Open source software solutions have experienced tremendous growth in the past few years. Now, a huge range of companies utilize open source tools for countless applications, and more organizations embrace the technology every day. Yet the question of whether open source solutions are ideal for a particular company is often muddled. Specifically, as industry expert Michele Chubirka recently highlighted for InformationWeek, firms mistakenly believe that they must totally embrace either open source or commercial solutions, and that one is inherently, consistently superior to the other. Chubirka argued that in reality these approaches are not nearly as dissimilar as many believe, and that the decision of whether to pursue open source software should be made on a case-by-case basis.
Open source consideration
Chubirka noted that many company decision-makers have somewhat inaccurate views of the relative merits of open source and commercial software. There are stereotypes attached to each, and these generalizations serve to obscure and confuse.
"Open-source users are often viewed as strapped for cash, usually in the academic or non-profit realms, [and] therefore willing to accept the risk involved with a product that isn't backed by a profit-driven company. Enterprise users are perceived as needing the stability and certainty that come in the form of a support contract with a commercial product," Chubirka wrote.
Yet as the writer argued, these views are hardly accurate. In reality, the lines between open source and commercial products are far less distinct or defined. Companies can and do use both types of software for a diverse range of reasons. Yet when decision-makers see open source and commercial options in these extreme terms, they are led to believe that there is a dichotomy here which doesn't really exist. Open source is not an always/never proposition.
Chubirka noted that in many areas, both open source and commercial software tools have similar strengths and weaknesses. Cybersecurity is a key example.
"At least in the security realm, problems don't discriminate between the commercial and open-source realms – neither are exempt from embarrassing vulnerabilities," the writer explained. "One only has to make a cursory examination of the latest US-CERT notifications to debunk that myth. There are plenty of commercial products that make appearances alongside open source, even with their bug bounties and impressive security budgets."
Further hitting home this point, Chubirka pointed out that open source software is frequently used as the foundation for commercial products. This does not make commercial products better or worse, but does highlight the fact that the seeming gap between these and open source solutions is not nearly as prevalent as many believe.
Rather than open source being inherently better or worse, the quality of a given tool or product should be judged on its own merits, not whichever category it falls into. Chubirka recommended that business decision-makers look first to their company's unique requirements, rather than the nature of open source and commercial solutions, when deciding which technology to pursue.
Open source issues
That being said, it is also true that companies must approach open source solutions somewhat differently than commercial products. If a business does not appreciate this distinction, it may open itself up to cybersecurity threats.
Steven Norton recently highlighted this issue for The Wall Street Journal. He emphasized the fact that companies must bear the responsibility for securing their open source software tools. This can be a challenge.
"Given the differing levels of support for certain open source projects, how best to deal with vulnerabilities can vary from project to project, and it isn't always easy to determine what to do when a flaw is discovered," Norton wrote.
Speaking to the source, Tal Klein, vice president of strategy at a SaaS security firm, explained that the security of open source solutions largely boils down to a given company's level of commitment. If an organization provides sufficient support, the open source code should receive enough attention and oversight to ensure that any flaws or vulnerabilities are identified early on, before they cause serious problems. However, Klein emphasized that an under-resourced open source project can make it difficult for a business to protect itself against such shortcomings.