Return to Bugopolis Home Page

Generally Recognized as Mature (GRAM) OSS/FS programs

David A. Wheeler dwheeler@dwheeler.com Revised as of September 10, 2003

This paper identifies Open Source Software / Free Software (OSS/FS) programs that I believe are generally recognized as mature (GRAM), also known as generally recognized as safe (GRAS).

Open Source Software / Free Software (OSS/FS) has risen to great prominence. Briefly, OSS/FS programs are programs whose licenses give users the freedom to run the program for any purpose, to study and modify the program, and to redistribute copies of either the original or modified program (without having to pay royalties to previous developers). There is significant evidence that any user of software should consider using OSS/FS programs, and I've written a paper on how to evaluate OSS/FS programs.

A MITRE study recommended creating a "generally recognized as safe" (GRAS) list of OSS/FS programs. Such a list has also been called a "Generally Recognized as Mature" (GRAM) list, since the issue is one of maturity, not whether the program will be used in a safety-critical environment. Basically, certain OSS/FS programs are so widely used in their market niche that the risk of using them is significantly reduced, and having a GRAM or GRAS list would save evaluators time and money. For example, in web applications the combination of Linux, Apache, MySQL, and Perl/Python/PHP is so widespread that it has its own acronym: LAMP.

This appendix proposes a short GRAM list. No doubt future versions of this paper will have a longer GRAM list, or point to a longer GRAM list. Indeed, I can easily imagine some standards-like group being created to maintain a GRAM list. Since at the moment I know of no such organization, perhaps this list will help people until there is such a group. Many worthy applications are not included in this particular list; there are so many useful programs that it's quite difficult to create a "complete" list. This list includes relatively few libraries; there are so many libraries available that it's difficult to identify the "important" ones. Note that a program in this GRAM list might not meet your specific needs; simply consider a presence in this list as a useful piece of information, but only one piece. Still, I offer it to the world as a short list that may help you if you are considering using OSS/FS.

• Operating Systems
  1. GNU/Linux - an operating system based on the Linux kernel. Widely-used distributions include Red Hat Linux, Debian GNU/Linux, SuSE, and MandrakeSoft.
  2. The *BSD Operating systems (FreeBSD (general purpose), OpenBSD (security-focused), NetBSD (portability-focused)).

• Network Services
  1. Apache (web server)
  2. bind (domain naming service, a critical Internet infrastructure service)
  3. Mailman (mailing list manager)
  4. Samba (supports interoperability with Windows clients by acting as a Windows file and print server)
  5. Sendmail (email server). This is the most popular email server in the world. However, it has had a number of security issues over time; some people use Postfix (also listed here) instead
  6. Postfix (email server)

• Relational Database Management Systems (RDBMSs)
  1. MySQL (database emphasizing speed)
  2. PostgreSQL (database emphasizing functionality)

• Desktop applications
  1. Evolution (email client as well as calendar and contact manager)
  2. Mozilla (web browser and email client)
  3. OpenOffice.org (office suite, including word processor, spreadsheet, and presentation software)
  4. The GIMP (bitmapped image editor)
  Note: some applications, such as GnuCash (for accounting) and Wine (for running Windows applications), are well-known but not yet mature at the time of this writing. Note that while there are several OSS/FS office suites available, Open Office tends to interoperate with Microsoft Office better than the alternatives.

• Development Tools/Languages
  1. Bugzilla (Bug tracking tool)
  2. CVS (software version management tool)
  3. GNAT (implementation of Ada programming language)
  4. Emacs (text editor)
  5. GNU Compiler Collection (GCC, a suite of compilation tools for C, C++, and several other languages).
  6. JBoss (J2EE-compliant web application server
  7. TAO (The ACE ORB, in implementation of a CORBA ORB)
  8. Perl (programming/scripting language)
  9. PHP (hypertext preprocessor used for web development)
  10. Python (another programming/scripting language)
  11. Vim (text editor)
  12. Zope (website development tool)

• Graphical user interface (GUI) infrastructure
  1. GNOME (a desktop environment)
  2. KDE (also a desktop environment)
  3. XFree86 (graphics infrastructure which implements the X window system)

• Security
  1. Nessus (network security scanner)
  2. Nmap (network configuration scanner)
  3. OpenSSH (secure replacement for telnet, rcp, and ftp)
  4. OpenSSL (library implementing the SSL and TLS security protocols)
  5. Snort (intrusion detection)

• Research Tools
  1. Octave (numerical computation language)
  2. R (language for statistical computing)

---

For more information, see Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! or David A. Wheeler's home page.

 

Email: sales@bugopolis.com

Call: 360-456-5817

BUGOPOLIS, LLC
1101 Seneca Street, Suite 1403
Seattle, WA 98101
U.S.A.

FAX: 206-621-1879