Q&A with ActiveState: on the Challenges of Working with Open Source Languages, the Future of OSS, and ActiveState’s New SaaS Platform

The Challenges of Working with Open Source Languages, the Future of OSS, and ActiveState’s New SaaS Platform
This article was originally published in SourceForge.

Today, knowledge-centric organizations have come to recognize the value of open source languages as an integral part of software application development. From startups to Fortune 500 companies, forward-thinking organizations are taking full advantage of open source languages to develop new software solutions that can help accelerate digital transformation in their enterprise while cutting operational costs.

While open source languages bring about efficiency and cost-saving benefits to businesses and development teams, it can also introduce some risks and operational complexity to software development lifecycles.

To help address the challenges of working with open source languages, SourceForge recently caught up with Bart Copeland, the CEO and President of ActiveState, to discuss the ways to solve key pain points faced by today’s developers and enterprises when using open source languages. Copeland also offers some insights into the future of open source software (OSS) and shares how ActiveState’s New SaaS Platform can empower DevSecOps to seamlessly manage open source languages at runtime.

Q: Can you please give us a brief overview of ActiveState (year founded, size, solutions, etc.)?

A: ActiveState was founded in 1997 and has been doing Python builds since 1999. The company serves millions of developers, including more than 97 percent of the Fortune 1000 companies. Today, ActiveState continues to provide top quality solutions for open source languages. In fact, core contributors or inventors of open source languages have worked and currently work for ActiveState.

ActiveState’s focus is on making open source easy for the enterprise and providing tools that developers love to use, which comprises understanding key pain points in today’s polyglot environments for developers retrofitting open source languages as well as management’s challenge in gauging risk.

Q: Tell us about your goals and missions? What are the challenges of working with open source languages and how is ActiveState addressing these challenges?

A: Enterprises that have adopted open source (i.e., all of them) have two key pain points:

  • The open source languages on which they build their applications are in constant need of retrofitting by developers as new versions of libraries and their dependencies are introduced as open source licenses that contravene enterprise policy (i.e. GPL licensed libraries) are discovered and patches to security vulnerabilities are made available. In our recent survey of over 1,400 developers, we’ve found that 75 percent of them spend either some or most of their time managing their development tools, detracting from the time they could be spending coding.
  • Management is currently unable to gauge application risk. This is due to a few factors, including a lack of visibility, issues with tracking, and oversight of code compliance.

At ActiveState, our goal is to solve these two key pain points faced by developers and management in enterprises when using open source languages. Software is eating the world and it’s built on open source. And the fundamental building block for any software is the language in which it was programmed.

Truly, we’ll have known that we’re successful when we’re as prolific with developers as GitHub, and as necessary to enterprise systems as AWS.

Q: What specific industries do you serve? Can you tell us some of your current clients and/or customers?

A: Our company roster includes IBM and Honeywell. To give you a good idea of how varied our customer base is, take a look at our Customers page.

Q: A recent study revealed that the projected revenue of open source services would exceed more than US$ 32 billion by 2023. As a leading open source languages company, what are your thoughts on the way the open source market is exponentially increasing? And how is your company equipped to be part of the growth story?

A: Open source has won. Twenty years ago when we were just starting out, open source was untrusted by enterprises, but today even the U.S. government has adopted it. Open source has sparked innovation and dramatically shortened time to market to the point that if you’re not doing open source, you’re putting yourself at a disadvantage.

Today, open source represents the ethos of how developers work: collaboration, openness, and sharing. And all companies regardless of industry are technology driven, from the Washington Post to Walmart to HSBC. Simply put, the future of business is based on open source.

We think we’re uniquely positioned since we’re one of the very few open source companies that has been at the forefront and we’ve seen the market evolve for more than 20 years. We were doing open source long before the mass adoption, and we’ve witnessed macro shifts in the marketplace from monolingual dev shops to polyglot environments: from hand-coding of monolithic applications to assembly of microservices comprised of primarily open source components. We understand the pain points these shifts have caused in the enterprise and are addressing them in our roadmap.

Q: How does your SaaS platform for open source languages empower DevOps and DevSecOps? Can you offer us some sample use cases?

A: As the intersection of development, security, and ops, DevSecOps seeks to ensure that applications are not only built in a secure manner, but remain safe in production. ActiveState open source language distributions are checked for vulnerabilities so developers can start coding with a secure language out of the box. The ActiveState Platform then tracks application security throughout the development cycle, across the CI/CD process, and into production. Whenever vulnerability crops up, the ActiveState Platform alerts all stakeholders to the fact so they can instantly take action.

For DevOps, rebuilding and then updating all their systems across development, CI/CD, and production whenever a new vulnerability is found can be time-consuming. The ActiveState Platform will proactively create new language builds as open source vulnerabilities are found, allowing DevOps to run a smoke test and then update any environment with a single command.

Q: As a leading open source languages company, can you tell us more about your commitment to open source models? How has the open source approach benefited companies and coders?

A: Current and former ActiveState employees have been strong contributors to open source initiatives, including the originator of Tcl, a co-creator of YAML, contributions to the Cloud Foundry and Mozilla eco-system, and numerous maintainers of open source language packages, modules, and libraries. Additionally, ActiveState supports various open source organizations with monetary donations and employee hours to help with their efforts.

Q: Looking ahead, what emerging open source technology trends do you think will disrupt or impact how today’s software development teams build their apps and solutions?

A: Today, most organizations either use a standard, off-the-shelf, open source language distribution or else create a custom build for their specific project.

Off-the-shelf distributions are static builds that provide consistency across environments by including all dependencies, but they result in very large builds that are a pain to transfer around, slow down testing and deployment, and offer a large attack surface.

The DIY approach imposes a huge opportunity cost on your developers who could better spend their time addressing your ever-growing backlog rather than retrofitting their open source language.

Companies like ActiveState are spearheading the revolution, allowing organizations to automatically build, certify, and resolve all of the issues commonly plaguing open source language distributions, as well as share those distributions across teams/update environments with a single command.

Recent Posts

Tech Debt Best Practices: Minimizing Opportunity Cost & Security Risk

Tech debt is an unavoidable consequence of modern application development, leading to security and performance concerns as older open-source codebases become more vulnerable and outdated. Unfortunately, the opportunity cost of an upgrade often means organizations are left to manage growing risk the best they can. But it doesn’t have to be this way.

Read More
Scroll to Top