When discussing the pros and cons of open source software (OSS), most people will immediately list legal or security risks with OSS as huge cons. But the truth is the risks are no different than using commercial software. If you violate a commercial license or if the commercial software you use has a security flaw (and we all know commercial software is full of security issues) than the same could be said about commercial software in general. But the truth is you have to be smart about OSS. You have to understand why it’s important to know where it came from, how it’s licensed, and how to use it to lower your risks, just like you do with commercial software.
I’ve been working in the software industry for many years now, and I’ve spent the last seven years helping organizations understand and manage the risks associated with OSS. After all these years it has really sunk in for me that a little knowledge goes a long way. There are many reasons that you should take the time to learn more about OSS.
Following is a short list of just some of reasons it’s important for organizations, and in particular, developers and their manager, to take the time to learn more about OSS.
1) It has a license
Even though OSS is by nature, free, if you violate the license the author has the right to terminate your license and stop you from using the software. Other bad things can happen too, like getting sued for license violations.
2) You didn’t write it
Most OSS is copyrighted. Just like in literature, if you plagiarize someone else’s work without attribution you may be violating copyright law and have to pay associated penalties.
3) It may have security flaws
What software doesn’t have flaws? But how do you track and contain these issues is what’s important. Knowing where and how you use OSS and how to track security information is essential.
4) You may want to update it someday
Commercial vendors spend millions of dollars trying to get you to buy the next, latest and greatest thing. The OSS world doesn’t care. You have to be your own advocate.
5) It doesn’t always work
Who ya gonna call? You probably pay for support for most of your commercial products. You can actually do the same with most major OSS today. Should you, do you need to? You will need to decide.
6) Your company may have a policy regarding use of OSS
How can anyone be asked to follow a policy if they don’t know the basics of OSS?
7) OSS is not one thing
There’s free then there’s free. Freeware, shareware, open source, freeware with an open source license, commercial open source, and free for research and development are just some of the terms you need to understand to stay out of trouble.
8) There’s not that much to understand
The good news is that it doesn’t take very much effort to gain a good working knowledge of the do’s and don’ts of OSS.
9) It’s easier to track than to find
If you don’t know much about OSS there’s a good chance you don’t know where it is in your code. That may be fine today, but what about a year or two from now when you (or your manager) needs to find where you used someone else’s code in you application? It may be difficult to find it after the fact. Tracking the point of entry into an organization and intended use, and verifying on a regular basis is much more affective.
10) There’s no excuse
You have a moral responsibility to your organization, to the original author who created the code, and to yourself to know what’s going into your application. With just a little knowledge of OSS basics you can take the high road and make life easier for everyone involved.
I’m sure most of you are thinking, “I could come up with a hundred reasons why I don’t need to know more about OSS,” including “I don’t have time.” But like most things we do in our work, if we take the time to better understand the tools we use we end up saving more time in the long run. Understanding a few key issues about OSS won’t take much time initially. If you do this, you will find that your use of OSS will be more efficient and you can substantially lower the associated risks.