Broadcom DX Application Performance Management, part of the AIOps Platform from Broadcom, delivers mobile-to mainframe observability for user behavior, performance analysis, and code-level diagnostics along with easy-to-use workflows and dashboard to understand the health of any multi-cloud app.  The solution provides advanced analytics based on time, text, topology, and training, so you can pinpoint and resolve performance issues quickly and ensure that every user transaction becomes a loyalty-building interaction.

RELATED CONTENT:
APM: Cutting through the noise
How does your solution help teams manage monitoring?

Akamai  provides application performance management as part of its Ion solution, which is a suite of intelligent performance optimizations and controls for delivering high-quality web iOS and Android app experiences. The solution continuously monitors real user behavior and adapts in real time to context, user behavior and connectivity changes. 

AppDynamics by Cisco is an APM provider that provides customers with information on user experience. Its Experience Journey Mapping feature tracks the application paths most common among users and evaluates performance, enabling customers to see how their users are interacting with their app. Companies can use AppDynamics to optimize customer journeys across devices and quickly identify any issues. 

Amazon CloudWatch is an application and infrastructure monitoring solution built for DevOps engineers, developers, SREs and IT managers. It provides data and actionable insights to monitor apps, respond to performance changes, optimize resource utilization, and get a unified view of operational health. 

Catchpoint is the enterprise-proven ally that empowers teams with the visibility and insight required to deliver on the digital experience demands of customers and employees. With its combined true synthetic, real user, network, and endpoint monitoring capabilities and the largest, most diverse global monitoring network in the industry, Catchpoint delivers in-depth, accurate, and full-stack performance insights. 

Datadog APM provides end-to-end distributed tracing at scale capabilities for front-end devices and databases. Users can monitor service dependencies, reduce latency, and eliminate errors for the best possible user experience. 

Dynatrace provides software intelligence to simplify enterprise cloud complexity and accelerate digital transformation. With AI and complete automation, our all in-one platform provides answers, not just data, about the performance of applications, the underlying infrastructure and the experience of all users.

InfluxData: APM can be performed using InfluxData’s platform InfluxDB. InfluxDB is a purpose-built time series database, real-time analytics engine and visualization pane. It is a central platform where all metrics, events, logs and tracing data can be integrated and centrally monitored.

Instana is a fully automatic APM solution that makes it easy to visualize and manage the performance of your business applications and services. The only APM solution built specifically for cloud-native microservice architectures, Instana leverages automation and AI to deliver immediate actionable information to DevOps. 

LaunchDarkly is a feature management platform that empowers all teams to safely deliver and control software through feature flags. By separating code deployments from feature releases, LaunchDarkly enables you to deploy faster, reduce risk, and iterate continuously. LaunchDarkly integrates with several observability and APM solutions such as AppDynamics, Datadog, Dynatrace, Honeycomb, New Relic, and SignalFX. These integrations help measure how each feature affects key service metrics such as response times and error rates.

Lightstep‘s mission is to deliver insights that put organizations back in control of their complex software applications. It provides an accurate, detailed snapshot of the entire software system at any point in time, enabling organizations to identify bottlenecks and resolve incidents rapidly.

Microsoft Azure Monitor provides full observability into applications, infrastructure and network. It’s application sights feature provides an APM service for developers and DevOps professionals to monitor live applications, detect performance anomalies, diagnose issues and understand what users are doing. 

New Relic One aims to go beyond traditional monitoring solutions by embracing observability. It provides users with a real-time view of operational data so they can respond faster, optimize better and build great modern software. It includes a telemetry data platform, full-stack observability, and applied intelligence.

Oracle provides a complete end to-end application performance management solution for custom and Oracle applications. Oracle Enterprise Manager is designed for both cloud and on-premises deployments; it isolates and diagnoses problems fast, and reduces downtime, providing end-to-end visibility through real user monitoring; log monitoring; synthetic transaction monitoring; business transaction management and business metrics.

OpsRamp is a modern IT operations management platform that allows enterprise IT teams and MSPs to “control the chaos” of digital infrastructure. OpsRamp does this through hybrid discovery and monitoring, event and incident management, remediation and automation, powered by AIOps. Users can detect and resolve incidents faster, understand resource dependencies and avoid costly performance issues that result in lost revenue and productivity.

OverOps captures code-level insight about application quality in real time to help DevOps teams deliver reliable software. Operating in any environment, OverOps employs both static and dynamic code analysis to collect unique data about every error and exception—both caught and uncaught — as well as performance slowdowns. 

Pepperdata is a leader in the APM space with proven products, operational experience, and deep expertise. It provides enterprises with predictable performance, empowered users, managed costs and managed growth for their big data investments, both on-premise and in the cloud.

Plumbr is a modern monitoring solution designed to be used in microservice-ready environments. Using Plumbr, engineering teams can govern microservice application quality by using data from web application performance monitoring. Plumbr unifies the data from infrastructure, applications, and clients to expose the experience of a user. This makes it possible to discover, verify, fix and prevent issues. 

Riverbed’s application performance solutions provide superior levels of visibility into cloud-native applications—from end users, to microservices, to containers, to infrastructure—to help you dramatically accelerate the application lifecycle from DevOps through production.

Sentry provides code-level observability that is essential for software teams to monitor application health. With Sentry’s error tracking and performance monitoring software, developers can see the most critical issues clearer, solve issues quicker, and learn continuously about their applications—from the front end to the back end. Sentry works across web, desktop, mobile and native platforms, and nearly every framework and language.

SmartBear: AlertSite’s global network of more than 340 monitoring nodes helps monitor availability and performance of applications and APIs, and find issues before they hit end consumers. The Web transaction recorder DejaClick helps record complex user transactions and turn them into monitors, without requiring any coding.

Splunk APM enables users to innovate faster in the cloud, improve user experience and future-proof applications. It features NoSample full-fidelity trace ingestion so developers never miss an anomaly, AI-driven analytics and directed troubleshooting, high cardinality exploration of traces, and an open standards approach. 

Stackify by Netreo’s APM solution Retrace gives developers straightforward insights into performance bottlenecks. It integrates code profiling, error tracking and application logs; troubleshoots problems and looks for ways to optimize code; and collects detailed snaptops of what code is doing and how long it takes. 

The post A guide to APM solutions appeared first on SD Times.

There are two main ways we help. For large companies that have multiple observability tools, multiple monitoring tools and multiple APM tools, which is basically a majority of the market out there, BigPanda comes in and unifies all of those fragmented domains and teams using those fragmented siloed products. The number one reason why companies choose us is because we are vendor agnostic, we are domain agnostic, we sit in the middle and unify all these APM tools and vendors. 

Secondly, we help with incident management — how you prevent and resolve outages. While APM and observability tools are fantastic at providing the deep, deep visibility businesses need, that forensic data doesn’t become important until later in the process. Teams need a smart detector to connect the dots and find probable causes or culprits, and then they can get into the forensics more.  

RELATED CONTENT:
APM: Cutting through the noise
A guide to APM solutions

When you have an outage or a massive incident that is crippling to your users or system, BigPanda connects all the dots, connects all the signals together and says here is the problem and here is what we think is causing it. BigPanda excels at that root probable cause, and then your APM experts can come in and dive deeper into the issue. BigPanda sits in the front for the detection problem, root cause identification, and the APM and observability tools can come in to surface the data and resolve the problem. 

Amy Feldman, head of AIOps product marketing, Broadcom:

Broadcom’s AIOps solution is based on open source, allowing it to be an open, agnostic platform, easily integrating different data sets such as metrics, logs, wire, performance, transactional and user experience.  A differentiator is that the solution looks at time, text, topology and training in order to get to the root cause of the performance problem. Our APM plugs into our AIOps platform for increased observability.

We analyze data based on those four spectrums — time, text, topology and training. There’s not one single approach that solves all problems; you have to look at it from different angles, and at all the pieces. And because the platform is open and agnostic, we can then incorporate all different kinds of data, which gives you that extra observability, because the more data that you have across the entire landscape, the better insights you can get out of it. 

There is business-related data, user experience data, APM data, Open Tracing information, network data, and third-party data as well. We treat this data as if it was a first-class citizen, so it becomes part of the topology, incorporated into the data models, and incorporated into the platform itself. So that gives you that greater visibility you need to be able to deliver business outcomes.

AIOps from Broadcom includes our full-stack monitoring capabilities — APM, user experience, networking infrastructure, along with AI and ML reducing alarm noise, providing root cause analysis tied with intelligent automation to resolve issues quickly and improve customer experience.  

The post How does your solution help teams manage monitoring? appeared first on SD Times.

Organizations are still unable to detect and address security issues fast enough because traditional approaches to security testing and existing tools were not made with speed, automation and continuous integration (CI) pipelines in mind.

According to Patrick Carey, senior director of market analysis and strategy of the Software Integrity Group at Synopsys, application security is often defined by siloed solutions: static application security testing (SAST), software composition analysis (SCA), dynamic application security testing (DAST), and interactive application security testing (IAST). But these silos conflict with the way developers build, test and fix software. “They don’t care which analysis techniques are used.  They just want to quickly identify the issues that pose the highest risk,” Carey said. 

Application security testing needs to not only happen earlier in the application life cycle, it needs to be executed more intelligently. “As development, security, and operations converge we see these silos being knocked down, with security testing being delivered as an intelligent, integrated system of services that knows which tests to run when, and can identify the highest priority issues,” said Carey.    

The next generation of application security test automation

As software development has picked up speed, organizations have deployed automation to keep up, but many are having trouble working out the security testing aspect of it. Current application security testing tools tend to scan everything all the time, overwhelming and overloading teams with too much information.

If you look at all the tools within a CI pipeline, there are tools from multiple vendors, including open-source tools that are able to work separately, but together in an automated fashion while integrating with other systems like ticketing tools. “Application security really needs to make that shift in the same manner to be more more fine-grained, more service-oriented, more modular and more automated,” said Carey. 

Intelligent orchestration and correlation is a new approach being used to manage security tests, reduce the overwhelming amount of information and let developers focus on what really matters: the application. While the use of orchestration and correlation solutions are not uncommon on the IT operations side for things like network security and runtime security, they are just beginning to cross into the application development and security side of things, Carey explained. 

He went on to say that orchestration and correlation can greatly improve application security testing in two ways. First, it can enable teams to be more efficient about the way they use the tools available. “Orchestration and correlation can be the brains behind the system. It can determine which tool to run when and how, so that you’re only running the specific security tests you need when they’re needed,” he said.

Secondly, it can sort through and deduplicate findings from all the tests, remove the lower priority issues and surface the ones that need to be quickly addressed due to the business risks they pose. “This is important when you’re in a DevOps model where teams are releasing not every six months or every year, but multiple times per day. It’s about continuous incremental improvement. By keeping the teams focused on the higher priority risks, they can make that continuous improvement over time. It allows the teams to actually maintain velocity without compromising security because they are actually focusing on what matters,” he said. 

Expanding on intelligent orchestration and correlation

To add to its intelligent orchestration and correlation initiative, Synopsys recently announced it acquired the application security orchestration and correlation solution Code Dx. According to the company, Code Dx complements the Intelligent Orchestration solution released last year. Intelligent Orchestration simplifies and streamlines security testing in CI pipelines by determining and initiating the appropriate tests to run based on predefined policies, application risk profiles, and code changes.

Code Dx will extend the company’s vision, enabling teams to aggregate and correlate security test results from a wide range of Synopsys, third-party and open-source tools,  so they can focus remediation efforts on the security issues with the most business risks. 

“If you can remove friction from the pipeline, and you can stop burying teams with findings, that is really what’s going to be central to being able to realize the vision of DevSecOps where development, security and operations work together in aharmonious fast paced flow,” said Carey. “We’re really getting to the point where these traditional testing tool silos are going to struggle to keep pace with the way development is working today. What you’ll be seeing from us now that Code Dx is part of our portfolio is continuous movement towards a much more integrated, modular, and risk-based way of delivering application security.”

“We believe that application security isn’t about testing to oblivion and finding as many vulnerabilities as possible. It’s about understanding and managing application risk proactively, and doing so in a way that doesn’t impede development velocity and agility.”

Learn more at https://www.synopsys.com 

Content provided SD Times and Synopsys

The post DevOps requires a modern approach to application security appeared first on SD Times.

According to the company, in order to close the current global skills gap, education and training systems need to evolve along with market demands. 

As part of its new collaboration, global organizations will leverage IBM SkillsBuild, an online learning program designed to get job seekers ready for the professional workforce within three to six months. It will offer technical skills, badges, and credentials recognized by the market. It will focus on underserved populations such as veterans, women, minorities, refugees, and unemployed young adults.

“Closing the global skills gap is one of the most pressing issues of our time,” said Arvind Krishna, chairman and CEO of IBM. “That is why I’m proud of these collaborations, which will help people of all backgrounds acquire the skills they need to thrive in a fast-changing global economy.”

The company also announced that the workforce solutions company ManpowerGroup will work to connect with these job seekers to offer real career opportunities in cloud and infrastructure, cybersecurity, data analysis, digital workspace and enterprise application positions. In addition, ManpowerGroup will provide assessment, coaching and personalized support through its talent agents. 

Through these efforts, IBM hopes to re-skill 500,000 people by the end of the year; provide 15,00 people with special program-based learning experiences; and secure 7,000 jobs across different industries. 

“We are seeing an increased demand for new skills needed in future tech jobs like artificial intelligence, cybersecurity, data analytics, and cloud computing. IDC believes that the partnerships IBM has announced are essential to helping meet the demands for tech jobs of the future. However, the partnership with ManpowerGroup is a perfect complement to IBM SkillsBuild’s mission of providing training for to underrepresented groups as it provides meaningful career opportunities to badged IBM SkillsBuild participants,” said Curtis Price, vice president of Social, Environmental Responsibility and Ethics at IDC.

The post IBM joins effort to re-skill the workforce for tech roles appeared first on SD Times.

Infragistics Ultimate 21.1 is built off of three key themes: 

• Enabling hyper-productivity and better collaboration between app development and design through its design-to-code platform Indigo.Design App Builder
• New innovations and experiences with Angular, React, Web Components, ASP.NET Core
• New enhancements in Windows Form and WPF 

“Infragistics Ultimate 21.1 ensures best-of-breed development on your desired platform,” said Jason Beres, senior vice president of developer tools at Infragistics. “It offers updates on the mainstay frameworks in Infragistics Ultimate, including Window Forms, WPF, .NET Core as well as the modern web frameworks in Blazor, Angular, React and Web Components and Indigo.Design, the new app builder that can radically accelerate your app design and development.” 

For hyper-productivity, the company updated its Indigo.Design App Builder design-to-code platform with a web-based IDE, new UI components, property editor panels, hierarchical views of master-pages and sub-pages, data sources options, and theme options. 

The toolkit has also been updated with the latest components and enhancements from Angular 12, such as the Angular Tree Component, date picker and Angular time picker; date time editor; design and theming; and Angular Grid interactions. 

For the modern web, the 21.1 release includes new features and enhancements to data grids, charts and components in Ignite UI for React, Blazor and Web Components. 

Desktop WPF and Windows Form updates include: new design-time support in Visual Studio 2019, chart updates and map updates. 

More information is available here. 

The post Infragistics Ultimate 21.1 zeros in on designer-developer collaboration appeared first on SD Times.

“Safe to say, Kubernetes plays a critical role in delivering value to your customers today and enabling you to adapt tomorrow. Keeping your skills sharp and staying up-to-date on developments around this fast-moving technology are paramount,” Mithun Dhar, vice president and general manager of Developer Tools and Programs at Red Hat, wrote in a post. 

RELATED CONTENT: Kubernetes is becoming ubiquitous

Kubernetes by Example was originally launched in 2017. Since then, it has added more learning paths and resources to teach the fundamentals of Kubernetes and containers as well as other related topics. 

The step-by-step guides include: Linux Essentials; Command Line Essentials; Container Fundamentals; Kubernetes Fundamentals; Application Development on Kubernetes; Developing with Java on Kubernetes; and Developing with Spring Book on Kubernetes. Users can get hands-on examples from minikube or OpenShift Playground. 

The company will also be launching its new streaming show KBE Insider on Kubernetes by Example to show first-hand the evolution of the project as well as keep developers up-to-date with the latest insights and skills. 

“We’ve made it as easy as possible to access and use these tutorials. That means there are no fees to participate, or hidden “premium” content that needs to be unlocked. Simply explore the learning paths and lessons from the homepage, and when you’re ready to get started, select and configure your cluster, and you’re ready to go,” Dhar wrote.

The post Red Hat to teach Kubernetes by Example appeared first on SD Times.

A recent report from the software testing company Applause found 86% of respondents report their organizations are testing features immediately as they are being developed to reduce bugs, reduce the costs of fixing later-stage bugs, and reduce the need for hotfixes. However, this new shift in quality assurance is having a significant impact on developer productivity, with respondents reporting it takes at least eight hours per week to test new features. According to Mike McKethan, director of quality engineering and automation at Applause, shifting left requires the right mindset to improve testing and save developer time. 

In a recent webinar on SD Times, McKethan explained that when people think about shifting left, a majority  immediately turn to tools and automation. While those are foundational layers of a good shift-left strategy, the overarching theme should be that quality is a habit, not an act.  

According to McKethan and Mike Plachta, senior manager of solutions engineer at Applause who also presented the webinar, the key pillars of a successful shift-left strategy include:

• Quality ownership: Having the whole team be responsible for quality, moving beyond just the QA sign-off and having management buy-in

• Valuable features: Developing accurate, executable and valuable features from the beginning by leveraging the Pareto principle and behavior-driven development

• Automation-first mentality: Integrating automation into the build process and DevOps pipeline

• Fail or learn fast: With continuous feedback, CI/CD, code quality from an automation perspective, and the “three amigos”

• Continuous improvement: Through retrospectives, idea boards, predictive analytics, AI and real-time analytics

To learn more about these pillars, watch the full webinar here. 

The post The key pillars to a successful shift-left strategy appeared first on SD Times.

It was drafted by Heather Meeker, a specialist in open-source software licensing and strategy, and meant to complement other licenses. Applying the Commons Clause to an open-source project means the source code is available and enables users to modify and distribute it, but it does not comply with the Open Source Initiative’s (OSI) 10 guidelines for open source. 

RELATED CONTENT:
The battle of open-source licenses
Open source is a community, not a brand

Since its announcement, Redis Labs has decided to move on from the Commons Clause and created its own Redis Source Available License (RSAL) for Redis Modules, which are modules running on top of open-source Redis. Under RSAL, software can be modified, integrated into an application, used and distributed. It restricts the software from being used as a database, caching engine, stream processing engine, search engine, indexing engine or ML/DL/AI servicing engine. 

Confluent switched some components of its platform to the Confluent Community License in 2018, which allows developers to access the software code, modify it and redistribute it, but does not allow developers to use it in a competing SaaS offering. “‘Excluded Purpose’ is making available any software-as-a-service, platform-as-a-service, infrastructure-as-a-service or other similar online service that competes with Confluent products or services that provide the Software,” the license states. 

Elastic just recently announced this year Elasticsearch and Kibana would be switching to dual licenses under MongoDB’s Server Side Public License (SSPL) and the Elastic License v2. The Elastic License is a non-copyleft license that has three limitations: developers cannot provide the software as a managed service; circumvent the license key functionality or remove/obscure features protected by license keys; or remove or obscure any licensing, copyright or other notices, the company explained. 

MongoDB’s SSPL is based on the GNU General Public License, and while the company believes it contains all the tenets of what it means to be open source, it has not been approved by the Open Source Initiative because the license contains conditions for providing the software as a service. “If you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License. Making the functionality of the Program or modified version available to third parties as a service includes, without limitation, enabling third parties to interact with the functionality of the Program or modified version remotely through a computer network, offering a service the value of which entirely or primarily derives from the value of the Program or modified version, or offering a service that accomplishes for users the primary purpose of the Software or modified version,” section 13 of the license states. 

According to Dev Ittycheria, CEO and president of MongoDB, since the company created and switched over to the SSPL more than two years ago, it has not had a negative impact on user adoption or impacted the success of the company.

MariaDB switched to the Business Source License as an alternative to closed source and the open core licensing models. It does not meet the criteria of the OSI because it allows the licensor to make an additional use grant that limits production use.

“If you write a new license, you also should be clear about whether you intend it to be open source or not,” Meeker told SD Times. “Fundamentally, open source licenses have no scope limitations. They cannot be limited by field of use, or time, or number of users  —  all of the typical limitations you see in proprietary licenses. Most of the new licenses that have been written recently —  like the Elastic License 2.0, the Confluence Community License, or the Business Source License — are not open source licenses. Most of the new licenses are source code licenses, and I would put them in the category of source available, though this category is still in its early stages. SSPL was more controversial, as there was some disagreement over whether it was an open source license.” 

“The future of open source is strong and still growing.  Some of the new licenses are used as alternatives to open source, but more often, complements to it,” she added.

The post Understanding the new “open” licenses appeared first on SD Times.

“Cloud vendors do not care about monetizing FOSS projects, they are about getting more workloads running on their infrastructure — hence, to be the preferred destination for such workloads,” said CloudBees’ co-founder and chief strategy officer Sacha Labourey.

Confluent created a new community license, and MongoDB announced its Server Side Public License (SSPL) to combat cloud providers. In January, Elastic announced it would move its Kibana and Elasticsearch open-source projects to a dual license under the Elastic License v2 and SSPL. 

RELATED CONTENT: Open source is a community, not a brand

However, these new licenses that companies are switching to are not considered open source by the Open Source Initiative’s standard, leaving many in the industry to wonder where these companies now stand with open source.  

“These new ‘source available’ licenses contain restrictions to prevent cloud infrastructure providers from building a service out of their code. Early efforts like the commons clause limited ‘commercial use’ broadly and users found that the license language ‘created some confusion and uncertainty.’ Recent efforts by Elastic and others are more surgical. They simply attempt to restrict users from standing up the software alone as a service. The goal of these new licenses is to continue to capitalize on the widespread availability of the software and its source code to gain future customers while shutting out competing SaaS services based on the same code,” Justin Colannino, director of developer policy and counsel at GitHub, wrote in a post. 

According to Stephen O’Grady, principal analyst and co-founder of the developer analyst firm RedMonk, while it can be upsetting, the cloud providers are not actually abusing open-source projects if they are still abiding by the rules of the open-source license. “If project owners don’t want certain parties to be able to use their software, they shouldn’t be using open-source licenses,” he said. 

MongoDB argues that under SPPL, developers are still able to access, use, modify and redistribute its code. “We adopted the SSPL license to protect our right to build an innovative business in the Cloud era. We wanted to counter the threat of hyperscale cloud vendors taking our free product and offering it as a service without giving anything back,” said Dev Ittycheria, CEO and president of MongoDB.

Tomer Levy, CEO of Logz.io, a cloud observability platform provider, argues that changing licenses shakes the entire foundation of the open-source philosophy and shows that those in control of popular projects have the ability to take these projects away from the community at any time. “We were disappointed to hear about Elastic’s decision to change to a license which is not truly open source. This is a slap in the face to the engineers that helped build the community and make the open source software the staple that it is today,” he said. 

O’Grady added that changes like these have the potential to blur the definition of what is and isn’t open source, creating more uncertainty in the space. “If these companies genuinely want to protect open source, they would actively and aggressively maintain a bright line of distinction between their source available, proprietary licenses and genuine open source alternatives.,” he said.

Elastic made the decision to no longer refer to Elasticsearch or Kibana as open source and instead refer to the project’s as free and open. “While we have chosen to avoid confusion by not using the term open source to refer to these products, we will continue to use the word ‘Open’ and ‘Free and Open.’ These are simple ways to describe the fact that the product is free to use, the source code is available, and also applies to our open and collaborative engagement model in GitHub. We remain committed to the principles of open source — transparency, collaboration, and community,” the company explained in a post. 

Red Hat’s Haff actually thinks it can be a good thing if a project is successful and popular enough that a big public cloud provider is going to try to compete with it. “There’s a saying in the open-source space that your biggest challenge isn’t to be competed with, it’s to have no one know or care what you do,” he said. 

Some ways to combat the cloud providers, other than changing your software licensing model, is to form innovation partnerships with the cloud vendor so there’s a window where they can’t just steal your functionality and hopefully during that window the project innovates and moves past the threat. 

Drupal’s Bryon thinks creating a form of Creative Commons for open source could help categorize open-source projects into projects that are free to use, projects that require attribution and so on and so forth. “That sort of thing around open-source licenses could be really interesting to explore, because it would allow the expression of what these different projects are trying to do, but through the singular lens of this organization that has proven its importance and it’s credibility within the community,” she said. 

She also suggested creating social pressures on these companies to do better. WSO2’s Newcomer thinks we are already seeing Amazon react and change. In response to Elastic, the company created OpenSearch, an open-source fork of Elasticsearch and Kibana, and it is working with the industry to support and maintain the project long-term. Additionally, New Relic recently contributed Pixie, the open-source project for Kubernetes-native observability, to the Cloud Native Computing Foundation, and expanded its relationship with Amazon to run Pixie on AWS. 

Amazon “is the lead right now in this market. They have the capability to just take a leadership position in solving new problems through collaboration and open source,” said Newcomer. “What we need is more standard ways of interacting with them, standard platforms that all cloud providers should implement to solve the problems in the way of people so they’re not in this situation of having to pick and choose, which is difficult for everyone.”

The post The battle of open-source licenses appeared first on SD Times.

As open source has become increasingly more popular, companies have begun to adopt open source for the brand, but then try to go against the purpose of open source, according to Gordon Haff, a technology evangelist at open-source company Red Hat. “I’ve definitely been on a lot of calls where one of the first things I’ll ask business leaders is why do you want to be open source, and often the answer is: because our customers seem to like that, but we don’t want Amazon to compete with us. We don’t want someone else to compete with us. We want to be able to maintain some proprietary parts of our software,” he said.   

RELATED CONTENT: The battle of open-source licenses

Open source itself has never gotten away from its meaning, according to Vicky Brasseur, author of the book “Forge Your Future with Open Source.” The problem, she said, is that people haven’t bothered to learn or understand the true meaning of open source. “They make up their own definitions of open source, or they do it via the telephone game…and so the definition they’re working under in no way relates to what it actually is,” she said. According to Brasseur, the Open Source Initiative (OSI) defined open source over 20 years ago, and that is the one true meaning there is.

The Open Source Initiative’s definition of open source

OSI’s open source definition states that open source goes beyond just accessing the source code. To be open source, the software must comply with the following 10 criteria: 

1. Free redistribution, 
2. Source code, 
3. Derived works, 
4. Integrity of the author’s source code, 
5. No discrimnation against persons or groups, 
6. No discrimination against fields of endeavor, 
7. Distribution of license, 
8. License must not be specific to a product, 
9. License must not restrict other software, 
10. And the license must be technology-neutral.

“That is the one, the only, the worldwide recognized standard,” said Vicky Brasseur, author of the book “Forge Your Future with Open Source.” “Standards are very important because otherwise we can be using the same words and mean completely different things, and from a business perspective, that can be devastating for people to be using different words or the same word open source and meaning different things. There is no other definition of open source.”

Creating a business model around open source

According to Robin Schumacher, vice president of product at open-source monitoring solution provider Netdata, the reason why open source has been so successful is because of the social aspect of it. Unlike proprietary software, it’s collaborative. It’s community-oriented and community-driven.

There are ways for a business to successfully use open source to their competitive advantage while staying true to the nature of open source, but open source shouldn’t be adopted just because it makes a company look good. “Your primary responsibility as a business owner, as a founder, as a manager of an organization, of a business, of a company, is not necessarily to open source. It is to your business,” said Brasseur. “If you are starting from open source and then trying to reverse engineer a business out of that, you’re coming at it from the wrong direction.” 

RELATED CONTENT: Making open source work for you and your business

A business should be looking at what the user needs, what the environment is they are targeting, what the trends are, whether or not they can meet those user needs or do it better than someone else, and then decide if it makes sense to use open source or release software to open source, Brasseur explained. If open source makes sense for the business goal, then companies need to put the effort into building the community around open source and understanding what the goal of releasing to open source is going to be. “If you don’t know your business goals, you won’t be able to maintain and guide that open-source project in a way that you can actually meet your business goals,” said Brasseur. 

According to Sacha Labourey, co-founder of enterprise software delivery company CloudBees, there are a number of models and tools today to make sure organizations are able to properly manage and govern the use of free and open-source software (FOSS). “We talk a lot about FOSS, but the reality is that it has been incredibly stable in how it operates and the value it provides. What has really been evolving fast are the various business models around FOSS,” he said. 

One of the best and most proven models out there is the open core model, according to Schumacher. In the open core development model, vendors open-source a portion of their software, but surround it with proprietary offerings. While it is valid from a business model perspective, Red Hat’s Haff noted that it’s important to recognize the open core model makes things a lot harder for the community to do collaborative open development.  

It takes a lot of time for people to figure out how to use the code, set it up properly and then maintain it, explained Angie Byron, core co-maintainer of the Drupal project, an open-source web content management framework. What companies like Acquia, a digital experience platform built around Drupal, and Red Hat do is provide a cloud platform that takes all the guesswork out for users and provides users with professional services and a support system. 

When projects and vendors commercialize open source, they have to understand there are various levels of commitments and contributions they are going to get from the community. It’s not always about code contributions, Schumacher said. There are other ways the community can help out;.for instance, by doing testing, quality assurance, performance testing, bug reports, feature requests, forum contributions, meetups, and sharing best practices and pitfalls.

Giving back to the open-source community

Technology giants like Google, Red Hat and others have been the most successful in the open-source world because they embrace the developer. “The love of the developer, the understanding that the developer is the set of ground troops that takes the technology into a particular enterprise, ingrains it into the lines of business, then it begins to bubble up to the higher-ups who see the benefits of what’s going on or just the proliferation of this software, and have no choice but then to make a commitment to it,” said Netdata’s Schumacher. 

A successful open-source vendor will provide a very smart and qualified developer relations staff, he explained. “You are going to need people who understand the spirit, mindset and everything of the developer community, of open source in general…” he said. 

Schumacher has three pillars for a successful developer relations staff:

1. Community managers who are active in the industry and evangelizing the software, participating and scheduling meetups and events, are present on social media, and are broadcasting the benefits of projects to the open-source community
2. Skilled technical members who are responsible for helping the community implement the open-source software and providing best practices, jump-starts, sample apps, and code contributions
3. Lastly, you need an educational aspect that goes beyond how to use the software and talks about the next steps in terms of how to utilize the software to the user’s advantage. This area should include videos, written content and other resources to provide users with a pass to success. 

“The developer relations staff is absolutely critical for any vendor that wishes to work with open-source software, commercialize and be successful,” said Schumacher.

However, author Brasseur warns that while developer relations and open-source program offices can be beneficial, you have to make sure you are hiring the right or qualified people. “There are great people out there for this, but there aren’t nearly as many experienced people for this.” You can’t just hire internally because a developer contributed to an open-source project once, she explained. 

Other ways organizations can give back or get involved in the community include getting involved in industry initiatives or open-source foundations. Organizations “have to change their mindset from, we’re just going to develop what we think we need to be competitive to let’s help develop what the industry needs,” said Eric Newcomer, CTO at WSO2, an API management company. “One of the reasons open source is so successful is because people can collaborate on a shared vision of a common problem that everybody has.”

It’s not as easy as telling organizations to give back though, Drupal’s Byron explained. She said you have to incentivize companies to give back.

At Drupal, the project created a contribution record where contributors and committers can show how they are helping to sustain the project and the Drupal Association. “Hammering on that is probably the best way to do it because companies are probably not going to contribute out of the kindness of their heart. They need to have an incentive that matches with their return on investment,” Byron said.

She also explained that contributing to open source not only helps solidify an organization as an expert in their field, but it helps gain and retain talent because many developers want to work for companies that make time for open source. Contribution credits can help weed out the true open-source experts from the pretenders. “If you are selling yourself as an AWS vendor, but you have no record of ever contributing to anything around the AWS ecosystem, it’s sort of like, well did you just take a test and now you’re calling yourself an expert versus if you can see the trail of this person making contributions, writing blog posts and such, it’s easy to choose between the two. One is literally establishing themselves as an expert,” Bryon added.

The challenges facing open source today

Vicky Brasseur, author of the book “Forge Your Future with Open Source,” sees three main issues plaguing the open source landscape today. 

1. The influx of open-source projects: According to Brasseur, there has been a flood of new projects being released. While that can be a good thing, it can also be problematic if organizations are just releasing things into open source to be trendy. She explained it makes the signal-to-noise ratio off-balance and makes it difficult to find useful projects. “It’s contributing to this age-old problem of reinventing the wheel, rather than perhaps contributing back to the existing wheel that’s already there,” she said. It’s tempting to want to release something rather than contribute to something, but you don’t necessarily have to start everything from scratch. Support what’s already out there, fork it, or take it into a different direction, according to Brasseur. 
2. Lack of knowledge: Knowledge should go beyond just the definition of open source and free software. Businesses and developers need to understand the copyright and licensing details that go behind open source. Developers that “play fast and loose” with the laws, Brasseur said, make it difficult for companies to use their software because they have to take the time to figure out what the license is and how they can use the software. Too many hours are wasted just talking about and chasing down licensing information.
3. Monocultures: Brasseur sees a number of monocultures plaguing the open-source ecosystem through fiscal sponsors, tooling and foundations. “These monocultures are a problem. All you need to do is watch Twitter on any day when GitHub is down. All of open source screeches to a halt. That is a huge problem. People equating open source with GitHub, that is a problem… I like GitHub, they do good things, but from an ecosystem point of view, that’s a problem. Projects that assume the only place I can go to have somebody support me from a foundational level is the Linux Foundation, that is a problem. There are lots of different options. The Linux Foundation does a very good job in many ways, but it’s not the be-all and end-all. Companies that think in order to participate in open source, I have to pay to become a member of a foundation, that is a problem,” she explained.  — Christina Cardoza

Open-source software in the enterprise

Red Hat’s 2021 State of Enterprise Open Source report found 90% of IT leaders are using open source in the enterprise, and 79% expect their use of enterprise open-source software for emerging technologies (edge, IoT, AI and ML) to increase over the next couple of years. The main drivers for adopting open source are infrastructure modernization, digital transformation, higher quality software, access to latest innovations, and better security. 

This year, the company decided to ask respondents whether or not they look to see if a vendor contributes back to open source when looking to implement a new solution. Surprisingly, the report found that IT leaders not only care, but they are much more likely to choose a vendor who contributes. “That means the IT leaders are starting to appreciate the virtuous cycles that you have in open-source development,” said Gordon Haff, a technology evangelist at open source company Red Hat.

But barriers still remain with respondents citing level of support, compatibility, and lack of internal skills as top challenges to adopting open source. 

Software solutions provider Perforce, which recently released a report on open-source opportunities with Forrester Research, believes that while open source has cemented its role as a critical agenda driver in the enterprise, not enough organizations are taking the necessary steps to optimize their OSS strategies. 

“Without comprehensive and optimized strategies that govern the critical pillars of running OSS, organizations risk missing out on the benefits it can deliver, including greater flexibility and better efficiency, time to market for products, customer and employee experiences, and more,” the report stated. 

While free and open, open source can be complex and require expertise to maintain, support and operate. According to the Perforce report, it’s important to partner with industry leaders to maximize open-source success through migration help, ongoing management and support. Additionally, an open-source strategy that can clarify the open source initiatives, governance, role of internal resources and external support can help pave the way for open source in the enterprise. 

“Finding success with open-source software as an enterprise organization requires a fully formed strategy – especially as it applies to critical areas like support,” said Rod Cope, CTO at Perforce Software

The post Open source is a community, not a brand appeared first on SD Times.