Apache's Lesson In Radical Transparency


Things are different with open source. Yes, the things you were expecting - the software being freely available with source code for you to use, study, modify and share - but there's also the way the community conducts itself. For example, transparency is fundamental in open source communities.

In business, it's often considered crucial to keep secrets. Apple, for example, clearly believes its whole business success depends on secrecy and is willing to go to extremes - including litigation - to control information about its activities. And that's just about the good stuff. When bad stuff happens, most businesses want to keep it really quiet. There can be no doubt that hacking attacks like the ones that made Google react against China are happening continuously. The fact we never hear about them means there are some tightly sealed lips.

Which makes the behaviour of the Apache Software Foundation's infrastructure team all the more remarkable. They recently had a very serious intrusion into the systems used by hundreds of software projects on which we all depend. The intruder was able to exploit weaknesses in their policies to obtain credentials for their tracking system. The Apache team appear to have caught the issue before it spread more widely.

How do I know all this? Unlike most system administration teams facing a security breach, the Apache team published a full analysis of the incident. Reading it is fascinating, educational and humbling. Fascinating because one rarely gets to see the full details of an intrusion.

Educational because the knowledge and experience of the team shines through the report. Humbling because only a team with a full grasp of the priority of transparency over ego would publish such a report and expose themselves to the comments you then see below the post.

This sort of transparency is fundamental to open source. The twentieth-century view of business sees control as power, and that drives secrecy. But in the connected society emerging in this century, control points are damage in the mesh, something to be worked around.

Transparency on the other hand promotes confidence and community, educates and ultimately empowers. As the web gets richer, the financial and social cost of maintaining secrecy gets higher and higher.

Far from diminishing Apache, this act of radical transparency elevates them and empowers them. Repeated time after time at every level, this sort of transparency has fostered growth and made Apache one of the most succesful open source communities to date.

Transparency fosters influence while control diminishes it - a hard lesson for modern business, but a crucial one.

Get my RSS feed here

"Recommended For You"

Google Opens up €“ about Google's Opennness Learning from Education