This article was originally posted on Medium.
Undoubtedly, your business is run by open source languages; coders of all kinds - from Dev to QA to DevOps - have adopted open source languages. But we’ve also moved from general purpose languages that were easy to adopt to inventing languages that are more suited to niche problem spaces.
At Activestate, we’re big believers in open source languages. We’ve been contributing to open source language projects and building versions of languages like Perl, Go, Tcl, Ruby and Python for over 20 years. We’ve witnessed the massive shift in the adoption of open source languages and genesis of new ones.
This mass popularity of open source languages and the proliferation of new languages co-existing with older languages creates more and more challenges for various stakeholders in the Software Development Lifecycle (SDLC) and more tension.
I’m passionate about converging the needs of two specific groups of stakeholders: coders and the organizations for which they work - the Enterprise. The tension between these two groups exists because of the gap between their needs.
There are ways to fulfill what both coders and Enterprises need, create better experiences for coders and make things easier for all stakeholders in the SDLC.
We want to help close the gap vis a vis open source languages. Enterprises require security, control and compliance. Coders need speed, want to create, and crave a frictionless environment; we need to get roadblocks and restrictions out of the way for coders while ensuring the needs of the Enterprise are being met.
Close the Gap, Today
Today the best way to mitigate your open source language risks and solve your coder need for speed is to work with a vendor. A vendor who can provide more than support, and provide:
- The right packages for each specific application
- The right licenses based on usage
- The right notification and remediation based on CVE security threats
- The right indemnification based on usage
- The right builds, standardized for all of your teams and ready to go out of the box.
- The right expertise to build you exactly the language distros you need based on usage, environment, security & compliance requirements and applications.
Close the Gap, Tomorrow
But what about tomorrow, what if you could resolve your enterprise requirements, still fulfill coder needs and gain all of the potential benefits of open source languages? What if...
What if You Had Uniform Tooling?
What if uniform tooling could be provided across open source languages? And what if enterprises could use a single uniform tooling set regardless of open source language? It would solve needs for the coder & the requirements of the enterprise.
Tooling is the collective solution for open source languages to be: compiled & installed; dependencies found & installed; and code written, tested & updated. However, today tooling isn’t uniform across open source languages. And the maturity and best practices of tooling wildly vary. Enterprises create a work-around by creating policies to mitigate for deficiencies in tooling. This work-around is sub-par because it happens too late in the SDLC after threats and issues are introduced into your code.
What if You Could Give Coders an Easy Way to Implement Your Open Source Policies?
The "openness" of open source & lack of controls means it resembles the wild west. Less restrictions enables faster innovation but it comes at the cost of quality and cohesion for the enterprise. Many of your installed libraries have holes and security threats. Enterprises are faced with time-consuming license reviews to ensure adherence to 3rd party license rules. Plus, license reviews happen at one point in your code’s life-cycle versus in an ongoing automated way. Enterprises are burdened with high administrative overhead & stale information.
What if You Could Use One Ecosystem Above All Others?
What if a company could have a uniform and high-standard for their package management with no vendor lock-in & all based on open source? What if a company could be guaranteed the same quality and types of packages for every language they use? What if a company could easily have visibility for what is being used across all of their environments, from concept to dev to testing to production? It would be easier for the coder & fulfill the requirements of the enterprise.
Open source language ecosystems are wild and unreliable, updates and deletions can occur. And there are different package management solutions with differing degrees of sophistication, complexities and required expertise to use. Today an Enterprise can easily end up with multiple package management solutions and have different packages of the same open source programming language. There is no single or consistent source of truth.
More "What Ifs"? We Want to Hear From You
At ActiveState we are tackling these “what ifs” with the ActiveState Platform. My fellow Activators (ActiveState employees) and I are really excited about what we’re working on, but we also need your help. We’re spending a lot of time listening, sharing and creating conversations. But we need to do more.
Want to help shape what our ActiveState Platform looks like in tackling these “what if’s”? Open to sharing the challenges you’re facing with open source languages? Or maybe just interested in learning more?