Build or Buy: Open Source or Commercial Software
When your organization is planning and developing a new software system, one of the big technology questions that comes up is whether to use open source or commercial software.
While Synopsys notes that nearly all the software they’ve audited contains at least some open source components, a heavy reliance on open source software throughout your technology stack can impact the success of your project – and not in a good way. Keep reading to learn about things you should be considering when designing your solution.
Make sure you can get your system into production when you need it
Open source projects often concentrate on the technology without planning how end-users will use it or solve problems. It’s up to your in-house development team or systems integrator to spend time wiring many pieces together to make it all work for your organization. The more components that need to be integrated, the longer it tends to take for your users to get the application they need.
While it may be relatively quick and easy to download some open source components and develop a prototype, getting a system into production is a whole different ballgame. For example, you need to ensure that the system can scale to meet real-life needs, and adhere to your organization’s governance and security policies. We’ve seen numerous situations where a system that looks great in a demo situation can’t get authorized for production use – which means you’re back to the drawing board.
When you’re evaluating your options, ask these questions:
- Have these software components been proven to work in a production environment like ours?
- How much time (and money) will we be spending on back-end integration work versus developing applications to satisfy user requirements?
- How long can our users wait for the system to be developed and deployed?
Calculating the cost of open source software may surprise you
There’s an old adage that says “if it sounds too good to be true, it probably is.” If you think open source software is the answer to keeping your costs down – because it’s “free” – you should dig a little deeper. In his post “5 Open Source Myths,” my colleague Matt Allen breaks down common misunderstandings about open source costs and licensing in myths #2 and #3.
You also need to be thinking about total cost of ownership for your solution – both the initial development as well as ongoing maintenance. The choice of open source software often backfires when enterprise architects and development managers investigate the real costs of trying to build – and maintain – custom software solutions from disparate libraries of software components. These costs often run hundreds of thousands or millions of dollars.
When you’re evaluating the cost of a solution, ask these questions:
- What are the labor costs of integrating the open source components, and how do those compare to costs associated with commercial software alternatives? Could a more complete, ready-to-use commercial software option reduce those labor costs?
- What are the license and support costs of the open source components, and how do those compare to costs associated with commercial software alternatives? Could a commercial software option actually wind up being less expensive?
Hidden risks of open source software for complex systems
Assuming your in-house development team or systems integrator has addressed the above questions to your satisfaction, there are still a few more things you should be asking.
- How much work will be involved in maintaining the solution? A system built with unrelated components requires that each of those components gets updated separately – e.g. to apply functional or security patches – and then the system tested as a whole to make sure nothing’s broken as a result. You need to plan for this cost and time.
- What is the plan if one or more of the open source components is no longer maintained, or no longer meets our needs? Open source coders and programmers work voluntarily, and they might choose not to develop updates or enhancements.
- Are there limitations in terms of infrastructure environments? Moving to the cloud (or between clouds, or back on-premises) can be harder – if not impossible – with a system that was built for a specific environment.
- How difficult will it be to update the solution if – or more likely, when – our requirements change? The more complex a system is, the harder it may be to make changes.
- Can we successfully implement the security controls we need? Some open source software is designed for less-secure environments, and turning on tighter security controls degrades system performance.
- How are we ensuring against ongoing vulnerabilities? The Synopsys 2020 Open Source Security and Risk Analysis Report notes that “The open source community usually issues small updates at a much faster pace than the average commercial software vendor. When these updates contain security updates, companies need to have a strategy to adopt them rapidly. But because open source updates need to be ‘pulled’ by users, an alarming number of companies consuming open source components don’t apply the patches they need, opening their business to the risk of attack and applications to potential exploits. In fact, many organizations are startlingly behind in using the latest version of any given open source component.”
- Are we protected against license risks? Organizations can face litigation if code fragments or patches infringe on patent protections. In its 2019 audit, Synopsys found that 73% of the codebases contained components with license conflicts or no license.
Trust a house of cards or use a solid platform
Every organization wants to save money, and the temptation to build a custom system from free code appeals to budget-conscious developers. (They often forget that their time is not free.) However, the risks, hidden development costs and time needed to implement functional systems, debug and test the software – and maintain the solution over time – makes building an open source IT system a risky venture.
Consider the advantages of licensing ready-to-use commercial software to streamline operations, save money and upgrade IT capabilities to meet the challenges of rapidly evolving technologies. MarkLogic has spent years testing and debugging code so that clients enjoy functional software that system administrators, executives and users love – and which gets your solution deployed in much less time than alternative approaches. Choosing to implement MarkLogic’s multi-model Data Hub Platform solves the logistical problems IT developers face when trying to build their own systems from a suite of open source components.