blogger: Joe Niski
Living in Portland, Oregon, I often see news regarding commercial involvement in open source software, Linux, Linus Torvalds (currently a Portland resident), and the Open Source Development Labs (OSDL) in the business section of the local paper before I see it online. Such was the case with former OSDL CEO Stuart Cohen's announcement of first-round funding for the Collaborative Software Initiative earlier this week. By late Thursday, online reports had no more depth than the Tuesday Oregonian’s business section.
Briefly, CSI intends to build software for vertical markets using an open source development model, possibly releasing it under a to-be-determined open source license. The idea is to provide functionality that's necessary (e.g., to meet regulatory requirements or industry standards) but likely won’t provide competitive advantage to any company using it. CSI defines collaborative software as “software developed or acquired by a variety of like-minded companies at a fraction of internal development or outsourcing costs.”
Having recently spent several years as a software architect for a large bank, and seeing the enterprise fire drills surrounding Sarbanes-Oxley and the Payment Card Industry Data Security Standards, I find CSI's concept really compelling.
From the perspective of software architecture, Burton Group considers “infrastructure” as “everything but business logic.” The easily understood examples are common functions such as authentication and authorization. Extracting infrastructure logic from applications and making it available via common APIs, frameworks, or services can save money, improve consistency, and allow application developers to focus on business functionality rather than “plumbing.”
Compliance functions fit this definition of infrastructure - the key difference is that they're not as universal as auth & auth, but are industry-specific. They have little business value in terms of differentiating a company's products and services - they're a cost of doing business. In banking (in which operating margins can be tight as for retail groceries), the costs of compliance are significant. Individual companies have much to gain by lowering the cost and assuring the quality of reusable software that helps them meet government and industry standards. CSI seems to be proposing a hybrid of collaborative open source development and outsourcing. Ideally, participating companies could have the visibility and input of an open source project, without taking on the overhead of managing it completely, and without the risk of vendor lock-in.
I’d love to see CSI succeed for a number of reasons, but primarily because they’re exploring a different business model for software development. It’s a way of responding to real business needs. It brings the open source development model up the software stack, from the operating system and generic application framework into the lower reaches of the business layer. It points toward a way of making a business of open source development, as opposed to selling support.
And it’s a welcome contrast to big vendors throwing their resources behind open-source projects to influence the competitive landscape, or open-sourcing their existing products and technologies to gain or retain developer mindshare. It has potential to get competitors within a vertical market to cooperate in their own interest.
CSI's announcement also serves as a reminder that many of us in the IT biz assume “open source” includes “free” - we shouldn't assume anything.