“Should we go open source or proprietary?”
That oft-repeated question is actually not so black and white—and like most things in life there is a whole lot of grey. Today, open source is usually not purely open source. And, die-hard proprietary software companies are today buying open source companies and running their own open source projects. Net-net, both the open source and proprietary models produce good software—and that’s what we all want in the end. But, I’d simply like to debunk some common myths about what open source software really is.
Myth #1: Open Source = 100% Open Source
Turns out there is a lot of middle-ground — and there are actually few instances in which a company maintains purity. In fact, many companies claim their software is open source but actually sell a product that may only be 80 percent open source, with proprietary add-ons. This is particularly common with major companies using the Apache distribution of Hadoop. On the flip-side, many big traditional software companies who have shunned open source are actually buying up smaller open source companies and integrating their product into larger proprietary offerings.
Myth #2: Open Source = Free
One CEO of an open source software company recently said, “do open source, but just buy it from us.” With open source software, there is a huge pricing spectrum from free to very expensive. More often than not, there is an enterprise edition with a pricey commercial license, and only a stripped-down “community edition” with a free GNU AGPL license, but (the AGPL license is tricky, too, because it actually means that the company gets to profit from your code contributions). In an interview with Computer Business Review, MongoDB CEO Dev Ittycheria admitted “we open sourced [MongoDB] as a freemium strategy” – i.e., to drive adoption for their paid licenses. Also, open source software usually comes in a large box labeled “some assembly required,” so a company is really just shifting its costs to the labor category.
Myth #3: Mixing Licenses is OK
So if enterprise licenses are expensive, why not just reserve those licenses for production servers and use the community edition for dev servers? Nope. Most open source companies expressly forbid mixing licenses. If you want the enterprise features, they aren’t free. Most companies basing their product on allegedly free open source have policies to ensure that you’ll end up buying from them at some point. If they don’t, then I’d steer clear because the company is likely shredding VC money and will either hike prices later or go bankrupt.
Myth #4: Open Source = Crowd Sourced
It’s easy these days to take a look at GitHub and see how many people are actively contributing to open source projects. The truth is, even for companies claiming thousands of followers, there are only a handful of people actually contributing significantly to the core product. Not exactly a crowd. And, to contribute, developers have to enter into an agreement with the company to give them full rights over their contributions. TechRepublic noted that “While open source companies tend to do a lot of hand-waving about community, the reality is that invariably they mean ‘community of users,’ not of contributing developers.”
Myth #5: Open Source Quality Is Superior
If measuring quality only by the number of defects, then open source and proprietary software are about equal. But, there’s more to software quality than defects. The Synopsys Cybersecurity Research Center notes that the growth of open source usage within commercial applications has introduced security and vulnerability risks for organizations that aren’t carefully managing and maintaining their software.
The most concerning trend in this year’s analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year. Similarly, nearly half (49%) of the codebases contained high-risk vulnerabilities, compared to 40% just 12 months prior.
Synopsys, May 2020
MarkLogic is proprietary software but provides a free developer’s license, which gives developers the ability to download and install the FULL capabilities of MarkLogic and get going in a few minutes. And, MarkLogic makes some projects open source.
I think that MarkLogic’s approach has helped ensure dedication to building strong enterprise features at the core of the product, while still offering an opportunity for developers to contribute code and engage in a community around the product. In other words, MarkLogic is taking an approach that gets the best of both worlds, which seems to be where the world is heading. Because, at the end, we all just want good software.