"Open source: the great equaliser of the digital transformation"
Is it possible to think about innovation not as a closed loop but as an open process that thrives on input from the outside? For Daniel Glazman, VP Software Technologies at Thales, the open-source development model is the best way to encourage creativity and speed innovation. He explains why the Group is increasingly adopting open source solutions to guarantee the performance, security and maintainability of its products and services.
When we talk about open source, we think about free software or some libertarian ideal of resisting the dominance of the software giants. Has open source finally come of age?
It's been a long time since open source was considered the ugly duckling of the computer industry or just for a bunch of pirates! It became an important feature of the landscape as far back as 25 years ago. Remember that the CERN (European Organization for Nuclear Research) server, the first used to connect to the Internet, had an open-source licence. In 2011, Mark Andreessen, founder of Netscape, published a groundbreaking article entitled "Why Software is Eating the World". But he forgot to mention that it was actually open-source software that was going to eat the world! Open-source solutions are no longer the reserve of a small circle of experts; on the contrary, they are now deeply embedded in modern information systems and have come to play a predominant role in enterprise IT infrastructure.
What explains the rise in open-source solutions?
It's a natural phenomenon. Programmers have always been passionate about coding. And when they're pleased with their results, they tend to make their source code openly available, either to let other coders contribute, or simply to show off their achievements. But several events took the open-source movement into a new dimension. In 1991, a Finnish student, Linus Torvalds, took inspiration from a UNIX clone, the MINIX system created by Andrew Tanenbaum, to develop the kernel of his own operating system. The result was Linux, whose open-source code quickly attracted the interest of thousands of volunteer coders around the world. Long story short, Linux servers are now more popular by far than Windows servers. In 1997, the famous American hacker Eric Raymond published a seminal book, "The Cathedral and the Bazaar", in which he outlined the fundamental differences between open-source and proprietary software, with open-source software being developed horizontally (the 'bazaar'), while proprietary software is designed vertically (the 'cathedral'). Raymond concluded that it was better to publish software that is imperfect but functional, and to open it up to contributions from everyone, rather than to hold it back from users until it has reached some hypothetical advanced phase of development. This resulted in his famous motto, "Release early, release often", laying the foundation for the principle of rapid prototyping. When Netscape opened its browser source code a year after the publication of his visionary book, it shook the entire industry. The software world had clearly moved into a whole new ballpark.
Is cost still the main motivation for a company to use open-source solutions?
Not necessarily. It is important to distinguish between open-source and free software. To build your information system, you can always duplicate a data repository in freemium mode with open code, but that does not mean that the accompanying support will be free. Open-source software is still less expensive than proprietary software, but that does not mean copyright is dead! The real reasons for a company to use open-source software can be found elsewhere. Participating in open-source projects, using open-source bricks in their projects and integrating 'outside' elements, allows companies to be less dependent on technology suppliers. It sets them free from proprietary ecosystems that seek to preserve revenue in a global market for digital licences and services that is concentrated in the hands of a few large companies, mainly based in the US. Remember that dependence on any outside entity constitutes a risk. With the decentralised model of software development, any company can become a software publisher itself, join a wider community and allow others to benefit from its own innovations, all of which can significantly raise the company's profile. But above all, being part of an open-source culture, with its fast-changing processes and systems, is an incredible driver of an organisation's digital transformation. Sharing, co-creation and open innovation have profoundly changed the system, making open-source software a strategic option for many companies.
What are the main open-source solutions being used today?
Open-source solutions can be found in every layer of IT, from databases to application servers and operating systems. The open-source model encourages creativity and speeds the innovation process. Open-source software has played a key role in the biggest innovations of in recent years, like cloud computing, Big Data, artificial intelligence and IoT (the Internet of Things). Companies quickly realised that community development could lead to more efficient systems. They saw that it was in their best interests to share what could be shared and to think about innovation and R&D not as a closed loop but as a process open to outside collaboration, and focused on developing IT building bricks that create value in their own right. In short, targeted use of open-source software allows companies to attract new talent and focus their resources on their core business and special strengths.
What are the benefits of open-source software in terms of security?
Just like proprietary software, solutions can be found to mitigate every risk identified in open-source software. But having access to the source code is always an additional guarantee of maintainability. You can access it at any time and make sure it has no bugs that could be vulnerable to attack, such as a buffer overflow [when a programme tries to write more data in a temporary storage area than it was designed to hold], which is still the most common flaw in system security. If a code can be read, it is much easier to put together a team to assess the risk potential, and to check all the functions to make sure they perform optimally and that there are no backdoors or other malware that could allow hackers to connect remotely. It takes more time, but it's worth the extra effort. In fact cybersecurity, independence and transparency have become key reasons for companies to move to open-source systems and components.
How is Thales participating in this revolution?
The Group developed an open-source strategy quite a long time ago. As part of its work with the Eclipse and Linux Foundations, Thales is helping to promote the adoption and implementation of free and open architectures. By sharing software bricks and expertise and leading an open-source community of experts and specialised developers through a GitHub open-source organisation, we allow our customers to benefit from our expertise so they can accomplish their most ambitious projects. For example, to connect all the stakeholders in a port, airport or land-based location, Thales completely overhauled MGI's Cargo Intelligence 5 software based on a cloud-native application making extensive use of open-source code. Similarly, to help betting operator PMU modernise its horse-race wagering systems using racehorse tracking, Thales developed a Big Data platform that is continuously updated with the latest versions of open-source components. And recently, the Group developed Gokube, a tool that facilitates laptop use of Kubernetes, an open-source platform for automating the deployment, scaling and management of application containers. With all of these initiatives, Thales is helping to set new standards and create new ecosystems.
Thales operates in sensitive markets in the defence, aerospace and maritime sectors. Doesn't open collaboration raise potential legal issues and security risks?
Some contributors are not necessarily individuals but organisations, companies or associations subject to specific regulations, which raises the question of extraterritoriality [a principle of international law according to which a State relinquishes legal jurisdiction over a part of its territory to another State or international institution]. But you can set up restricted communities where only selected contributors, filtered by nationality or European Union membership, for example, can modify the source code. The risk of malicious acts, like injecting a bug, is never zero, but remember that there are always ways to revert to a previous version of code. The possibility of sabotage can never be ruled out completely, but in open-source communities, where transparency is key, any form of malicious activity can be identified straight away. Being in an open system does not eliminate risk, but it reduces it considerably.
How is Thales involved in open-source hardware?
Open-source hardware emerged in the 2000s, when a community of engineers wanted to apply the principles of open-source software to electronics and propose designs for motherboards, components and processors that manufacturers could reproduce and modify as they wished. In 2018, Thales joined the RISC-V Foundation to help design the RISC-V open instruction set and above all to rally manufacturers and academics around a subject that is crucial for our sovereignty. By opening up electronics manufacturing to multiple actors, Europe is considerably reducing its dependence, particularly on the US, where the majority of chips are produced, while at the same time protecting itself from potential disruptions to hardware supply chains. Thales is more active than ever in this field, which has grown to an unprecedented scale in recent years. The Group is now collaborating with open-source hardware communities to design processors for critical embedded systems, particularly in the aerospace and naval defence sectors. And for the past two years, Thales has organised a national RISC-V competition, and handed awards to three teams of students in Strasbourg in the summer of 2022 for their solutions to reduce the power consumption of the CORE-V CVA6 processor. Open-source solutions for hardware as well as software are becoming more integral than ever to Thales's innovation strategy.