Open Source Software - Good, but not risk, cost, or management-free

Written By:
Content Copyright © 2021 Bloor. All Rights Reserved.
Also posted on: Bloor blogs


I am a huge supporter of Open Source Software (OSS). But it is not “free software” in any real sense – not cost free, not risk free, not management free.

This article from El Reg highlights some of the risk around the sustainability of OSS. I’d add that OSS contribution is often ego-driven, which can be good (pride hates others discovering defects) or bad (pride discourages collaboration).

The subheading of this article is pretty much right: “much of the OSS world is critically underfunded yet critically important”. The article goes on to raise issues from the point of view of OSS developers and suggests remedies. Even at the developer welfare level: “Linux Conf AU, held in Huntley’s [Huntley is quoted in the article] native Australia, has taken to making a psychologist available for OSS devs on site”, it reports.

OSS management is an interesting issue that is often overlooked. And not just by techies – business managers should be aware of the issues too, if they are to trust processes enabled by OSS.

I think that business management of OSS matters and isn’t really covered in the article. There are at least two requirements for mutable businesses, in a constant state of evolution, if they are to use OSS safely:

  1. Configuration management for OSS. You must know what OSS you have, where it is, what state it is in, who is responsible for it, what business function is impacted by its failure etc. But you’re doing that already, for your COTS (Commercial Off The Shelf) and home-built software – aren’t you? And if not, why not?
  2. The use of “Commercial OSS” support licenses. If you treat OSS as a free resource which never goes wrong, you deserve whatever happens to you.…

Why bother? Well, OSS has value for innovation and its source code transparency has value too; while COTS has its own issues (the vendor isn’t always your friend). OSS is not more or less risky than COTS, it is differently risky.

But, OSS must be managed properly.