He also sees OpenTofu taking a big share of the market: “Nobody wants to invest large engineering resources into a project that isn’t neutrally owned or is owned and controlled by a single commercial entity.” This will lead to “better investment” in OpenTofu. Terraform, in his view, will succeed because it’s great software with a credible company behind it. Speaking of HashiCorp, even as he launched the OpenTofu project to provide an open source, foundation-backed fork of HashiCorp’s Terraform, Linux Foundation CEO Jim Zemlin told me that he believes “both Terraform and OpenTofu will succeed for different reasons.” Nor is it true that introducing a foundation to a market guarantees it will trounce single-vendor products. It would be hard to argue that HashiCorp, MongoDB, Elastic, etc., aren’t wildly popular with attendant business success. Outside the realm of Internet security, it’s much the same story. ![]() In the world of certificate authorities, Comodo and Digicert thrive alongside Let’s Encrypt. However, it’s important to note that foundations aren’t essential to a software project’s success. ![]() ![]() The secrets of their successĬlearly, ISRG’s foundation approach has worked, enabling it to work alongside corporate “competitors” without being competitive. That same foundation-led focus should help it with Prossimo and Divvi Up. ISRG focuses on solving discrete problems, and in so doing has achieved outsized success with Let’s Encrypt. And what we do well is tackle difficult engineering infrastructure problems,” particularly as they relate to Internet security, which ISRG tackles through the lens of automation, efficiency, and scale. When I asked Gran to identify the secret for ISRG’s success with Let’s Encrypt, she didn’t hesitate: “We know what we do well, and we stay in that lane. “All we’re trying to do is solve a problem.” By working alongside proprietary providers of certificates, Let’s Encrypt could focus on solving the problem of Internet security, not collecting credit for doing so. “We’re not here to be heroes,” says Gran. It also helped that ISRG and its Let’s Encrypt initiative weren’t trying to compete with commercial certificate authorities. Convenience is the killer app for developers, as RedMonk’s Steve O’Grady has posited. The more easily developers could adopt and apply certificates to their websites, the more likely they were to use them. They focused on automation and reducing the complexity of getting a certificate. Let’s Encrypt didn’t try to change things with public service announcements. In order to really advance the security of the web, this needed to change, and it needed to change more commensurate with the pace of the growth and dependence on the Internet that people were having every single day.” “There were plenty of options that were available ,” says Sarah Gran, vice president of communications at ISRG, “but they were not widely used. When Let’s Encrypt was founded in 2013, just 28% of page loads were secured on the web. One key reason for Let’s Encrypt’s success is that it solved a big problem. Why did Let’s Encrypt succeed, and what can other nonprofits or open source projects learn from it? It’s also likely that the nonprofit’s Prossimo, a memory safety project, and Divvi Up, a privacy-preserving metrics system, will follow that pattern, even as many other foundations fail to deliver similar victories ( OpenStack, anyone?). There is no obvious reason they should’ve succeeded, yet 10 years in, ISRG’s Let’s Encrypt has issued more than four billion certificates to secure more than 360 million websites. This is why Let’s Encrypt and the Internet Security Research Group (ISRG) are so fascinating. Foundations can help foster community but are in themselves no guarantee of success. Yet I’ve also recommended projects like Kubernetes precisely because of their foundation-led community support. I’m on the record with 908 words of eyeroll for the Open Enterprise Linux Association and OpenTofu, given the conspicuous absence of cloud vendor support. ![]() Foundations have a hit-or-miss success rate in software, generally, and open source, specifically.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |