Software development productivity has evolved tremendously over the decades as the cost of computing has plummeted rapidly while the cost of human capital has accelerated. Of course there are some anomalies in the “human capital” part of the curve as development can now take place in countries like India where wages are lower than say Silicon Valley. Still, when plotted against a dollar per unit of computing power curve which is exponentially decreasing, it continues to be much more expensive to hire programmers than to add processor cores or to increase clock speed.
Case in point, a few decades back when programming an IBM mainframe, it didn’t matter that programmers had to batch their programs using punch cards and wait for the computer’s results because you weren’t going to add more mainframe processing power unless you won corporate Lotto.
This brings us to the present day where programming has become more of a combination of piecing together existing components and adding your special sauce than it is an endeavor started from scratch. Thanks to the internet and sites like SourceForge and CodePlex, a developer can pick up the pieces of code they need to solve specific problems as they build their finished product.
According to Mahshad Koohgoli, CEO, Protecode, open-source is the ultimate form of code reuse but companies have to know the pedigree of the code they are using. In other words, a working project can have all sorts of issues you aren’t aware of and which may bite you at some point in the future.
It may be tough to remember but there was a time in life where the phrase “There is no such thing as a free lunch” actually was true. Since the nineties, thanks to Napster and now multiple P2P platforms, music and movies have become free (well they really aren’t “free” but they sure seem to be to so many). Moreover, you can download thousands of free productivity and game apps which are ad supported or user a freemium-model. In the eighties and nineties you had to pay for your video games whether by buying an Atari-type game console or you plugged quarters endlessly into a large machine every time the red ghost ate your Pacman. What I’m saying – and please sit before reading further, is open-source software is not really free.
Let me explain. You see you can download it for free and use it for free but at some point you may not realize the problem on your hands.
There about half a million projects on SourceForge and two-thirds of them are dead according to Koohgoli and when he uses the term “pedigree” he is referring to maintainability, bugs, security vulnerabilities, support and code evolution. In other words, you don’t want to embed code into your product with known bugs and other problems which may not ever get resolved. Koohgoli says by the way that there are about one-thousand [relevant] projects which get searched on again and again.
So perhaps the above statement needs to be amended for the times to “You have to know where to look to get that free lunch.”
Other challenges facing corporations have to do with compliance. If for example you use software which uses encryption and ship it to a prohibited jurisdiction. The cloud too has its own challenges as according to AFFERO GPL you need to make the source code of your application completely available to users – even on a private cloud.
Koohgoli emphasizes that you need to be aware of these issues to ensure they fit within your business objectives. He further says the goal isn’t to catch intentional plagiarists – developers focus on development and don’t want to be bothered with obligations regarding code use. They also turnover often and don’t often document as much as they should leaving their employers in a difficult situation. Moreover, he reminds us the sooner you catch a deficiency, the cheaper it is to fix.
In order to solve the above challenges, Protecode works with corporations to scan their software against its multi-terabyte database which contains more than 140 million files to find similarities. It can scan binaries, packages, RARs, ZIPs and other compressed packages as well.
From there the company uses its algorithms to determine which files match and moreover which project and version thereof is most likely to the best match. The goal as you can imagine is to minimize the manual work required as he says you could potentially find 10,000 matches for a particular signature in the database.
Another challenge the company helps with is M&A because buyers are becoming painfully aware of the liability involved regarding software and do their best to minimize these sorts of problems before the complete the transaction. You may remember Cisco was sued in 2008 by the Free Software Foundation because of a GPL violation related to the Linksys products they purchased. As a result they had to provide their router software to the open-source community for free.
It turns out an overseas contractor used code they shouldn’t have and as a result the liability found its way into the networking vendor’s product line. This of course reminds us that outsourced software development potentially presents increased challenges to corporate liability.
Protecode came out with a cloud-based solution of their own a few months back and I’m told it has become the solution of choice for the newer companies as well as those developing mobile apps.
Programming has progressed a great deal since the days of IBM and DEC assembler but knowing the quality of the code your company has produced is still as important today as it was when your programmers had to scour a multi-thousand page book to determine what an ABEND code meant. Thankfully the process of determining code quality is much easier today thanks to a slew of new tools like those provided by Protecode.
I hereby retract my comments during CS267 at UCONN where I said who on earth would ever use knowledge of IBM assembler and ABEND codes in the real world?