Whether your enterprise is heavily vested in open source software or just thinking about taking the plunge, SpikeSource CEO Kim Polese is hoping you'll turn over one of the most difficult parts of running an open source stack to her (and save money in the process): managing change. With hundreds if not thousands of components being developed, updated, patched, an upgraded in a highly distributed fashion, often by people who don't even talk to each other, keeping an open source stack running like a well-oiled machine can be challenge, to put it mildly. With its intellectual property that Polese calls the company's "testing harness," Spikesource can inspect source code changes within hours of their availability, discover any potential incompatibilities with its customers existing systems, and take whatever corrective action is necessary to make sure that those systems get the latest, greatest code without compromising their integrity.
Here at PC Forum in Scottsdale, Ariz., I had an opportunity to catch up with Polese to get the full company pitch as well as some of her insights into the open source world -- including the legal challenges it may face and recent developments such as Sun's open sourcing of Solaris. The interview is available as both an MP3 download and as a podcast that you can have downloaded to your system and/or MP3 player automatically (see ZDNet's podcasts: How to tune in). Here are some of the highlights of what she said:
Regarding Sun COO Jonathan Schwartz's assertion that switching from Red Hat to SuSE Linux is just as painful as switching from one of them to Windows (thereby making them equally proprietary): He has an excellent point and that's one of the reasons why we're in business. It's to help solve that problem, to futureproof for companies the problems that have been inherent in changing platforms. So, if we certify Red Hat and SuSE and all these others distros against dozens of components in the stack, that problem is mitigated because the customer doesn't have to do that. We've already done it. So we essentially automate the process of helping them port to new platforms should they want to.
Polese on Spikesource's value proposition: Typically, [our customer] is a company that's using open source in a production environment. They've built applications in open source. It has proliferated throughout their company and now they're realizing that they're spending a lot of time. They've got IT people doing nothing all day but figuring out if there are bug fixes, patches and new features to all of these different components and then integrating them, certifying them, testing them and managing the versioning, and this is becoming significant in terms of overhead costs. So what we do is, when we engage that type of customer, we take that task off their hands. They hand the job of certifying and testing their infrastructure to us. The business relationship is that we provide the updates, the alerts, the notifcations, and patches and deliver them directly to the customer's site on a satellite server on an ongoing basis. Within eight hours of a patch becoming available, for example, we will have tested and certified that it works across all the different components in that customer's stack and deliver that patch -- certified -- to the customer site for a fee.
Polese on the legal risks of getting involved in open source: This is something that any company that touches open source in any way could potentially be subject to, but I think it's something more related to fear than the reality...None of these licenses have been challenged in court, for one thing. There's a governance that's seemingly working quite well in the open source world. And there's so much widespread use of open source today that, in my view, this is unstoppable. This is not something that can be shut down by a lawsuit or by the fear of legal liability.
Polese hinting that it's not the type of open source license (e.g.: GPL vs. CDDL) that matters to enterprises -- it's what is best suited to the task: They're looking for the best tool for the job that they have. We hope to help them make intelligent decisions. We aim to help them do that by saying, "if you're trying to accomplish this task, we've evaluated this component, we've aggregated all the knowledge we can find about this component and this combination of components, and here's what we recommend if you're trying to get this particular task done."
In answer to the question of whether SpikeSource will be certifying Solaris now that it has gone open source: We will be. Yes. Solaris 10 and OpenSolaris.