In a conversation with OSFY’s Yashasvini Razdan, Laxminarayan Chandrashekar, Principal Software Engineer, Siemens Technology and Services Private Limited, elaborates on how Siemens has been engaging with the open source community.
Q. What is the scale of Siemens’ involvement in open source, and why?
A. In my experience, open source offers significant advantages to Siemens and other technology companies. With freely available source code, companies can avoid reinventing solutions from scratch, saving time and resources. Additionally, the absence of licensing fees and the community’s proactive approach to identifying and resolving security vulnerabilities make open source an attractive option. Siemens also advocates fostering an open source culture within its organisation. Often, when any team within Siemens identifies improvements that could benefit the wider community, they have actively contributed those enhancements back to the original project through merge/pull requests. This not only reduces costs by eliminating licensing fees, but also allows developers to gain deep expertise in the open source projects that they utilise. In fact, Siemens maintains and contributes to a whole list of open source projects which can be found at https://opensource.siemens.com.
Q. So how do you draw the line between maintaining profitability and open source advocacy?
A. Balancing profitability and open source advocacy requires strategic decision-making. I believe in open sourcing peripheral tools and utilities that align with product requirements and benefit the community, while keeping core intellectual property proprietary. By sharing such tried and tested utilities, the community benefits from the organisation’s expertise. Moreover, open sourcing peripheral components allows for collaborative enhancement. If someone sees potential improvements, they can submit a pull request, which can be reviewed and integrated. This approach not only strengthens the open source ecosystem but also ensures that the organisation maintains control over its core intellectual property.
Q.. How do we figure out where and what open source projects can be used?
A. When evaluating open source projects, I focus on two critical factors: the maintainers’ expertise and commitment, and the presence of rigorous internal testing procedures. Establishing a curated catalogue of approved versions and libraries, along with well-defined procedures for adding new components, streamlines open source adoption within an organisation. I recommend relying on reliable, well-established open source projects and strategically complementing them with commercial off the shelf (COTS) products. The specific blend depends on the project’s architecture and the architect’s vision. By carefully selecting components, subjecting them to rigorous testing, and integrating them judiciously, organisations can harness the benefits of open source while mitigating risks and ensuring project success.
Q. How does one choose a licence for a particular open source project?
A. When selecting a licence for an open source project, it’s essential to consider the project’s goals and the desired level of freedom or restriction for users. Popular open source licences include GNU GPL, MIT, Apache, and BSD. Some licences, like GNU GPL, are more restrictive and require derivative works to be distributed under the same licence. Others, like MIT and Apache, are more permissive, allowing the code to be used, modified, and distributed with fewer restrictions. I recommend carefully evaluating the project’s requirements and intended use cases to determine the most suitable licence. Factors to consider include whether the project will be used commercially, if modifications should be shared back with the community, and the level of legal protection needed. It’s crucial to review and understand the terms of each licence before deciding. Consulting with legal experts can help ensure compliance with the chosen licence’s requirements and avoid potential legal issues down the line.
Q. How do you verify the authenticity and reliability of a particular open source library on the internet?
A. Verifying an open source library’s authenticity and reliability is essential, as many are maintained part-time, making security and updates challenging. I recommend reviewing documentation, issue trackers, and community discussions for maturity and responsiveness. Code should be scanned and regularly monitored for updates using automated tools to promptly address vulnerabilities. Strong policies and rigorous testing processes including code reviews and security audits need to be established. By following these best practices, organisations can ensure security and stability in open source projects.
Q. What are the top industries that have benefited from open source?
A. I think two industries that have significantly benefited are the legal industry and consumer-facing applications. Open source and AI/ML are driving transformative changes in the legal sector. However, there are concerns about protecting open source contributions from unauthorised commercial use without proper attribution. Establishing legal frameworks to address potential copyright issues is crucial. When it comes to consumer-facing applications, open source technologies like Angular, React and Vue have revolutionised web application development, with faster time-to-market, allowing developers to quickly prototype and demo applications without worrying about the entire development process. Open source libraries and large language models (LLMs) can significantly reduce turnaround times, which is a key focus for this industry.
Q. How does Siemens’s presence at Open Source India (OSI) benefit the open source community?
A. By adopting inner source practices, large organisations can break down information silos and promote internal collaboration. These practices include creating internal repositories, promoting code reuse, and encouraging cross-functional collaboration, as a stepping stone towards open source adoption. There is a need to establish a culture of transparency and knowledge sharing within organisations to overcome the challenges posed by siloed information and duplication of efforts. This way organisations can better identify components suitable for open sourcing, and develop the necessary skills and processes to contribute effectively to the open source community.
In my talk ‘Embracing Inner Source Towards Open Sourcing’ at OSI 2023, I showcased Siemens’ active support and contributions to the open source community through initiatives like maintaining and enhancing open source projects and sponsoring select open source projects that align with its goals, to inspire other developers and tech leaders to embrace inner source, break down silos, foster collaboration, and actively engage with the open source ecosystem to drive innovation and contribute back to the community.
Q. Who were you reaching out to at OSI 2023?
A. I was primarily interested in connecting with developers, architects, and senior technology leaders who drive development efforts within their organisations.