Open Source Risks

Has any one ever told you that open source has risks? Sure you've heard the media spin, it's more secure, more stable, more cost effective and has shorter development time but rarely does the media put a spotlight on its serious short comings.

Firstly, what is open source?

Open Source is shared code. The principle behind open source is that if code is shared and modified by a community that the code will evolve and improve. However there are no qualifications to becoming a community member and therefore no guarantees about the quality of the code or its security.

"Without contractual commitments of quality or fitness, the licencee must accept the risk that the software contains fatal errors, viruses or other problems that may have downstream financial consequences." Source

The open source community is naive to believe that developers have not put back doors in the code to allow them to hack into websites using open source and that we are all living in some sort of software utopia where everyone loves each other, helps each other out and gives code away for free. There is no doubt that the internet is built on ths sharing of information and that the free exchange of the internet has propelled its development but there has to be a bit of a reality check here. If hackers can find a way into proprietory systems when the source code is not freely available, can they not more easily find their way into open source because the code is free to download? A reasonable person would say, ‘Yes, absolutely.’

Too many cooks

Programming is more dependent on architecture than ingredients. Although open source touts features and a variety of programmers bringing their own style and flair to the open source project, what open source lacks is consistency, quality control and proper architecture.

Although people like to believe that anything is possible with computers, this is far from the truth; computers cannot deal with ambiguity like humans can. Programming depends on logic and problem solving. To most people, the issue of allowing non English characters to website domain names, seems like an easy ask but the chief executive of ICANN warns that it has the potential to break the whole internet.

Programming is not perfect and every system, even a simple form, needs to be rigorously tested. Open source is not as concerned about security or potential conflict in programming that could cripple a system, as fast tracking development and as is evident by ICANN’s chief executive, fast tracking development is hazardous. There are also other issues that are introduced by allowing non English characters in domain names; the use of domain names that look similar to legitimate websites by scammers, and the internet is already burdened with SPAM and scammers, is it necessary to open up a whole new world of internet crime?

No commitment

Unlike proprietary software, open source has no commitment to provide updates, of patch vulnerabilities or issues. If you intend to run a business using open source software, you need to be mindful that installing the latest version of the software may stop certain aspects of your website working altogether and there may or may not be a fix.

Open Source Myths

 Open source is not easy to customize. By the nature of how open source is written, in a one size fits most style, if you have specific website requirements, open source is more expensive to configure. If you are happy with the standard install, then in most cases open source will be cheaper (though this will also vary from developer to developer).

 Open Source like any software needs to be kept up to date with changes in browsers and computers but there are no guarantees that if you update your open source website that something won’t go wrong.

 Open Source developers generally work on pay by time rather than under application service provider model. This is because they cannot guarantee the code and there are potentially endless possibilities of things that can go wrong and because of the high risk of weeks or months trying to fix open source bugs and issues. (not to mention the legal risk of being sued when a client site not only stops working but stops working for weeks)

 Potential loss

 It may be tempting to use open source because it is cheap but if you can afford it, using custom built proprietory software will be cheaper in the long run, even if you have to cut back on features and develop only the essential features. Most importantly building a site using open software like Mambo, Joomla or ZenCart has potential risks, difficulty in customizing to specific requirements, and no commitment. The potential loss is more than the investment of money in an open source system, but of time and the time and expense of removing data from an open source system to another system at a later stage. If you are prepared to take that loss, then open source can be a cheaper short term alternative.

 Open Source Advantages

It may sound that this article is totally biased towards not using open source and there is only one exception. If you want to use Open Source for free. ie you're a developer, you've got time to kill and you want to use open source code to develop a website.

If you find an open source project that fits your needs almost exactly.. then certainly, the risk is worth it because the cost of you having to program the exact same code is huge.

Customization is really the problem with open source. Using software "as is" is great but making changes to messy code is a nightware and may often be not possible.