VMWare's (VMW) closed-source ESX hypervisor has been stolen.
Apparently, someone got into the files of China's export-import agency some time ago and got out with lots of code. Now, calling themselves "Hardcore Charlie," they're releasing bits-and-pieces, promising to keep releasing more code until they're caught and doing hard time.
To the folks at Information Week this means ESX is no longer closed-source at all. And it could mean big trouble for VMWare, because it's able to raise prices regularly in part because its code is closed and its customers captive.
But the question I have to ask is, for how long?
There's a mistaken impression among enterprise computing managers that closed source code is safer. But Microsoft (MSFT) users have always suffered more malware attacks than open source users. That's not just because there are more of them. It's also because, while Microsoft can only use its own resources (and a growing industry of online cops) to protect it, open source is protected by a community.
When a code base is small, no big deal. As code gets more complex, as it is buried deeper into customers' stacks, this problem grows bigger. Now instead of having to address problems the moment you learn of them, you're waiting for your vendor to tackle them.
That's why OpenStack, which still lacks tools for accessing Amazon APIs and can barely be called a platform, is being supported by a host of companies including IBM (IBM) and AT&T (T). They have seen this story before.
They know how it ends. In the long run, an open source code base is safer. Hardcore Charlie did VMWare a favor.
Disclosure: I am long IBM.