Makeup of a Good Open Source Solution

In consulting sessions companies often ask me about the quality of open source software in general. There are, of course, both good and bad open source solutions, and it is one of the reasons companies hire commercial open source consultants to assess different kinds technologies for them. Open Source technologies are the result of user community collaboration and participation, and that’s what brings simplicity, modularity, quality, and security to these solutions.

Simplicity

The route that many Open Source projects such as Joomla, Drupal, or phpBB3 are taking these days is to build a vanilla framework with a basic set of functionalities and then rely on the community feedback to develop additional set of functionalities over time. This approach is very efficient because most of the implemented features will actually be used by most users. This way, the application architecture stays lean and simple, yet there’ll be room for further scalability and customization.

This approach goes against the traditional business and product development methods where a limited group of “experts” within a corporation conduct surveys and marketing research, then build a product based on a list of assumptions and features that experts think users may find interesting. In reality, only a portion of those assumptions are right and every miss is considered a business loss that is going to be compensated using cunning Sales and Marketing schemes.

Modular Architecture

An application developed based on community feedback may not answer the specific needs of many businesses. This is why a modular architecture meets those needs.

A modular architecture enables users to customize a generalized and Vanilla software solution by adding and removing extensions and components. It also means that when we add or remove extensions to a modular system, they don’t break the functionality of the system as a whole.

Open Source solutions are often more modular by nature, because a component developed in Australia has to work nicely with a component developed in North America or Europe. This means developers worldwide need to follow common design standards. It also encourage users to mainly focus on what they are good at. For example one development team specialized in e-commerce is more likely to focus on developing Shopping Cart extensions, vs. another team specialized in communications is more likely to focus on developing Newsletter Management extensions.

Quality and Security of the Source Code

In the open source world anyone can download a copy of an application source code and read through it. This means if a contributor submit a badly written code, it will be picked up by the community and over time the embarrassment would gradually ruin the reputation of the developer. On the positive side, this level of openness encourages contributors to constantly polish their written code and be recognized for their technical knowledge and abilities. In such a democratic environment good quality contributors move to the top, and poor quality contributors gradually stay behind and eventually opt out. The core development team often consists of the people who have a long history of quality contribution to the project and the community.

Open Source applications are often downloaded by hundred and thousands of users and get tested brutally on different environments. Bugs and Security issues are reported on a publicly available bug tracker where the core development team and other contributors would gradually resolve the issues. The more community members participate in this process the better the quality becomes. There is famous quote which says: “All bugs are shadow given enough eyeballs”.

Security flaws are just another category of bugs. A software has to be secure enough that even knowing what’s inside a source code wouldn’t help much to compromise it’s security. As a matter of fact, hiding the source code of a poorly developed software from public, and hoping that no-one would find out about it, is considered one of the poorest security measures called “Security by Obscurity”.

[tags]opensource, modular, web application, rastin mehr, rmdstudio, joomla, drupal, phpbb, community, software, quality[/tags]