Usage of open source libraries in high governance and risk-averse large organizations (banks, financials etc)

Question

Does anyone have any good stories of these kinds of organizations being open to using open source dependencies (and also tools). Many staff I've encountered have little or no exposure to open source/systems and open source is treated with great suspicion. Some reasons given for this are lack of support and robustness, which is ironic given the number of end-of-life unsupported vendor products that are in production.

I'm also interested in any success stories where you've seen open source go into orgs like this and have a real benefit!

Answer 1

Even though the quality of open source is frequently as good as if not better than their closed source equivalents (e.g. the Apache Webserver is a good example of an open source server that is outshines its closed source competitors), as you have pointed out, there are many organizations that mistakenly choose poor quality but someone to blame for it, over better quality with no one to blame for it.

In addition, the government has a lot of bureaucratic red tape that most open source projects (and many closed source projects) simply cannot hurdle. For example, when YouTube launched a government channel, it needed to make a variety of alterations (such as not using cookies) in order to fully comply with various pieces of privacy legislation. The Obama administration has been trying to be more embracing of open source and to make the government's technology more in-tune with the present day, but when it comes down to it, open source is about innovation and quality, and an organization with tons of red tape is going to have a hard time adopting open source, unless they are willing to abandon the red tape, or unless they can find some way to cooperate with the project to ensure that it meets their bureaucratic requirements.

Answer 2

I've been working on a huuuuge project in the financial industry (> 100.000 man days, several hundred millions euros budget) for almost 3 three years, from early 2003 to late 2005 and we used a lot of open source software there. Let me list a few (at least a few critical ones):

• Maven 1.0 beta 8 - for the build of a decent amount of LOC (from the start of the project)
• Hibernate 2 - we needed lazy loading, L2 cache (introduced in 2004)
• EHCache - for the second level cache (we implemented and contributed JMS replication after too much fight with JGroups)
• Quartz - for job scheduling and as parallelization framework
• etc

This application will live for the next 15+ years, more than many products vendors. Opensource software was thus perceived kinda less risky than many commercial alternatives (when they even existed). Money was not really a decision factor, we just wanted the best things we could get plus some confidence that the products would be supported or maintainable in several years. The choices above met these criteria.

Some benefits:

• These pieces were doing their job.
• No time wasted at reinventing them (no Not Invented Here syndrome).
• These pieces of software are widely used so well tested/debugged.
• Maintenance is mostly done by... the community.
• We were able to fix things ourselves.
• The code will be there as long as needed (in the project source repository).

Some of these moves were audacious for a financial organization but so is this organization and they're not #1 by accident. Their leaders (note that I didn't say managers) were just great, they had some real entrepreneurship spirit, took their responsibilities (vs CYA or someone to blame) and they got the right people, trusted them, empowered them (if you want to build a cathedral, you get cathedral builders, not stone cutters). What they created was the best workplace I've known until now, my greatest experience.