Enterprise Executive 2017: Issue 2 : Page 41

in the projects so they can fix them, but if you have no support contract in place, you are left to support the software with your own personnel. The value proposition of open source is that it will lower your costs, but without a defined support structure, your operational costs go up. Not all open source software needs to be aware of specialized hardware. However, getting features developed for specialized hardware can be troublesome because developers do not normally have access to that hardware and cannot test with it or even understand how to exploit it. In the example I mentioned earlier, the problem was with exploiting a security hardware feature the package developers did not have access to. It took setting up a special test environment for the package developers and collaboration among several parties to be able to diagnose and fix the problem. To be fair, many commercial software development organizations have the same problem, but getting the bug fixed is more streamlined in most cases. Anyone can get access to the source code for an open source package, even bad actors. There are several examples of malicious programmers introducing exploitive modifications to the project. One example of an accidental security exposure was with the OpenSSL project where a bug called Heartbeat was introduced in the code in 2012. Secure Security Specialized Hardware Sockets Layer (SSL) is used to protect private communication over the internet and the Heartbeat bug provided a way to read past the end of the buffer and into the unprotected memory to access passwords and crytographic keys. Heartbeat was in distribution for over two years and on an estimated half a million servers before it was discovered. Most open source developers are driven by providing new features in the package, but rarely have much training in usability design. Because they develop the code, it can be obvious to them how it works even if it is not obvious to many others. This phenomenon, called “programming for the self,” results in packages that are feature rich, but highly difficult to use. Some have attributed the lack of a strong desktop Linux to this problem. For many, user interface is an afterthought that rarely gets developed. Despite the list of issues, there is still strong sentiment for using open source software in enterprises. While surely valuable for many companies, it is a good idea to be aware that it might not be the panacea to controlling costs you think it will. As I always urge, assess the potential savings for your environment and don’t let distributors act as consultants. EE S. Michael Benson is retired as an Executive IT Architect after 30 years at IBM. He held positions in development, architecture, management and technical sales. He holds a Master’s Degree in Computer Science from Marist College. Email: smbenson58@gmail.com 2017: Issue 2 | E nt e rp r i s e E xe c u t i ve | 41 User Interface Design

Previous Page  Next Page


Publication List
Using a screen reader? Click Here