We survey a broad panel of IT decision makers about the state of enterprise open source every year. We also have many thousands of conversations with customers, prospects, analysts, and industry peers. So it takes a lot to surprise us. Yet, every year that we run this survey there are usually one or two results that we didn’t really expect. Here are a couple from this year’s The State of Enterprise Open Source 2022 report, for which we surveyed nearly 1,300 IT decision makers at medium to large enterprises worldwide.
Upstream contributions matter
Last year, when we decided to ask a new question about whether people cared if their enterprise open source vendor contributed to open source, our expectations were modest. Over the years, we’ve often found customers mostly interested in enterprise open source as a source of less expensive software in a good-enough product.
To be sure, sentiments have shifted over time with attributes such as better quality, security, and access to innovation increasingly eclipsing lower cost of ownership as a primary benefit of enterprise open source software. But we were still surprised when 82% said that they were at least somewhat more likely to select a vendor who contributes.
Essentially the same percentage this year were more likely to purchase from contributors, increasing our confidence that last year’s result wasn’t a fluke. But we also dug deeper into the "why" this year and we were at least somewhat surprised again. While we weren’t sure what the responses would look like, we’d probably have gone with choices that aligned most closely with benefits that had the straightest line between contribution and vendor participation—for example, influencing the development of needed features.
Mature understanding of the open source development model
However, while choices like these were frequently selected on the survey, others were too. And a number of those other reasons to pick contributing vendors, such as familiarity with open source processes and helping to sustain healthy open source communities, suggest a more sophisticated understanding of the open source development model than we were expecting.
To be most effective, this model assumes that some of the value obtained from using open source projects to build products flows back into open source communities as a sort of virtuous cycle. That IT decision makers answered the "why" in the way they did says to us that many buyers don’t view enterprise open source products in the same light as proprietary products.
Rather it’s the product of a different, and often better, development process. And likely also at least contributed to why this year’s survey also saw enterprise open source continue to gain at the expense of proprietary software.
Security as a benefit of enterprise open source
We’ve also seen the ascendance of security as an important enterprise open source benefit. This year, 89% of IT leaders said enterprise open source is at least as secure as proprietary software. This is a big change from not all that long ago. It used to be that quite a few potential buyers figured that being able to see the source code inherently decreased code security in the same manner as being able to see the schematics of a physical security system.
The improved perceptions of enterprise open source security are something that we’ve been tracking in surveys, focus groups, and in customer conversations for a number of years though. So the continued high opinion of enterprise open source security this year didn’t come as a surprise.
What was less obvious were the reasons why our respondents thought enterprise open source is such a benefit with respect to security.
The obvious historical answer to this question would have been that there are many eyes on the code. The problem with this answer has always been that there sometimes aren’t many eyes and what eyes there are may not be skilled ones backed by rigorous processes. In a way, this is the counterpoint to the "but the bad guys can see the source code" argument against open source being adequately secure.
It’s a naive dichotomy that once defined the mostly surface level open source security debate. We perhaps assumed it was still in force more than it apparently is—at least among the IT leaders at mostly larger firms who we surveyed.
But "many eyes" is now a ways down the list of reasons of why security is a benefit of enterprise open source. Respondents also indicated the ability to audit the code themselves was even less important.
Instead, 55% said the top reason is that their teams "can use well-tested open source code for our in-house applications." Furthermore, in spite of the attention that software supply chain security is starting to receive, IT leaders still say that the ability to use enterprise open source internally—as most companies doing application development do—is still a big net benefit.
Other leading reasons are similar to what you’d probably see with any enterprise software: Promptly-delivered, well-documented, and scannable security patches for example.
Our takeaway from these surprising (but maybe they shouldn’t be) results? Enterprise open source is increasingly seen as having many of the same positive attributes as proprietary software while also delivering on the benefits that come from the flexibility of open source licensing and the open source development model.
Learn more: Read the report
Learn more about what we learned from IT leaders in the fourth annual edition of "The State of Enterprise Open Source: A Red Hat Report."
About the author
Gordon Haff is a technology evangelist and has been at Red Hat for more than 10 years. Prior to Red Hat, as an IT industry analyst, Gordon wrote hundreds of research notes, was frequently quoted in publications such as The New York Times on a wide range of IT topics, and advised clients on product and marketing strategies.