MyDoom demonstrates that open source/free software is safer, and now OpenSector.org reports that a UN study says it's better for a number of other reasons as well:
"The report says that OSS software is better for four primary reasons:
- More people looking for defects means more defects are found and fixed.
- Free from marketing considerations, developers release more fixes and improvements, more often.
- Proprietary software does not guarantee quality, in order to avoid legal liability.
- Source code availability allows users to fix, customize or improve on their own. The report includes a summary of free and open source software policy development and activity in nations throughout the world."
The United Nations Conference on Trade and Development's "E-Commerce and Development Report 2003", chapter 4, "Free and open-source software: Implications for ICT policy and development", is available as a pdf from a link at the OpenSector.org article.
One of the areas that the report focuses on is security, and since that is the topic of the day, here is what they say:
"Security of public data is a leading concern of Governments, particularly in the wake of recent worldwide computer virus attacks and growing fears of cyberterrorism and cybercrime, as well as spyware. At a minimum, introducing diversity into the base of functioning software code reduces the possibility of catastrophic failures caused by viruses that attack a software monoculture." [emphasis added]
It is now accepted, the report states, that there is a need for public and open standards for software applications and data files that handle public information, and for more reasons than the obvious -- that it isn't fair to require citizens, who have a right to access public data, to pay high prices to a monopoly provider in order to effectuate that access:
"Software that is used to handle public records, taxation or, in the future, voting may need to follow FOSS standards. . . . With closed-source proprietary software and date file formats, should the vendor choose to discontinue support for technical reasons (e.g., because maintaining backward compatibility is burdening the source code of current and new versions) or financial reasons (e.g., an unsatisfactory revenue stream or bankruptcy), public offices may find themselvese forced to upgrade hardware or software (often both) or convert to another system, with the resulting cost implications."
The advantages of FOSS are not limited to lower costs only:
"The question is what regime for ownership and distribution of IT tools best serves the interests of developing countries and of the global economy as a whole. To think of FOSS as simply a less expensive alternative to proprietary software misses an important aspect of what FOSS enables. In an FOSS environment, the degree to which a software tool can be utilized and expanded is limited only by the knowledge, learning and innovative energy of the potential users and not by exclusionary property rights, prices or the power of countries and corporations."
Here is are a few more excerpts:
"What is FOSS, and how is it different from proprietary software products...? A simple analogy to any popular cola drink can be helpful. . . . You can buy cola soda and you can drink it, but you cannot understand it in a way that would empower you to reproduce the drink or improve on it. . . . Patents, copyrights, licensing schemes and other means of restricting knowledge give legal backing to the notion that economic rents are created and that innovators can and should appropriate some proportion of those rents as incentives to innovate. Without IP protection, should a 'new and improved' formula be discovered, the person who invents the new formula would have no defensible economic claim to a share of the profits that might be made by selling drinks engineered from the innovation. That person no longer has a financial incentive to innovate in the first place, so the system unravels and improved cola is never produced. . . .
"The production of proprietary software is typically organized under a similar regime, with parallel argument behind it. When purchasing software, for example, people or companies do not own the software in the sense that they can do with it what they wish. The right-to-use license permits them to use proprietary software on a computer, but only under very specific terms; they cannot reproduce it, modify it, improve it, or redistribute their own version of the software to others. . . .
The open-source process inverts this logic....'Free' in this context means the freedom to run the programme for any purpose, to study how it works and adapt it to one's own needs, to redistribute copies to others, and to improve the programme and share improvements with the community so that all benefit. It does not necessarily mean that the price is zero, since FOSS can be traded in markets just like any other artifact.
"The key elements of the open source process, as an ideal type, are voluntary participation and voluntary selection of tasks. . . . Software suport for new hardware in the proprietary software world is often conditional on a forced 'choice' to upgrade and pay anew for licenses."
The chapter concludes that while no single software can be better in all areas and ways, because that depends on the needs of the user, all things being equal, "software with fewer serious bugs and a lower total cost of ownership is generally preferable on simple economic grounds." It has a table that shows that of the 20 "most robust Internet servers", only one runs on proprietary software.
It also talks about total cost of ownership, and points out that while training may be needed at first, over the lifetime of the software, that training cost is not ongoing, and in the developing world, labor costs are low anyway. Further, having the source code means you can fix things yourself, if you don't want to sign up for support services, or hire external support from "a competitive market anyone can enter." The report says that "even Microsoft" reportedly admits that the cost of software licenses amounts to only 8% of the total cost of ownership and the other 92% is for costs of installation, maintenance, management, and repairs after failures. And finally it says this:
"What seems clear is that FOSS can help a business or public institution avoid getting locked into a vicious cycle of hardware and software upgrades and changes in data formats that require investing in new license fees and significant retraining and can provoke major down time."
It says one more thing that indicates the future: "Proprietary software is rarely seen taking market share away from open-source solutions where FOSS solutions exist." 43.7% of German companies and 31.5% of British companies reported using FOSS in 2002. Nearly 40% of large American companies and 65% of Japanese corporations uses GNU/Linux in some form, the report states.
One final point I found interesting. They state that most software developers do not make money from selling licenses for proprietary software. That perception comes from the few who "can charge monopoly prices". Most software isn't sold in boxes to customers. Most software is written for inhouse use, code that is "so highly integrated with firms' business and IT environments that reusing or copying the code 'as is' is difficult or unfeasible." From that standpoint alone, they say, FOSS is the obvious choice. The authors do not fully grasp the GPL, not that that is a rare phenomenon, but they do understand this much:
"The current debate often pits proprietary licensing against the GPL. Commercial software producers argue that promoting the GPL means locking out any software development from possible future commercialization. As the previous section indicated, the bulk of software revenues come from customization, servicing or hardware, or all of the above bundled in solutions. Indeed, IBM did earn $1 billion on the back of GPL GNU/Linux. Finally, proprietary licensing allows only the owner to commercialize the intellectual property at stake and makes it inaccessible to anyone else. Anyone seeking to redistribute a derivative version of a proprietary programme would be prohibited from doing so under the terms of the license. Thus, the formal outcome is not that different from that of the GPL (Lessig 2002). In terms of ICT strategy and its relation to innovation and development, there have been indications that the proprietary model may encourage excessive copyrighting and patent hoarding, with the final outcome being reduced investment in research and development (R & D) activities and a decline in innovation as funds for R & D are redirected towards patent acquisition and royalty payments (Bessen 2002, Bessen and Hunt 2003)."
In short, the report is a rather clear answer to Darl McBride's letter to Congress on multiple levels.