Many companies use open source software, but are the business risks worth it?
In 2001, Craig Mundie, senior vice president of advanced strategies at Microsoft, told the audience at New York University’s Stern School of Business that open source solutions were bad for business. Fast forward to 2016 where more than “65 percent of companies are contributing to open source projects.”
Was Mundie wrong? Did he just not understand the potential that open source solutions could bring to both businesses and customers?
After fifteen years, it turns out that Mundie’s concerns were incredibly valid. In fact, despite some of the advantages, open source can become troublesome for a small business owner, like myself. Here's how open source can destroy your business, like it has one of my businesses in the past, as well as a few tips to protect yourself.
There Are Hidden Costs Involved
Open source advocates have long proclaimed that using open source software was more cost effective than the typical software solutions. And, yes, while open source solutions are free to use, there are still costs to consider — especially if you don’t have the skillset to tinker with coding.
Raj Sabhlok explains this perfectly on Forbes: “Not everyone has the desire or the skills to support, maintain and even enhance a software solution. And that’s what you’re doing with open source: You’re responsible for maintaining, enhancing and customizing the application to meet your needs.”
Sabhlok adds, “Think of commercial software as a house and open source software as everything you need to build a house — raw lumber, nails, sheetrock, windows, plumbing fixtures and the rest. You can spend your money and buy the house, or you can spend your time and build the house. Either way, you pay for your house.”
Like a DIY house, you're on your own if something goes wrong with your open source application. While there is help online, there could be too much information, which “may lead to one or more wild goose chases as you hunt down and fix the problem yourself.”
You also need to factor in the costs of the ongoing maintenance and support, as well as the up-front development. If that isn’t accounted for in your budget, then you could be in for a rude awakening when it’s time to start managing your expenses. If your business is on a limited budget, then this could be a major hurdle to overcome. In fact, in some cases, it may just be more effective to go with traditional solutions. This probably isn’t a concern when using LibreOffice over Microsoft. However, sometimes getting into more complicated programs, such as open source invoicing companies may become problematic if you don’t possess the proper skills.
If your business is relying on open source solutions and aren’t monitoring its effectiveness and properly tracking it, then you’re doing yourself a huge disservice. According to the Future of Open Source Survey conducted by Black Duck Software and North Bridge, “50 percent of companies have no formal policy for selecting and approving open source code.” Furthermore, “47 percent of companies don’t have formal processes in place to track open source code, limiting their visibility into their open source and therefore their ability to control it.”
This should go without saying, but having documented processes and procedures in place for your business ensures that it’s operating smoothly. These systems will help your business grow and determine your success or failure.
When Sonatype and Aspect Security released a paper discussing their findings regarding open source security, Sonatype’s Tim O’Brien stated “it's a shocking look at how few people are paying attention to application security.”
The report then found that well-known open source projects, such as Google Web Toolkit, Spring MVC, Struts 1.X. and Hibernate, all had serious vulnerabilities. In fact, around 50 percent of the largest corporations were running applications that contained vulnerabilities.
That report, however, was released in 2012. Surely security has been improved.
Not according to the Black Duck Software and North Bridge report which found that 55 percent of respondents believed that open source solutions provided superior security. The report also stated that security hasn’t been able to keep pace with the amount of open source users.
Don’t think that security should be major concern? Just remember that around “60 percent of small businesses close within six months of a cyber attack.”
It Infringes on Intellectual Property
Unlike software that is created in-house, “open-source code comes from an amorphous community of unknown people, and parts of it are much more likely than homegrown software to have been copied from someone’s proprietary code,” writes Scott Wilson.
Open-source codes also can't guarantee that it doesn’t infringe on some third party’s intellectual-property rights — and there's no legal protection if is does. In other words, your business would have to fend for itself if it were sued for patent, copyright, or trade-secret infringement over code. My company had this problem and it nearly destroyed us. Someone went and put in what they thought would help our company and users. Turns out that was intellectual property of someone else. Six months later, we received a court notice.
Fighting a legal battle over intellectual property just doesn't involve legal costs, but also emotional costs, changes to the structure of your business and loss of business to your competitors. It took us years and a lot of money to fight..
The Business Model is Broken
What if your business is built around an open source service or product? Expect an uphill battle. Peter Levine, a partner at Andreessen Horowitz, writes that there will never be another company like Red Hat, the successful Linux operating system company, because “the business model simply does not enable adequate funding of ongoing investments.”
Additionally, as Matt Asay writes, “the Amazons of the world are increasingly eating the Red Hats of the world — one SaaS business at a time.” As someone who has tangled with Amazon, you can be certain that that’s a battle you’re not going to win. They've got more money and time that you'll ever have. You can play by their rules, but don’t expect that you can challenge the big boys like Amazon, Google, Microsoft, Oracle and Facebook.
What’s the Alternative?
Levine suggests that businesses package “open source into a service (as in cloud computing or software-as-a-service) or as a software or hardware appliance.” By doing so, “companies can monetize open source with a far more robust and flexible model, encouraging innovation, and on-going investment in software development.”
The other option for business owners is to invest in off-the-shelf solutions. These solutions have generic functions and a set user interface for content management, and often have plugin-systems for customization. This is an option if you have a limited budget, skill set and amount of time.
Photo credit: photovibes/Shutterstock