How to Safely Navigate the World of Open Source Languages

How to Safely Navigate the World of Open Source Languages

This article was originally published on Enterprise CIO.
Opensource.com notes that, due to their widespread use, open source languages will enable and undergird many technological innovations. As part of almost every business today, that includes innovations within your own organization. Coders of all stripes (developers, engineers, QA, DevOps, data scientists) are using open source languages to accomplish a variety of tasks. The trade-off here, however, is that these niche languages are replacing easier-to-adopt, general-purpose languages.
Enthusiasts have been contributing to open source language projects and building versions of languages like Perl, JavaScript, Go, Tcl, Ruby and Python. There has been a massive shift in the adoption of open source languages and genesis of new ones in the last 20 years. Even large corporations such as Microsoft, Google and IBM contribute to open source projects that are hosted on GitHub; and Spotify, Dropbox and Reddit are among the big names that use Python.
The fact that household names are using open source languages is a testament to its huge popularity. This has brought about the proliferation of new languages co-existing with older languages, which creates more and more challenges for various stakeholders in the Software Development Lifecycle (SDLC) – and more tension.
Addressing this tension requires a convergence of the needs of two specific stakeholder groups: coders and the enterprises for which they work. There are ways to fulfil what both coders and enterprises need, create better experiences for coders and make things easier for all stakeholders in the SDLC.
As an enterprise leader, you need to focus on the overarching infrastructure needs of cost, security, control and compliance. You also need to address your coders’ desires for a frictionless and fast environment. Roadblocks and restrictions need to be removed for coders while ensuring the needs of the enterprise are being met.

Bringing it all together

Is it possible to enjoy the many possible benefits of open source languages while still fulfilling coder needs and resolving your enterprise requirements? What if uniform tooling could be provided across open source languages? And what if enterprises could use a single uniform tooling set regardless of open source language? It would solve needs for the coder and the requirements of the enterprise.
By choosing to work with uniform tooling, you will enable your enterprise to have a consistent and standardized way for open source languages to be: compiled and installed; dependencies found and installed; and code written, tested and updated complete with security and license compliance needs being addressed.
Unfortunately today tooling isn’t uniform across open source languages. And the maturity and best practices of tooling wildly vary. Enterprises create a work-around by creating policies to mitigate for deficiencies in tooling. This work-around is sub-par because policies kick-in too late in the SDLC after threats and issues have already been introduced into your code. Furthermore,enterprises are challenged with tracking where affected code is running when new vulnerabilities and threats are identified.

Out of many, creating one

The open source ecosystem is open, and this openness is inherent with a lack of stringent controls. Its open, unrestricted nature enables faster innovation, but this comes at the cost of quality and cohesion for the enterprise. Many of your installed libraries have holes and security threats. Enterprises are faced with time-consuming license reviews to ensure adherence to third-party license rules as well as internal policies restricting certain types of licenses. In addition, license reviews happen at one point in your code’s lifecycle versus in an ongoing, automated way to keep up with changes, patches, upgrades and new dependencies. Enterprises are burdened with high administrative overhead and stale information.
As a CIO, you are charged with finding a better and less expensive way. So, what would it look like for your company to have a uniform and high-standard ecosystem for your package management, with no vendor lock-in, all based on open source? What if a company could be guaranteed the same quality and types of packages for every language they use? What if a company could easily have visibility for what is being used across all of their environments, from concept to development to testing to production? And what if, you could still work the way you wanted, whether it’s adherence to corporate policies, workflow configuration or standards that can vary based on dev environments, testing environments or production environments? It would be easier for the coder and fulfil the requirements of the enterprise.
The frontier status of open source languages means that they are somewhat unreliable; updates and deletions can occur. And there are different package management solutions with differing degrees of sophistication, complexities and required expertise to use. Today an enterprise can easily end up with multiple package management solutions and have different packages of the same open source programming language. There is no single or consistent source of truth.

Partnering for success

By partnering with an open source technology provider, you will more effectively lower your open source language risks and solve your coder need for speed. A provider can offer more than just support but the following benefits as well:

  • The appropriate packages for each specific application
  • The right licenses based on usage and policy requirements
  • The best notification and remediation based on Common Vulnerabilities and Exposures (CVE) security threats
  • The right builds, standardized for all of your teams and ready to go out of the box
  • The expertise to build you the language distros you need based on usage, environment, security and compliance requirements and applications.
  • The indemnification that fits, based on usage

 

Unite and conquer

As coders work on a project, they want the best tool for the ‘job’. So sometimes it is appropriate to build many programming languages in an environment. The resulting “polyglot” situation creates benefits as well as challenges. Better products are made, and products are shipped faster, but it’s difficult to build a core competency in a particular programming language. And it’s impossible to centralize support and difficult maintenance requirements.
A uniform tooling set alleviates these difficulties with its ability to work across multiple languages, enabling coders to use and implement open source languages more easily in the enterprise environment. This meets the needs of both the business and the developers. Partnering with a technology provider will supply that extra advantage of know-how to address all needs and concerns to create success for all involved.

Recent Posts

Scroll to Top