Like a fossilized Cold Warrior still warning people about the Red Menace, analytics vendor SAS has issued a report telling enterprises that too much open source will pollute their precious bodily fluids.

In a white paper entitled, "Open Source vs Proprietary: What organisations need to know," the SAS Institute Inc. warns enterprises that open source has benefits, but brings with it potential security vulnerabilities and tough skills requirements. SAS Institute Inc. suggests a mix of 40% open source and 60% proprietary software: Any more open source than that could be dangerous, they warn.

SAS, of course, sells proprietary software, so it has a vested interest in keeping enterprises a little nervous of the Communist Peril that is open source.

SAS seems to be saying: Sure, it's fun to wear a black beret and a Che Guevera T-shirt -- but be sure to shop at Starbucks and contribute regularly to your 401(k)

"Open source technologies, like Hadoop, R and Python, have been vital to the spread of big data," SAS says. "However, production deployment of these technologies has its own, often unexpected, costs and projects are not necessarily succeeding as hoped."

Figure 1: Photo: Hanan Cohen (CC BY-SA 2.0)

Total cost of ownership for open source projects can exceed expectations, projects can fail, and open source contains security vulnerabilities, SAS says.

The company surveyed 300 CIOs for their attitudes and implementations of open source. The CIOs are the ones who identify a 60/40 split between open source as ideal, with 67.5% proprietary versus 32.5% open source being the reality.

CIOs also reported security threats as the main vulnerability to open source -- some 48% of respondents cite that as a main vulnerability, with loss of control being second, cited by 45% of respondents. SAS notes that security is the top priority for CIOs in 2017.

SAS also defends its own use of open source, and recommends a hybrid solution of open source and proprietary software.

Warning people against open source is just plain out of style. Even Microsoft, which once condemned open source as being like Communism, now embraces it. (See Microsoft Lights a Fire Under Open Source Hardware Dev.)

But there are still a great many misconceptions about open source, one being that it isn't fit for business and that proprietary software is better because there's a company standing behind it. (See What People Don't Get About Open Source.)

Sometimes people can't even agree on a definition of open source. (See AT&T: What Is 'Open Source,' Anyway?.)

But, still, despite the confusion surrounding open source, SAS's white paper stands out as reactionary.

It's hard to believe that I have to write a defense of open source here in 2017, but here goes: While it's true that open source has security vulnerabilities, so does proprietary software. But with open source, unlike proprietary software, you can examine the code. Or pay someone to examine it for you if you don't have the skills in-house.

Likewise, as to the control issue, with open source you can modify the code as you need it -- or, again, pay someone else to do it for you. Try that with a proprietary platform.

Cost overruns? Hard-to-find skills? Those are issues with proprietary software too.

As for the ideal mix of open source versus proprietary software: That's the wrong question. Enterprises need to first identify business problems, then find the right software to solve those problems. Sometimes that software will be open source. Other times it will be proprietary.

Now if you'll excuse me, I need to get started on my next article: "Rock 'n' Roll: It Won't Give You a Social Disease Just To Listen."

— Mitch Wagner Editor, Enterprise Cloud News

CALLING ALL CLOUD, NFV AND SDN COMPANIES:
Make sure your company and services are listed free of charge at Virtuapedia, the comprehensive set of searchable databases covering the companies, products, industry organizations and people that are directly involved in defining and shaping the virtualization industry.