News Flash: Oracle Still Hates Open Source Software

It's no wonder that Google, Red Hat and others have been abandoning Oracle's most visible open-source project, MySQL. After all, Oracle has a highly conflicted relationship with open source. Nowhere is this conflict more apparent than in a new white paper Oracle released for the U.S. Department of Defense (DOD) in which Oracle suggests open source costs more and is less reliable.

Unfortunately for Oracle, the DOD has its own white paper on open source—several, actually—which directly contradicts Oracle's key arguments.

Oracle's Love-Hate Relationship With Open Source

Oracle is an odd beast. Throughout the whitepaper, Oracle somewhat accurately proclaims itself "one of the biggest proponents and contributors to open source within the industry," and points to ways that it improves open source. Much of this is true: Oracle does significantly contribute to open source.

But given how much of Oracle's business depends upon a steady stream of big, upfront license deals with eternal maintenance fees, it's not surprising Oracle damns open source with faint praise: "Oracle is embracing and offering open source solutions as a viable way to complete simple software projects and as an adjunct to the development and deployment of more complex projects that are based on commercial software."

In other words, Oracle loves open source ... to a point.

The DOD's Long-Term Relationship With Open Source

It's not surprising that Oracle would try to dampen the DOD's enthusiasm for open source. The DOD has demonstrated a long-standing willingness to entrust serious, mission-critical applications to open source. (See here and here and here.)

First memorialized in an official memo back in 2003, the DOD has continually agitated for more open source within the U.S. military. The DOD has even sponsored its own open source conference, and has published a list of lessons learned from its many years using open source.

As such, if any organization is intimately familiar with both the promise and pitfalls of open source, it's the DOD. And yet open source adoption at the DOD remains rampant and robust.

DOD: Sorry, Oracle, Open Source Costs Less

In fact, the DOD has authored an FAQ that answers Oracle's myth-making white paper point for point.

Oracle argues that open source is more expensive than its proprietary software:

Focusing on the easily identifiable and predictable hard costs, such as software licensing and annual support, can obscure the total lifecycle cost of a program. Technology DoD and Open Source Software decisions based on short-term or up-front savings only consider 10 to 20 percent of total program costs. The best value to the government comes through optimizing developer productivity, providing reliable and scalable infrastructure, and reducing these soft costs. 
In many cases, the commercial alternatives [to open source] lead the market because they have far superior capabilities to the open source projects. In those circumstances, adoption of open source has proven to actually increase the overall cost of the project, thereby resulting in program cost overruns.

In other words, Oracle wants the DOD to believe open source costs more (and that it somehow delivers enhanced developer productivity, which surely must seem comical to the overwhelming majority of developers who have embraced open source). To this the DOD offers this response:

Proprietary COTS [commercial off-the-shelf software] ... typically trades off flexibility; the government typically does not have the right to modify the software, so it often cannot fix serious security problems, add arbitrary improvements, or make the software work on platforms of its choosing.  If the supplier attains a monopoly or it is difficult to switch from the supplier, the costs may skyrocket.  What is more, the supplier may choose to abandon the product; software escrow can reduce these risks somewhat, but in these cases it becomes GOTS [government homegrown code] with its attendant costs.
OSS [open-source software] COTS is especially appropriate when there is an existing OSS COTS product that meets the need, or one can be developed and supported by a wide range of users/co-developers.  OSS COTS tends to be lower cost than GOTS, in part for the same reasons as proprietary COTS: its costs are shared among more users.  It also often has lower total cost-of-ownership than proprietary COTS, since acquiring it initially is often free or low-cost, and all other support activities (training, installation, modification, etc.) can be competed. 
Or, as the DOD writes elsewhere, "DOD needs a more efficient software development ecosystem—more innovation at lower cost. [Open source] squeezes financial waste out of the equation by reducing lock-in and increasing competition."

DOD: Sorry, Oracle, Open Source Can Be Highly Reliable

Oracle's other big myth is that open source is inherently not reliable. Oracle tries to position open source as a bit of a play thing: "Open Source tends to be used successfully in simple, low-risk projects." But such an argument flies in the face of the hundreds of thousands of mission-critical, open source-based IT projects within the DOD and elsewhere. Nevertheless, Oracle persists with its argument:

Perhaps the most important issue in a major DoD system is reliability, which includes the ability to scale under heavy load as well as a system’s security and information-assurance features ... Load testing, system performance tuning, and system optimization are also expensive tasks. Commercial software companies have developed highly refined methodologies to perform these tasks. Don’t underestimate the difficulties associated with testing open source software and incorporating required changes into the main development stream, especially when it comes to testing for robustness and reliability under load.  

Of course not, concludes Oracle, declaring that "for mission-critical functionality, commercial software wins the day." 

The DOD, however, disagrees:

[Proprietary software] lock-in tends to raise costs substantially, reduces long-term value (including functionality, innovation, and reliability), and can become a serious security problem (since the supplier has little incentive to provide a secure product and to quickly fix problems found later)...
Continuous and broad peer-review, enabled by publicly available [open] source code, improves software reliability and security through the identification and elimination of defects that might otherwise go unrecognized by the core development team. Conversely, where source code is hidden from the public, attackers can attack the software anyway...

That said, the DOD goes on to note that neither proprietary software nor open-source software is a good fit where the slightest error could result in fatalities: "Software that meets very high reliability/security requirements, aka 'high assurance' software, must be specially designed to meet such requirements.  Most commercial software (including OSS) is not designed for such purposes."

Advantage, Open Source?

This isn't to suggest that open source is perfect. Rather, it simply shows that the DOD, with over a decade's worth of experience running open-source software in mission-critical projects at scale, doesn't need Oracle to help it understand how to save money and improve reliability. For some applications, Oracle's technology is almost certainly a great fit at the DOD. For many other applications, however, open source is perfect, and these aren't just the "simple applications" Oracle dismisses. 

As such, expect to see open source continue to boom within the DOD ... and Oracle to continue to wish it didn't.