Sun sheds light on its open-source future

Simon Phipps, Sun UK's chief open-source officer, surveys the open-source landscape and reaffirms his company's commitment to open-software development
Written by Adrian Bridgwater, Contributor

Sun UK's chief open-source officer, Simon Phipps, has a high-profile role to play as the company aims to complete its move to 100 percent open software development.

Echoing the words of James Gosling, the father of the Java programming language, Phipps said that, after more than a decade of Java development, the time is right for "the next chapter" in software programming.

For Sun, this next chapter means the release of its complete software infrastructure to open source. No small task, the company said that this has been a process of evaluation and analysis heavily focused on the communities which make open-source improvements possible.

Now eight years into his current tenure at Sun, Phipps is responsible for the team managing the company's global activities and relationships with a large number of open-source community groups.

As the company prepares for next month's JavaOne developer symposium in San Francisco, ZDNet.co.uk caught up with Phipps for an update on Sun's work in the open-source arena.

Q: For most of its history, Sun has been in favour of the closed-source approach to software development. What changed?
A: My role was created about three years ago to coincide with our company's ramping up of interest in open source. In 2005 we came to the conclusion that this was the future for the software industry, so I look after our overall strategy and our relationships across over 750 open-source communities.

These groups share broadly the same goals for open-source development but differ widely in terms of their licensing and delivery models. At their core, they derive from either organic or commercially driven roots and this can make a difference to the way we work with them. What's important to remember is that open source isn't just a community; it's a community of communities.

How do you view the broad picture for software development at the moment?
We see the software industry switching over from its current delivery model to adopt far greater focus on open source. I characterise the current model as a "procurement-driven" model, where a company puts out a proposal for a software system, a vendor analyses requirements and the company buys in and "acquires" the software in question. We see this approach gradually being replaced with the "adoption-led" model, at first in start-ups and then within larger business, where businesses adopt first and — possibly — pay later.

Sun has faced some criticism over its commitment to open source. Do you think that this is unfounded and how do you react to comments in this area?
I like to use the example of the chicken and the pig when trying to clarify Sun's position on open source. Both animals were asked by the farmer to bring something along for breakfast one morning to show their worth. The chicken turns up with an egg, while the pig turns up with a side of bacon. The farmer looks over the offerings and says: "Well, the chicken has contributed, but the pig is committed."

As a company, Sun has released all of its core products under open-source licences. It has taken us about five years on OpenSolaris and about three years on Java. There were one or two areas where we had to go back and recode from scratch but, largely, it has been a smooth enough journey. There's only one portion of Java left to work on and that's the SNMP systems management code and I think we're going to rewrite that.

A census has recently been undertaken to analyse deployments of open source in the workplace. Do you see businesses currently suffering from a lack of knowledge over their own open source installed base?
The fact is that most chief information officers simply don't have a policy for open source. But, then again, most chief information officers don't have a policy for use of Google, yet it exists within the enterprise. They don't have a corporate edict to use Google for search but people use it because it is there. In a lot of ways, this is how Microsoft started and built its reputation and popularity. Today, open source has gained momentum as it is solving problems at a departmental level and is gradually growing into an enterprise technology.

Given the security concerns that are naturally thrown up by exposure to open code structures, will Sun be putting forward a new set of open-source security policies now?
I'm fascinated to see what people think the security concerns are with open source. You see, most security problems are caused by an "exposure" situation, which develops into an "exploit", but one only turns into another when the exposure is hidden from view. In open source there are plenty of "exposures", but there are also many eyes watching, so the transparency of the situation means there is less scope for exploits and they typically don't evolve because the exposures get fixed too fast.

Red Hat is hosting the UK's first open-source forum on 14 May next month. The pre-show materials appear to suggest that enterprise migration to open source is the hottest topic. What do you think will turn the most heads at the event?
It may well be the case that events like these enable businesses to reach a new level of understanding as to what open source really means. If chief information officers expect to be able to sign up for open-source implementations and simply get something for free, then they need to step back. A more mature thinking chief information officer will see that…

…open source allows for the adoption of software, based upon its own merits, which can then be refined through rapid iteration as a result of exposure to the open-source community.

However, there comes a point in this adoption model where the chief information officer wants to offload the cost of his adoption team and either hires a DBA or a systems administrator, or actually buys a support subscription from a vendor. So it's not about getting a free product; it's about being able to choose which technology to invest in and how it is managed.

Now that you are so focused on open source, what do you think has allowed Linux implementations such as Suse and Red Hat to be so successful?
What these companies have done is to mould Linux into something which fits the procurement-driven market, and they have been very successful at it. What I have more time for is Ubuntu, which has very much embraced the adoption-led approach and is experiencing vast adoption but from a slow-burn growth perspective.

What would you say to non-technical business managers trying to evaluate the option to take the development of their company's technology stack towards an open-source model?
For business people, it's a fairly easy question of whether or not they want to be subject to "lock-in" by the technology vendors they form contracts with. Many will not see this as an issue and will be happy to stay with one vendor, but there are plenty that will want to get involved and will care about whether the architectural technology choices they make now will provide them with the freedom and independence they need in the future. I would argue that the managers that do care about this kind of thing are more likely to be the ones that use technology to forward their competitive advantage.

What are your views on Microsoft at the moment, as the company attempts to gain credibility for itself in the open-source space?
Well, I think it's a little early to be crying about things as yet. After all, Windows is built on open-source software. If you search through the binary of Windows for the phrase "Regents of Berkley University", you'll find that loads of their code is open source that they got from the BSD licence.

But, as a company, they clearly realise that the open source "brand" is popular and they don't want to miss out on being a potential "check-box" on a customer's prospect list. I believe, over time, it will grow for them, as I've seen more Microsoft people at open-source events than any other company.

Critics of open source have said that its early inceptions among the hobbyist communities make it an inherently risky long-term professional bet. What would you say to companies wary of moving their IT infrastructures to this kind of domain?
Remember: open source is not about "having" the source code; it's about having the freedom to do things with the source code. You can't isolate the philanthropic element out of open source; in fact, it couldn't have existed without it. The American software freedom activist Richard Stallman has been quoted many times on the subject of free software. He has always insisted that he's perfectly relaxed about people making money out of software, just as long as people don't lose their freedoms as a result.

Given that you said open source is the way forward, where do you see the technology developing in the longer term?
The scope is wide for sure. We're working our way through our infrastructure to make sure it is all opened up, from storage systems to our GlassFish application server project, right the way through to microprocessor design with open-source Verilog tools.

The meta-trend if you like, is that we continue to move towards a more loosely coupled world of technology, where costs can be more easily controlled and open source forms the bedrock of the new frameworks we build and interact with on a daily basis. What we want to do now is make sure that we're "bootstrapping" the governance that oversees the way we operate in this space, and this is really just the first stage. After this point, it's just one step at a time.

Editorial standards