I just encountered this
very interesting article on
Dr. Dobb's and feel that it deserves additional exposure, traction ... and sobering thought.
http://www.drdobbs.com/open-source/t...urce/240168123
Quote:
Despite the rivers of ink that have flowed regarding the recent Heartbleed vulnerability, I believe the developer community has not addressed the right problem. Developers have fixated on a debate about one of open-source's most touted advantages: With many eyes looking at the code, is open source able to correct bugs faster than closed-source projects?
But this discussion misses the central issue, which in my view is not technical, but monetary. The OpenSSL team, whose project was the home for the Heartbleed vulnerability, discussed with remarkable candor how much the lack of funding from the product's users has limited their development work and, by extension, their ability to find and remediate such defects. It turns out that major users of OpenSSL, such as Cisco and Google, among others, had incorporated the software into the important products, but sent little or no funds to the developers.
Faced with this embarrassing revelation, the companies quickly got together, pooled some money, and assembled a committee that agreed to dispense funds to worthy projects, starting with OpenSSL. This is a hurried patch — one that will temporarily relieve the problem, but not address its root cause.
The root cause is a fundamental conflict at the heart of open source: the opposing forces of building community vs. deriving a sustainable level of revenue from an open-source project.
The tension between these forces is most acutely felt when choosing a license for the project [...]
|
My only immediate purpose in posting this reference and this excerpt is to raise a bit of awareness of what I think is a very interesting point. Although I do not entirely agree with the conclusions of the story's author
(Andrew Binstock), I do feel that they are meritous of being "smoked-over."
(I also gave some thought as to in which forum it would be most-proper to post it, and should the Moderators disagree with my choice, may they "feel free.")
Whether or not you concur that these arguments stand – and I have somewhat mixed feelings about it – they are nonetheless very significant, I submit, for having been raised. The journalistic credulity of
Dr. Dobbs' Journal is, of course, very well established. I think that all of us, in our industry, should be contemplating these assertions by this also-well-established journalist, who is nothing less than Editor-in-Chief.