Skip to main content

Open source vs. open standards: Know the difference

They aren't the same. Open standards often are a requirement for doing business, while open source is a choice.

Have you noticed that you can buy different types of light bulbs from many companies all over the world, and the bulbs fit into the sockets (bases) of lamps from companies all over the world? That’s because the size, shape, and screw threading of bulb bases are a series of open standards that any company can follow. In fact, the size and shape of the bulbs themselves are determined by another set of standards.

You also undoubtedly know of open source code products, such as the Linux and Android operating systems and the Mozilla web browser. These products use open standards heavily, but so do closed source, proprietary products such as Microsoft Windows. What distinguishes open source products is that they come with the source code with which they are built and, generally, with a license for you to modify that source code to make the product do as you please.

It’s common and easy, in the technology world, to confuse open standards with open source. Both are common and important phenomena, and both are “good things.”

Different advantages

Modern life is full of open standards for everything from the composition of the gasoline we put in our cars to simple weights and measures like the ounce and the meter. Technology is also full of open standards that anyone can follow. The Wi-Fi you are connecting on is based on a series of wireless networking standards from the WiFi Alliance. SATA hard drives all use the same series of connectors. Web browsers and web servers communicate using the HTTP network protocol standard originally created by Tim Berners-Lee at CERN in 1989.

A complex and dynamic ecosystem like our technology market could not function without open standards. Because the file formats and behavior of software is a defined standard, anyone can write software for Windows or Linux or the Mac, so the barriers to entry are low. Platform designers who have attempted to keep their interface designs secret generally have failed.

Technology functions without open source products, often very well, but open source has certainly improved technology's accessibility and quality. The base “Linux” kernel part of a Linux distribution you acquire from Ubuntu or Red Hat or embedded in a router is the same software issued by the Linux Kernel Organization, but all those companies must at least make the source code to the Linux parts of their products available to the public.

It’s possible to make an open source product that does not comply with many open standards, and it’s possible to make closed source products that use open standards heavily. In practice, though, both closed and open source products use open standards heavily. Maybe the best example of an open source, non-standard product was the BIOS in the original IBM PC, which IBM published in the PC Technical Reference (see its Appendix A). Despite the large market for IBM PC-compatible computers, the weakness of standards led to many incompatibilities between products, at least in the early years, and much unlicensed copying of IBM’s BIOS. (Incidentally, the same IBM PC Technical Reference included logic diagrams and other technical specifications not normally included with computers. This was a particularly aggressive form of non-software open source, meant to facilitate interoperability with third-party products.)

Innovation in your inbox. Sign up for the weekly newsletter.

Should you care about open source? Should you prefer open source products to closed source? There was an early, ideological time when some argued that open source would allow anyone, even end users, to customize their own software to their own needs. Of course, this is true, but it’s little more than a rhetorical point. End users don’t do these things.

The quality argument is also a questionable one. The logic is that, because the source code is freely available, anyone can debug. But, once again, ordinary people don’t do these things. And public disclosures of security vulnerabilities in open source products are no less prolific than those for closed source products.

On the other hand, open source has been a major benefit for other software developers, including closed source developers. The TCP/IP networking stack in the original Windows NT (first released in 1991) was based on Berkeley Sockets from BSD Unix. (The BSD license had the advantage, from Microsoft’s point of view, of requiring attribution but not republishing of source code.) The programming languages used to develop nearly all software products are themselves open standards of a kind.

Linux has been redistributed and repurposed in thousands of products, many of which are not recognizable as computers. Designers of refrigerators, smart TVs, and autonomous vacuum cleaners can just take a Linux distribution, make adaptations, and use it. Modern automobiles have numerous computers in them, many of which use Linux.

So open source matters to you, the end user, but indirectly. It increases the variety of products you can buy. And it allows you to do things that are probably not worth your while, like modify them and sell the work. It’s a good thing for everyone, but it’s highly unlikely that you should prefer an open source product to a closed source one for that reason.

Should you care about open standards and prefer products that implement them? Absolutely, although you need to be aware of which standards are at issue.

A secure example

In the world of security, standards and your awareness of them are of profound importance. The main standard used for authentication of parties across a network is Transport Layer Security (TLS, formerly known as SSL for Secure Sockets Layer). TLS is most famously used by web browsers and servers, but is crucial for almost all communication across networks. It defines a protocol for use of public and private keys to allow parties to authenticate each other and exchange keys.

Because it is so important, the TLS standard has been advanced over the years to add features and address security flaws in the protocol itself. The current version is TLS 1.2, and version 1.3 is (as of March 2018) a working, incomplete draft. With each version, not only are new features added, but old, insecure ones are removed; the Wikipedia article on TLS provides a good history of the version changes.

You can continue to use old versions, but it’s bad practice. Many compliance regimes require that you disable support for old, insecure versions of products and standards. To do this job effectively, you need to understand support for the various versions of the TLS standard in the products and Internet services you use. The better software vendors do this for you, to an extent. The major web browsers have disallowed support for TLS prior to 1.0 (meaning SSL 3 and SSL 2) and have begun to include support for TLS 1.3. Expect them to turn off support for TLS 1.0 and even 1.1 before too long.

The interoperability miracle of the cloud is made possible entirely by adherence to a rich collection of open standards. They rely on the DNS standard associating names and addresses. They allow integration of authentication and authorization systems using Security Assertion Markup Language (SAML). Increasingly, the programming interfaces to cloud-based services use web application programming interfaces (APIs) accessed through the REST (REpresentational State Transfer) protocol and JSON (JavaScript Object Notation) data formatting standard. All of these are open standards.

The state of software in the cloud tells the story of open standards and open source well. Much, perhaps most, of the software in Amazon Web Services and the other large public clouds is based on open source software, but quite a bit of it is not. Yet open source software made the cloud possible by accelerating the development of powerful and inexpensive (even free) software. By facilitating competition with market-leading vendors, open source has improved overall quality.

However, to a customer of these cloud services, the use of open source may mean nothing. What does matter is that the cloud services support open standards on which your systems and users rely. Truly, both open standards and open source are great things.

Related links:

HPE joins other industry leaders to strengthen the open source community

This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.