UPDATED 16:39 EST / SEPTEMBER 15 2017

CLOUD

Equifax breach, profit pressures squeeze open-source community, says Signal coder

The open-source community may be headed toward a major turning point, thanks to a security breach of epic scale.

When news broke this month that the personal credit records, including names, birthdates, Social Security Numbers and home addresses of 143 million people had been breached at the credit rating bureau Equifax Inc., there was outrage. As more details have emerged, reports have placed some of the blame on an open-source server framework called Apache Struts, although representatives from that project have issued their own statement questioning whether vulnerabilities in open-source software led to a hack of historic proportions.

Even if it’s found that a flaw in Apache Struts led to the massive breach, open-source is not going away. In fact, major tech players, such as Microsoft and Amazon Web Services Inc., have recently put significant support behind open-source projects and startup investment in the field — reaching $3.5 billion between 2012 and 2015.

But there is still tension between a community of open-source developers who believe in the power of its collective, democratic model and companies who need to bring successful products to market that will realize a nice return for the bottom line.

“I don’t think that money is a primary motivating factor for most people in the [open-source] community,” said Christine Corbett Moran, Ph.D. (pictured), NSF astronomy and astrophysics postdoctoral fellow at California Institute of Technology. “When you do something of value, money is the reward for that, and the only question is how to distribute that reward to the community.”

Moran paid a visit to theCUBE, SiliconANGLE’s mobile livestreaming studio, and spoke with co-hosts John Furrier (@furrier) and Stu Miniman (@stu) during the Open Source Summit in Los Angeles, California. They discussed the power behind the open-source community, Moran’s own successful invention three years ago, corporate involvement in getting products to market, nation state attempts to stifle innovation and the challenge of training the next generation. (* Disclosure below.)

This week theCUBE features Christine Corbett Moran as our Guest of the Week.

Red Hat only winner so far

On the scoreboard of corporate success, the only purely open-source company to emerge as a “winner” has been Red Hat Inc., a publicly traded firm with $19 billion in market capitalization and a share price currently in excess of $100. Hortonworks Inc., with open-source products built on the Apache Hadoop open-source ecosystem, has been showing stronger earnings of late and recently signed a major deal with IBM Corp. But Hortonworks is still cash-flow negative.

There are also “mixed” companies emerging, such as Cloudera Inc., with open-source Hadoop products and proprietary extensions. Cloudera’s co-founder was recently quoted by SiliconANGLE describing his firm as “an enterprise company” rather than open source. Nevertheless, there is a school of thought in the open-source universe that current challenges facing the tech world demand community-based solutions.

“Open source has really shown that you can’t do as much unless you share your contributions and benefits from people around the globe,” Moran explained. “You can’t do it alone; there’s no lone genius. You have to do it as a community.”

The astrophysicist knows this first hand. Moran helped develop Signal, a calling app in 2014. It was the first iOS open-source app that enabled encrypted voice calling for free. Signal came out of the nonprofit software group Open Whisper Systems, and its open-source protocols are widely used today for encrypted communications, including Facebook’s popular WhatsApp platform.

The success of Signal highlights a hard reality confronting open-source developers. They can spend countless hours creating a superb product, but it doesn’t really become commercially viable until a company adds the final tweaks to generate easier use and wider adoption in the commercial marketplace. This final work can be difficult, and open-source developers often shy away because it lacks the fun, technical elements they enjoy.

“A lot of the open-source contributors, myself included, often aren’t very excited about that,” Moran said. “We, as a community, have to figure out — keeping our radical governance structure — how to get more projects to have that final polish.”

Stymied by regulations

Another challenge facing the open-source community is keeping itself truly “open” and avoiding being stymied or shut down completely inside a particular nation state. Earlier this month, China announced that it would ban initial coin offerings over concerns that digital currencies were disrupting the country’s financial order. The most significant of these currencies — bitcoin — is based on an open-source platform, and the readily-available code has spawned a large number of startup companies seeking to capitalize on interest in alternative monetary systems.

Developers in the open-source community are skeptical that moves such as the one in China will ultimately succeed. “The math is on the peoples’ side. It’s very hard for one particular government or nation state to say, ‘Hey, we’re going to put this back in the box.’ It’s Pandora’s box; it’s out in the open,” Moran said.

Any community-based movement such as open source depends heavily on a constant influx of new talent. Online computer science courses are beginning to fill the gap, but developers such as Moran are growing increasingly concerned about a dearth of knowledgeable teachers who can motivate aspiring coders, especially at the high school level.

“Teacher training is something that I’m concerned about. There’s a huge lack of people capable of teaching the next generation who are working at the high school level,” Moran concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Open Source Summit 2017. (* Disclosure: TheCUBE is a paid media partner for Open Source Summit 2017. Neither The Linux Foundation nor Red Hat Inc. have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU