Problems with Free and Open Source Collaboration Platforms

Recently, one of our government clients that uses Communifire internally shifted their public facing ASP.NET website to Drupal, an open source CMS platform.

Within two weeks of going online with the new Drupal version their site was hacked by a Philippines based hacking group. The entire episode was very embarrassing. They had to shut down the site for 5 days and re-launch the old .NET based site.

The managers there firmly beileved that FOSS (Free and Open Source Systems) should be widely promoted throughout various government organizations.

I am an open source follower myself, but I think that before making a switch to FOSS one should consider all the pros and cons, instead of blindly advocating open source platforms just because its "free and open".

As a general rule I would never recommend using an open source CMS platform for a sensitive government website, since it might hold confidential data.

Open source has its own advantages, but it is the disadvantages most people overlook.

Let me highlight some of these problems.

Things to consider before moving to Open Source a CMS/Collaboration Platform

1. Open source collaboration systems are more hack-prone than closed source

Many people assert that collaboration and peer work make open source platforms stable and less buggy. But the fact remains, any hacker with programming knowledge can examine the entire source code of such a system and come up with multiple ways of hacking it.

Closed-source products, in comparison, are more difficult to hack. They involve a lot more trial-and-error or brute force attacks rather than pre-medidated, targeted attacks, which open source platforms are vunerbale to.

"But what about Linux?" Some will argue that it is much more secure when compared to Windows. But they forget that Linux is based on Unix, one of the most secure systems, built with security in mind.

But open source CMS platforms like Drupal, Joomla, Wordpress, etc do not have that luxury. It is at least 10 times (or more) easier to hack an open source system when compared to a closed source platform.

This is the primary reason why sensitive US government websites and systems use their own secure private systems instead of open source platforms. Even the White House uses a private operating system built specifically by NASA.

2. Legal licensing issues with Open Source Software

Most people mistakenly assume that open source is by default "free". This is not neccessarily true.

Usually BSD (Berkeley Software Distribution) / MIT licensed software is essentially free and can be distributed commerically. There is also the GPL (General Public License) and LGPL (Library General Public License), which has many restrictions in place.

I would advise going through the licensing terms carefully before selecting your open source platforms.

3. Bad code quality

Some open source systems are much better than most commercial systems. For example, memcached, Lucene, and Linux are platforms that are not only superior to commercial alternatives, but they all feature code quality that is above standard.

But, still, a lot of open source collaboration software has poorly written, badly managed code. This not only hurts performance, but also makes it impossible to scale when the load grows.

Remember the Twitter story: they had to ditch the Rails platform because it was not as scalable as they expected.

From http://www.lambdassociates.org/blog/the_problems_of_open_source.htm:  

Why is Free Software so Bad in Quality?

Most free software is poor or unusable. It's not apparent because protagonists like to use the isolated points fallacy to sell the idea FOSS is great. The isolated points fallacy consists in taking the high scoring points on the graph and ignoring all the other points. Hence FOSS champions wheel out the standard examples of success - Star Office, Emacs, Red Hat Linux, and SBCL - ignoring the vast sea of floating half submerged buggy and abandoned projects (over 120,000) that litter SourceForge. It is the sort of technique Mugabe would use for TV. If you're accused of starving the country, wheel out a handful of well nourished kids for people to see. 'Look, our country is fine; see how healthy these kids are'. Out in the slums the less fortunate die of cholera.

In practice the great debate between BSD/MIT, GPL and the closed source people there is an important truth about software development which gets obscured. It's absolutely basic. Here it is.

Good software arises when one or more very good programmers work closely full time together over a period of time developing, maintaining and improving it.

That's it. Very simple. Except its not, because if you're lucky enough to attract such a team you need to keep them together. And for that you need capital and that is exactly where FOSS falls down.

4. Poor or lacking support

Most open source platforms have poor support - or little to no support options at all.  So, if you get stuck, you will have to depend on the community feedback and support, unlike professional software support agreements backed by time-bound SLAs.

Sometimes you need a solution urgently, and waiting 2-3 days or more to get support on your critical issue is not a feasible scenario.

This is where dedicated managed support comes in handy.

To summarize, open source software is one of the greatest things that has happened in the IT industry, and it will continue to grow. There are many amazing open source tools, but using open source systems for sensitive public facing communities can be a risky affair.

In the long-run, maintaining a "free" open source platform can turn out to be much more expensive than a commerically backed solution.

In another related post, I answer the question, "Why should we consider a paid social software platform when there are readily available options built on open source software for free?"