access to light or nourishment.)

Since Phil Odence, vice president of business development for Black Duck writes a popular blog on Network World's Open Source Subnet called Look to the Source, I talked to him about his company's news. I wanted to get a feel for what it says about how giant proprietary companies like SAP are changing their attitude toward open source. He told me that SAP is "a poster child" for how proprietary software companies are interacting with open source.

"Their developers have come to realize that there is great, usable, tested open source code out there that they can incorporate in with their own code. Need an XML parser? Why build your own when there are great ones out there for free? Once they realized that, developers all over the company started taking advantage of open source," he said. "You'll hear people in the SAP community say that they've gone from, 'Why use open source?' to 'Why not use open source? If open source can do the job, go for it. Then you can spend your time and energy on differentiating features.' That's where we believe all development is going."

But if your company loves software patents and earns a good deal of money on its intellectual property, you can quickly get yourself caught between a rock and hard place.

Odence describes, "Now, it's not a totally free lunch. With every developer having access to 250,000 OSS project with tens of billions of lines of code, suddenly you've got a management and control problem. It's good to use open source, but how do you make sure they are picking components that fit with your company policy? Some of that code is licensed in ways that could compromise your company's IP. Some of it comes from two guys in a garage who are thinking of going into the restaurant business. Some of it has security vulnerabilities. One free XML parser is great, seven different ones across the company can be a support problem."

The takeaway is that, if a company with as much vested interest in proprietary software can't afford to ignore the benefits of open source, how long will it be before most proprietary software becomes obsolete? How long before it becomes an entry in Wikipedia, not an albatross around an enterprises's neck? Seriously, even the U.S. military is trying to figure out how to safely use more open source software despite their need to keep the code protected. They want to make changes faster and spend less money on software development (and some of them feel that open source is actually more secure anyway).

I'm not saying that there's never a case for keeping software closed. I can't see the benefit, for instance, of open source cryptography. But there are scant few applications out there that wouldn't be better off if users could see and modify the code, particularly in SAP's niche of business, ERP, CRM, apps. Hopefully this news means that SAP, too, is seeing the light.

Like this? Here's more:

Follow Julie Bort on Twitter @Julie188

Follow all Open Source Subnet blog posts on Twitter @OSSubnet

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

IT Salary Survey: The results are in