Is open-source the right solution for my company?

Does proprietary software devour a large chunk of your budget in fees? Do you toy with the idea to try open-source but are not entirely convinced? Read our article to discover more on the subject, weigh pros against cons, see ways of mitigating risks, and decide whether that whole open-source business is something for you.

Hubert International Expansion Unit

20 April 2022

On the face of it, open-source seems like a legitimate alternative. You have probably used it yourself by writing documents in OpenOffice or plotting travel routes in OpenStreetMap. But how feasible is it for business? Is it safe? Is it really free? What benefits does it bring to the table apart from replacing paid software? If these questions keep you up at night, you’ve come to the right place. Let’s take a close and hard look at open source and whether it makes any sense for your business.

The pros

A key advantage of open source is the amount of power it can give you through access to knowledge: code and documentation. Created, maintained, updated, and reviewed by a host of volunteer developers, open-source projects usually come with extensive documentation and are backed by a community of creators willing to answer any questions, whether on subject-specific forums or on general Q&A websites such as StackOverflow.

A key advantage of open source is the amount of power it can give you through access to knowledge: code and documentation.

Open source can spoil you for choice. According to Statista.com, in 2021 alone there were nearly 2 million open source projects in JavaScript, around half a million in Java, with Python and .NET running up close at 300 thousand projects each. This wealth of available options gives you immense flexibility in choosing precisely what you need for your company.

Open source can spoil you for choice with its millions of available repositories.

Even when you can’t find exactly what you’re looking for, open-source projects can be merged for the desired result. This is the compounded effect of the previous two points: first, because you can look under the hood of open source projects, you can also figure out how to connect them; and second, there are so many open-source projects out there that the possibilities of combining them are endless. Imagine fusing two cars to create one in which the safety of Volvo meets the beauty of Porsche. That’s what you can achieve with open source.

Imagine fusing two cars to create one in which the safety of Volvo meets the beauty of Porsche. That’s what you can achieve with open source.

Open source is also hailed as “free” software. “Free” has two common meanings in the English language: one is “not controlled”, the other “at no cost”. Open source unites the two senses of “free”, letting you x-ray it to your heart’s content without spending a penny for it.

Open source unites the two senses of “free”: you can x-ray it to your heart’s content without spending a penny for it.

Does open source seem too good to be true? It is fully transparent with robust and responsive communities behind it, abundant, flexible, and free as in “free beer”. There must be a catch somewhere.

The cons

A widespread concern over open source is its safety. Entrepreneurs are worried that using open source code automatically exposes the data it processes. While it’s not entirely accurate, there is a grain of truth to that. The sole fact that open source code is open does not mean the same for the data. Think about a car. You may know everything about how it’s built and works, but you won’t penetrate it without the knowledge, skills, and tools of a lockpicker. The cargo will remain safe in the trunk despite its “code” being open. Imagine, however, that you have both the knowledge of the car’s anatomy and lockpicking. Is it easier for you to devise a way of breaking into the vehicle? Certainly. That’s a safety risk inherent in using open source projects: you’re not handing away data, but skilled individuals will find it easier – though still not trivial – to reverse engineer an exploit by looking at the publicly available “blueprints” of the code. One way to mitigate that danger could be to alter the code so the blueprints don’t reflect it perfectly. However, this is like shooting sparrows with cannons. What about the locks in your company’s doors? Are they tailor-made or mass-produced to the same, universal design that can be compromised by anyone with access to The Lockpicker’s Handbook?

With open-source, you’re not handing away data, but skilled individuals will find it easier – though still not trivial – to reverse engineer an exploit by looking at the publicly available “blueprints” of the code.

We know that open source is free, but is it open? “Open” means “not secret”, “not enclosed”, or “not restricted”. The last definition doesn’t always apply to open source. The fact that someone borrows you their car for free doesn’t mean you can drive it without a license. Similarly, using open source is liable to specific licensing. Performing due diligence on a single open source license may take your lawyers even a month. Alternatively, you can visit choosealicense.com, a website collecting and explaining the most popular open-source licenses. Unfortunately, the database is not comprehensive, so you may still encounter a license which isn’t included there.

Performing due diligence on a single open source license may take your lawyers even a month.

“Success has many fathers, failure is an orphan”. Nowhere is this statement truer than for open source. Open source projects can and do work wonders, but once something goes awry, people tend to wash their hands of responsibility. It’s understandable. Why should any one person take the blame for a bug in a project whose creation involved long hours of unsupervised voluntary work alongside other, dispersed contributors? While it’s unreasonable to expect any of them to take ownership of the project, it means that the buck stops with you. Your company will need to fix and answer for any bugs in open source code – unless a development partner or a technology consultant does it for them. Companies such as Clurgo can serve as a safety buffer between an open-source project and your business. That’s why many choose to hire them. The comfort of sleeping better at night because someone with more experience takes over is worth an extra expense.

“Success has many fathers, failure is an orphan”: nowhere is this statement truer than for open source. Placing responsibility for open-source behavior may pose a real challenge.

Open source projects are indeed “backed by a community of creators willing to answer any questions”. With one caveat: you never know how fast an open source community will reply to a query or address a reported issue. Worst-case scenario? Never. There is no cap on response time or no guarantee that you will even get a response. Remember that open source is maintained by the same type of people who make it: volunteers. To put it bluntly, the only thing that binds them is honor. Additionally, they’re scattered across different places and time zones, making prompt communication a challenge. So every time you post a query on a website like StackOverflow, you’re essentially throwing a dice on if and when you’ll hear back from anyone.

You never know how fast an open source community will reply to a query or address a reported issue. Worst-case scenario? Never.

There are two ways to get around it. One is to choose popular and widely adopted projects. The more people are involved, the more likely a quick reaction becomes. Another option is to go for a commercial variety of the open-source project you set your eyes on. Take Kubernetes. In this case, you can try Mirantis or Tanzu, for example. The benefit of this approach is that most of such solutions come with continuous and flexible support. Sound better? You can make yourself even more comfortable by hiring a development partner with experience in operating commercial open source varieties. This way you’re setting up two lines of defense instead of just one.

To mitigate the risks of using open-source, you can do one or more of the following:
a) choose popular and widely adopted projects;
b) go for commercial open-source software,
because the company that develops it will vouch for its reliability
and take ownership if it fails.
c) get a technology consultancy on board, as they will react
the fastest to any emergencies.

The verdict

Open source has many potential applications in business areas. It can also bring quite a few benefits, such as a huge knowledge base, lower costs, increased productivity and flexibility. There are some risks, but none that can’t be offset by outsourcing expertise. Apart from licensing, which requires the involvement of lawyers or relying on specific, informational websites, all liabilities of open source can be mitigated by a technology consultancy company such as Clurgo. We know our way around open source. We can not only advise you on which project to choose, but also take ownership of the entire process from implementation to maintenance. You won’t have to lift a finger except for sending us a message.

bannerbanner

Your software development experts

We’re a team of experienced and skilled software developers – and people you’ll enjoy working with.

Start Your Projectadd