Open source has long been considered a launchpad for developers and innovators. With a stable foundation in place, programmers could build out their own applications. The resulting products deliver all the desired functionality without a high degree of concern for reliability. It’s a way for businesses to fit into a niche and better serve their customers.
Recently, however, open source technology has come under some questionable scrutiny. Here’s how we responded to these “risks” of open source in regard to KAZOO, our own open source voice solution, for telecom resellers:
The Concern: Open Source users need “more-than-advanced knowledge”.
While it’s true that your team will need to manage servers, operating systems, open source software and network configuration, this is true for anything you choose to do on your own. The benefit of open source, aside from the fact that you can tinker with it for free, is that it gives you the flexibility to build what you want, while providing the core components. Admittedly, you do need a certain level of technical knowledge -- for KAZOO, this means being familiar with Linux (which most developers are). For more advanced customizations and features that 2600Hz has not implemented, users need knowledge of Erlang. We think of it as “providing the engine” so you can “build your own car”. For non-technical users who prefer to “rent an existing car” instead, we offer our managed service Hosted Platform product.
The Concern: Open Source support comes from potentially flawed community answers.
This is a fair concern since the level of diligence varies from company to company, however 2600Hz actively monitors support requests, provides solutions or working alternatives, or outright builds what users need to meet customer demands. We’ve also built a comprehensive support library that features easy-to-follow video tutorials and documentation. To top it all off, we’ve designed KAZOO as an executable release, meaning the underlying core is always updated to use the most current version of Erlang. There are no “rogue versions” or bug-filled releases of the platform.
And if our users have trouble with a custom application, they can always ask our team to take a look.
3. Product Roadmap
The Concern: Open Source just floats; there’s no end goal in sight.
Where some open source products may have a vague future, the future of KAZOO is crystal clear - enable resellers to have complete control over their voice offering. When we say complete control, we mean from one end of business applications to the other. KAZOO is to play the conventional role of a telecom platform, but it also can be transformed into a CPaaS solution through the PIVOT app. On the horizon? A truly comprehensive communications platform that incorporates messaging, mobile, and the power of the Internet of Things.
In addition, the reality is that closed, proprietary products are regularly end-of-life’d, at which point they receive no additional updates, no new features, and you’re stuck with a metal doorstop. You then must replace everything, even if you liked the old system, because phones are typically proprietary and tied to the server that runs them. This locks you into a product roadmap that will eventually halt and die.
The Concern: Open Source is only useful to hardcore developers.
Where end-users may see customization as a formidable challenge, resellers see it as a playground. KAZOO is API-based for a reason. We give users over 150 APIs to experiment with so they can ultimately present the perfect platform to their customers.
But we get it. Not every reseller wants to venture into development on their own. For those users, there’s the KAZOO App Store - a marketplace with applications developed and tested by the 2600Hz team. They’re sure to work, and they still give resellers a chance to customize, keep up with the competition, and deliver value to their customers.
The Concern: Open Source licenses only come with the bare minimum.
Not KAZOO. The KAZOO Reseller Suite includes:
- Smart PBX - comprehensive PBX setup in minutes
- Porting Manager - port existing numbers to a new carrier
- Advanced Call Flow Editor - easy drag and drop customization to meet customer processes
- Account Manager - manage a multi-tenant environment at any scale
- Number Manager - source, activate, and manage DID resources from multiple providers
- User Portal - setup end-user access to features like voicemail and company directories
- ...and more
Not bad for a “limited” open source telephony platform, right?
In addition, this is a silly argument. Proprietary vendors have way more licensing requirements than any paid open-source add-ons. Don’t believe us? Check out this list of Mitel licenses.
The Concern: Anyone has access to source files and can develop exploits for the system.
In reality, all software has vulnerabilities… proprietary, closed source systems have vulnerabilities, as do open-source ones. The main difference is whether or not the open-source communities do a better job testing and preventing security issues than closed source companies. This is highly subjective to the size of the project and how many are assigned to review security.
Case in point: Oracle famously had so many security vulnerabilities they couldn’t keep up with them. You’d think they would hire more people to help them fix the vulnerabilities faster. What did they actually do? Find out here.
With an open source project, security issues are handled transparently; in the open. You can review the comments, discussions, and bug fix requests from a project to see how the software team handles security concerns.
In closed source projects, they’re often kept secretive, giving the illusion they’re being handled without anyone knowing how to exploit them. This usually isn’t true. Take Juniper’s firewall vulnerability, for example.Juniper was shipping firewalls with a simple backdoor password that allowed anyone in. This backdoor was available for years before anyone noticed.
In either case, when a vulnerability is found, you must wait for an update. With open-source projects that are active, this is typically done in a couple days or less. With proprietary systems, it often takes weeks or months.
Security is about finding and fixing the problem. That applies to any type of software - open or closed. Given that open-source software provides services to 78% of the world's companies, it’s safe to say open-source has proven to be a valuable model for business to grow from.
So what’s the verdict? Do open source platforms present new risks? Or do they add newfound benefits? We say you should try out KAZOO and then decide. Click here to request a demo of the platform and we’ll get you started.