Hi Raul

Did you get a chance to continue working on this?

I think for #3 its due to the openes of the source code that people
dive in and help fix those vulnerabilities as well. And as you say we
are very open and they get proper registerede with a CVE and listed in
the public. And we do put out releases with the fixes fairly soon
after its fixed.

And there is not so many after all that is caused by Apache Camel itself.

Yes if you use CXF, Spring, Jetty etc those libraries may have issues
as well, but they are also reported in the open and fixed fast. And
have communities as well, some very big like the spring community.

And those are found and fixed. For the Open Source ESB you would have
to take a look at
- ActiveMQ
- Spring
- Jetty
etc to get the "combined picture"


You can find the Apache products
On Fri, Apr 17, 2015 at 12:13 PM, Raul Kripalani wrote:
Just found this marketing landing page published on social networks. It's
made by TIBCO and attempts to highlight the downsides of Open Source ESBs.
You don't need to be a rocket scientist to gather what exact ESB they are
targeting (not us): just look at the images.


Even though it's a clear exercise of FUD vs. OSS – as it provides no
quantitive measurements to their claims (whatever happened to the
scientific method...) – I was planning to write a rebuttal post in my blog,
but I haven't updated it in a long time and it needs a bit of love first.

So I thought I'd just publish my thoughts – as I wanted to get it out ASAP
– and start a qualified discussion here...

In particular I would like to dissect / take down their 4 "myths" about OSS

*> *Myth # 1 - Open Source ESB Software Is Free**

(Their statement: OSS ESBs are not Free.)

Well, no software has zero Total Cost of Ownership. As long as the world is
*not* entirely controlled by androids, you will need humans to operate the
software, including TIBCO's. What we need to look at are the costs of
hiring those people and their learning curves.

For Camel, any developer with Java, XML and a few other "commodity skills"
will do. And they can get started in days. Many people in this forum got
started in hours.

For TIBCO, you need a specialised consultant because their stack is
proprietary. Or you need to train them, and TIBCO training is not cheap. I
have been a TIBCO consultant and I know this for a fact. Moreover,
specialised (already trained) TIBCO consultants are not cheap either (like
with most proprietary software – think SAP, Salesforce, etc.).

Furthermore, brand new customers need consultancy to get started – and that
is not cheap either.

*> *Myth #2 - Open Source ESB Communities Innovate Faster**

(Their statement: Proprietary ESB vendors innovate faster)

This is plainly wrong. Just take a look at the release notes of TIBCO
ActiveMatrix BusinessWorks. This [1] is the latest version, and there's a
dropdown at the top to browse through past versions.

To analyse this statement, we need to track two things at least: (1)
frequency of releases, (2) new features introduced per release.

About frequency of releases:

TIBCO ActiveMatrix release line 6.x: 9 months between minor releases, 4
months between micro releases.

[9 months]
6.1.0 (May 2014) ---> 6.2.0 (Nov 2014)
6.1.1 (Sep 2014) 6.2.1 (Mar 2015)
[4 months] [4 months]

Camel (analysing past 2 minor releases): less than 6 months between minors,
less than 3 between micros. I noticed that 2.15.1 was released quite early,
so I included another datapoint for one more 2.14.x micro release.

[< 6 months]
2.14.0 (18 Sep 2014) ===> 2.15.0 (10 Mar 2015)
2.14.1 (16 Dec 2014) 2.15.1 (01 Apr 2015)
[< 3 months] [< 20 days (special circumstance
2.14.2 (10 Mar 2014)
[< 3 months]

I know that analysing so few releases is not an indicative – ideally we
would analyse the entire release history – but I don't have time right now.
Nevertheless, the release policy of Camel is 6 months between majors and 3
months between micros (if I recall correctly).

Next, let's take a look at the innovation aspect:
* TIBCO AM BW 6.2.0 carries 22 new features [2], many of which have to do
with their IDE, not with core functionality.
* Camel 2.14.0 carried 38 new and noteworthy features, PLUS 15 new
components, 1 data format, 1 new EIP (Circuit Breaker), etc.

Judge for yourselves ;-)

*> *Myth #3 - Access to Source Allows Reviewing Code and Deploying Safely**

(Their statement: Access to source does not uncover vulnerabilities).

Well, all software has vulnerabilities and with Open Source you can
identify them yourself and fix them. With proprietary software, you rely
entirely on the vendor's turnaround time.

Moreover, we are very transparent about this and we publish our Security
Advisories here [3].

*> *Myth #4 - Open Source and SaaS Work Well Together**

They say: "Cloud-based open-source ESBs work just like other SaaS
applications: you typically don't have access to the code. How well will it
connect your on-premise applications with other SaaS services? You can't

Well, that's just plain absurd. It amuses me that a closed-source vendor is
using the "you don't have access to the code" against an Open Source
product :D Makes zero sense, both marketing- and technical-wise.

With TIBCO, you don't have access to the source on-premises nor cloud-based
software. With the other vendor, you may not have access to the source of
their iPaaS but you know it's largely based on the on-premises software, to
which you have access (even though it's a "gated community" in the strict


Discussion open! 1, 2, 3... GO!

[1] https://docs.tibco.com/products/tibco-activematrix-businessworks-6-2-1
[3] https://camel.apache.org/security-advisories.data


*Raúl Kripalani*
Apache Camel PMC Member & Committer | Enterprise Architect, Open Source
Integration specialist
http://about.me/raulkripalani | http://www.linkedin.com/in/raulkripalani
http://blog.raulkr.net | twitter: @raulvk

Claus Ibsen
Red Hat, Inc.
Email: cibsen@redhat.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen
hawtio: http://hawt.io/
fabric8: http://fabric8.io/

Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 3 of 5 | next ›
Discussion Overview
groupusers @
postedApr 17, '15 at 10:14a
activeApr 27, '15 at 4:56a



site design / logo © 2022 Grokbase