Over the last 6 months or so since the COVID lockdown started, I have started to see a lot of enterprise companies deciding that they should cut costs by opting to use opensource software because they legitimately don't need to pay for it. What's even more alarming, is that companies who are opting to do this do not seem to really understand what pandora's box of risks is being let out by opting for this route. I write in this article points to consider which are a real financial risk for an enterprise company by using unprotected software. It's akin to having protected sex. You may get away with it for a long time, but at some point, laws of probability say you will get caught out.
Let's flip to the other side of this coin. Clearly I am in the opensource software business and anything I might say in this article could be seen as promoting a sale. For those who have been a follower of my social media, will know I have a passion for Opensource and the basic tenet of why it exists. First and foremost the opensource movement was about driving innovation. Companies selling closed source licensed products are limited by fiscal boundaries as to what and how much talent they can employ. The quantity and quality of talent they employ are also a limiting factor to innovation. Opensource collaboration allows a worldwide community of passionate engineers to share and contribute their ideas. You just can't get this level of brain trust on a project unless you have a bottomless pit of investment funds.
Opensource has its cons. An upside of using closed source software is that the company producing it will be very conscious of offering a quality controlled product with strict SLA's. At the end of the day, they don't want to be sued for negligence, through the use of the product they produce. This is why most opt to and pay for closed source licenses. It offers us protection and recourse in case that protection fails.
If you choose to use opensource software downloaded from the free community, you don't have all the trimmings of closed source. Who is checking the quality of the code for bugs, Backdoor hacks, viruses, etc? Answer; NOBODY. That's because most people who contribute to opensource are not paid to do all that stuff. The opensource product is offered freely but you are responsible for shielding yourself if you use it. Then there is the question of industry-specific governance and compliance. Is all this opensource certified for your industry? Who pays for such certifications given it costs millions in some cases? Answer; NOBODY.
I lot of vendors have their businesses based on offering opensource products and they offer paid-for support for those offerings. Many times I hear enterprise users say that paid support is just in case they need help to fix a bug. They use this as a basis to save costs and not pay. That's fine and a legitimate position to take. However what of the other things I mentioned earlier? Who is checking the code your business is built on? Who is getting all the certifications of that code? Even more alarming, Opensource may not be free of all obligations to pay. In 2017 the most unexpected thing happened. A developer and contributor to opensource started to make copyright claims from end-users of opensource software downloaded from the community. You can guess what happened. You can read about it in the link below.
In my discussions with C-Suite executives, I have quite often found the question of opensource risk being deferred to the technical team. You can't afford a risk assessment just based on just the frequency of which you may or may not log a bug fix request.
Your Gateway to Stay Connected with Your Community Awaits