Making Safe Choices When Opting for Open Source in Your Business

DZone 's Guide to

Making Safe Choices When Opting for Open Source in Your Business

Here's why open source may not be safe for your business.

· Open Source Zone ·
Free Resource

Open source is not safe.

Despite the popularity of OS software, one developer argues why open source could not be safe for your business.

Whether you are looking for a document management system or a development framework for your next business application, you might be considering open-source solutions. However, making the right choice that meets your requirements doesn't necessarily mean it's a safe choice.

Imagine a company is using a system (could be an ERP, CRM, DMS, ESB — the list goes on) for a couple of years, and that system relies on an open-source framework for that one day, for whatever reason, stops receiving maintenance updates, and the next version will be released under a different open-source license with more restrictions.

You may also like: How to Secure Open Source Software

What should be the stakeholder's decision? They should put a hold on the use of the system or continue with it and accept all the risks, while preparing for alternatives, either way, there will be a cost to pay and the business continuity will have unavoidable issues.

So how to protect the business, if your company chooses to adopt opensource? Here are three aspects that should be taken into account, when looking for a solution in the opensource software.

1) Contributors Dedication

Both hobbyists and professionals contribute to open-source for different purposes.

Hobbyists love to write code for free and make production-ready software, while professionals, who also build solutions for free, aim to sustain their activity by offering paid support and/or receiving funds.

Dedicated contributors have a clear and long term plan for their software, and some of the indicators that the project holds a dedicated team include:

  • The software has an LTS version (long term support)

  • The software project is run mainly by full-time team members.

  • The documentation is comprehensive, well-organized, and regularly updated. This measures how seriously the project is taken by the team.

2) Community Activities

An open-source community is composed of contributors and end-users; they use forums, blogs, bug trackers, and messaging applications to share their experiences with the software.

An active community has frequent interactions with the contributors, which is a good sign that the software has a solid support foundation.

This means concerns and bugs have a high chance of being solved in the shortest time, which, in turn, brings confidence to the business.

Some of the indicators that you can look for are:

  •  The community is heavily interacting through third-party platforms like Stackoverflow; this could be the ultimate indicator!

  •  Contributors and developers are actives on forums and blogs, a two years old blog with recent answered comments can prove the team is still on board.

3) End-Users Profile

For most of the open-source software, there is a listing of companies that use that software.

An open-source software with renowned companies in their ‘who is using it’ list proves how capable the software is in earning trust from its users.

The list doesn’t have to include some 500 Fortune companies; however, a mix of companies from different industries is a good sign that the software is reliable and safe for the businesses.


Some may conclude that the three points are relatively tied together, this is indeed true in most cases. For instance, open-source software with high profile users are very likely to have an active community and dedicated contributors. However, open-source software with high visibly, dedicated contributors, and an active community has a good chance at gaining the attention of high profile companies, without actually having them as users.

The point is to check each aspect individually and avoid the early conclusion.

Further Reading

Why You Need to Think Differently About Open Source Security

How to Secure Open Source Software

Open Source Software Security Risks and Best Practices

cio ,decision making ,opensource ,software - technology

Published at DZone with permission of Abdelhamid A . See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}