BEA hits out at open source

CTO Rob Levy's SOA swagger, misleading facts about open source competition hints at desperation

You could hear Rob Levy's teeth chattering all the way from Bangalore. The CTO of BEA Systems must be scared out of his wits. How else to explain the mishmash of half-truths and misleading facts he told the IDG News Service during a tour of BEA's India-based R&D facility two weeks ago?

By Levy's own admission, BEA has "bet the farm" on SOA (service-oriented architecture). In support of its customers' SOA needs, it has assembled a sophisticated, Java-based application server and enterprise middleware platform that, admittedly, leads the industry. But that's the problem with being one of the biggest players in the game: It also makes you one of the biggest targets. The wolves are circling and Levy knows it.

Levy's comments about Apache Tomcat are particularly telling. He says the open source project is "not strong on management." To make up for the failure of the Tomcat community to provide a management console, Levy explains, BEA has thoughtfully delivered one of its own. But while BEA's customers doubtless appreciate this display of largesse, Levy's implication -- that only BEA could have done so -- is disingenuous.

Tomcat is a Java servlet container. It's used in the reference implementations of Sun Microsystems' Java servlet and JSP technologies. If what you want is a fully integrated, highly manageable Java application server, you might want to look for products a little higher up the stack -- such as Apache Geronimo or JBoss, for example.

It makes sense, though, that BEA would be reluctant to pick on someone its own size. Beyond JBoss and Geronimo, a growing number of open source projects are delivering mature software for the broader SOA stack. Taken all together, they add up to a formidable opponent indeed.

For starters, if a management console for Tomcat is what you really want, Hyperic has one. The difference between Hyperic's product and BEA's is that Hyperic HQ, like Tomcat itself, is open source. Similarly, Celtix, JBoss ESB, and Mule all offer open source alternatives to BEA'sAquaLogic  ESB.

And yet, according to Levy, "The community builds what it thinks is good, but it is not always the same as what the customer thinks is good." What a bizarre statement!

It says a lot for how deeply the closed, proprietary software mentality runs at BEA if Levy can't recognize that, in an open source development process, the customers are part of the community. What's more, Levy apparently buys into the myth that open source development is a meandering, haphazard process. On the contrary; commercial open source companies like JBoss or MySQL employ processes that are often every bit as structured as those of commercial vendors.

"While the community heavily contributes to the road map of these projects, there are, in fact, corporate entities that have customers in mind," says Dave Rosenberg, InfoWorld blogger and recently CEO of MuleSource, a company that provides enterprise support for the Mule ESB. To Rosenberg, the real reason for BEA's position is painfully transparent: "[BEA] is a vendor who sees its core market share being usurped by open source products, including Tomcat and JBoss."

Indeed, when all other arguments are exhausted, BEA's CTO predictably falls back on paranoia about viruses and hidden back doors. In his world, closed is good! "You want to know where a piece of code came from," he says, "because if you don't control it, how do you know there is nothing malicious in it?"

Good question, Mr. Levy! I suppose I have two options. One is to run an independent audit of all the open source code in my enterprise to determine if there are security holes or exploitable flaws. The other is to trust BEA. Given the amount of misinformation BEA seems willing to spread around, I know which one I'd rather do.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies