Open-source software (OSS) is becoming more popular, but a lack of knowledge about how these packages work together remains one of the biggest problems with it. Rogue Wave has released its annual Open Source Support Report, which found common OSS issues are a result of development teams not being equipped to support the OSS they are using. Eighty percent of issues come from configuration and infrastructure, not necessarily the open-software package itself.
“The old story of needing to understand if your organization uses open source has shifted to how and how much open source is in your applications,” wrote Rod Cope, CTO of Rogue Wave, in the report. “It’s no longer worthwhile for management to discourage open source. We’ve reached a point of acceptance. But with this open source comes issues that aren’t necessarily familiar to the enterprise world.”
The report is designed to look at real-world statistics on how and why customers use OSS in the enterprise. According to Cope, while developers may understand the open-source package they are working with and how to fix an issue within a package, they are still trying to figure out how different packages interact with one another.
For organizations to successfully roll out an open-source software initiative, they need to figure out how it will work in a mixed-source world and understand the legal challenges, Cope explained.
“It is not just developers who can write some code and deploy something. It is: Did you do it correctly? Will it scale? Is it secure? Will it play well in your mix of commercial and proprietary code you wrote? Will it work with other open-source code? Is it optimal?” he said.
In order to do so, Rogue Wave says enterprises need training, architectural guidance, package selection help, and performance tuning.
“Keep an eye on what open-source packages are gaining traction, and which are being regularly updated,” wrote Richard Sherrard, director of product management for Rogue Wave, in the report. “Make sure you don’t fall behind on version numbers or you may become vulnerable. There’s so much to consider when building and maintaining an OSS strategy.”
The report found the top support requests came from (in order) Apache HTTP Server, JBoss Application Server, Apache TomCat, ActiveMQ and Eclipse.
In addition, the top licenses included Apache License 2.0, MIT LIcense, BSD 3-clause New or Revised License, GNU Lesser General Public License v2.1, and GNU General Public License v2.0. According to the report, 60% of audits contained strong copyleft licenses; copyleft licenses were found in 82% of audits; 20% contained free licenses; and OSS was found in 98% of audits.