cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

The Pros and Cons of Open-source Tools

Level 11

Cost plays a factor in most IT decisions. Whether the costs are hardware- or software-related, understanding how the tool’s cost will affect the bottom line is important. Typically, it’s the engineer’s or administrator’s task to research tools and/or hardware to fit the organization's needs both fiscally and technologically. Multiple options are available to organizations from open-source tools, proprietary tools, and off-the-shelf tools for purchase. Many organizations prefer to either build their own tools or purchase off-the-shelf solutions that have been tried and tested. However, the option of open-source software has become increasingly popular and adopted by many organizations both in the public and private sector. Open-source software is built, maintained, and updated by a community of individuals on the internet and it can change on the fly. This poses the question: is open-source software suitable for the enterprise? There are both pros and cons that can make that decision easier. 

The Pros of Open-source Software

Open-source software is cost-effective. Most open-source software is free to use. In cases where third-party products are involved, such as plug-ins, there may be a small cost incurred. However, open-source software is meant for anyone to download and do with as they please, to some extent based on licensing. With budgets being tight for many, open-source could be the solution to help stretch your IT dollars.

Constant improvements are a hallmark of open-source software. The idea of open-source software is that it can and will be improved as users see flaws and room for improvements. Open-source software is just that: open, and anyone can update it or improve its usage. A user that finds a bug can fix it and post the updated iteration of the software. Most large-scale enterprise software solutions require major releases to fix bugs and are bound by major release schedules to get the latest and greatest out for their customers.

The Cons of Open-source Software

Open-source software might not stick around. There’s a possibility that the open-source software your organization has hedged their bets on simply goes away. When the community behind updating the software and writing changes to the source code closes up shop, you’re the one now tasked with maintaining it and writing any changes pertinent to your organization. The possibility of this happening makes open-source a vulnerable choice for your organization.

Support isn’t always reliable. When there is an issue with your software or tool, it’s nice to be able to turn to support for help resolving your issue. With open-source software, this isn’t always guaranteed, and if there is support, there aren’t usually the kind of SLAs in place that you would expect with a proprietary enterprise-class software suite.

Security becomes a major issue. Anyone can be hacked. However, the risk is far less when it comes to proprietary software. Due to the nature of open-source software allowing anyone to update the code, the risk of downloading malicious code is much higher. One source referred to using open-source software as “eating from a dirty fork.” When you reach in the drawer for a clean fork, you could be pulling out a dirty utensil. That analogy is right on the money.

The Verdict

Swim at your own risk. Much like the sign you see at a swimming pool when there is no lifeguard present, you have to swim at your own risk. If you are planning on downloading and installing an open-source software package, do your best to scan it and be prepared to accept the risk of using it. There are pros and cons, and it’s important to weigh them with your goals in mind to decide whether or not to use open-source.

32 Comments
Level 14

Very true.  If the open source tools have been around for a while and have a good market take-up then they may be OK.  Linux seems to have taken hold.    Otherwise I tend to stay away.  Enterprise support needs enterprise tools and the business is usually very reticent about using 'free' stuff.  I think they have the "Where's the catch" mentality and they are usually correct.  The catch can be poor support, poor integration, poor visual impression and poor longevity (as you stated).  Whilst it might be free or very cheap to buy, it can be very time-consuming and expensive to install, configure and manage.  In my new job I have inherited a Nagios monitoring solution which just isn't fit for purpose.  Fortunately it has become so clunky and difficult to manage that they have agreed to look for a replacement.  I'm pushing for Solarwinds (not that I'm biased).

Level 14

Thanks for the article.  This is a never ending topic, as it's always evolving.  I can't imagine any IT company using one or the other rather than both.  The question is always going to "is it worth it?". 

We've had outside analysts come in as white hats and do review of our network and tools.  They've all recommended against open source tools due to reliability and support concerns.  It seems their goal is to ensure that any tools we use come with fast and reliable support.  It costs money, but so does having unreliable tools fail right when you need them.

Personally, I've not had many open source tools fail.

Level 13

Thanks for the article.

MVP
MVP

Thanks for the article

Level 13

Totally agree. We use a lot of open source stuff where I work, but we also use a lot of enterprise stuff.  Frankly some of the open source is as good or better the the really expensive enterprise stuff.  YMMV for sure.  Do your research, test, and make the best decision based on that.

Level 9

open source does not mean that it does not have to be a tool with enterprise support

open source does not mean that it is a tool on which many individuals tinker

RedHat, Debian, SuSE, Icignia..... all manufacturers that use open source software and sell it with enterprise support

It is much more important if the software I use meets the requirements and I have the necessary know-how to manage this software myself

if not all requirements can be covered by software and i need to use several tools then that's not a question of whether it's open source or closed-source software

then, from an operational point of view, it is uneconomical

Last year, I replaced 3 monitoring solutions (2 open source, 1 closed source) for a customer with SolarWinds ... because it's more economical and more customer-friendly to consolidate everything in one product

If I can not maintain the know-how to ensure the operation of an infrastructure and I have to buy enterprise support to ensure the operation and in the event of a problem, it is also no question whether this is open or closed source software

the important thing is that for every application case, I am able to analyze the requirements and use the right software

Security becomes a major issue if I am unable to take account of the above

Level 12

I have not had very good experience with open sourced software. Sure you can modify it any way that you like but it can very time consuming also. Then in the end it is much like something that you could have just purchased and been done with it. 

MVP
MVP

Sound like the technical debt problem. Open-source can make for an agile and responsive infrastructure, provided you have engineers with the skills needed to deploy and maintain these solutions. Support can be tough, no doubt. But costs associated with service and support contracts for enterprise-grade solutions can be prohibitive. If you've got the right team, and have a security program in place to evaluate open-source software for security risks, go for it. And if you've got a defense-in-depth approach to isolating services from attack, you can mitigate most of the open-source concerns.

Level 10

I've moved away from open source software over the last several years, mostly professionally but also personally. Open source is great when you have the time, knowledge and desire to tune things. If you just want something to work it can be better with a traditional closed product.

Level 16

Some open source works quite well. Take Wireshark for example.

Level 10

First of all, no company can say that they do not use open source software at all. I would bet that some form of Apache, Tomcat, Linux, etc is in use somewhere. There can be a hidden danger in not recognizing this.

Second, selecting open source software to safe money is the wrong approach. Money will be spent either way. Off the shelf "closed source" software usually comes with some level of assurance that it will be supported and that documentation, training, etc is going to be available. With open source the software may be free, but one will usually need more and specialized staff to support and maybe even further develop it. An open source strategy should include this important factor.

So looking at the individual statements made, each of them can be argued for or against, depending on your point of view and your over all strategy:

Open-source software is cost-effective. - Only the software, but the total package including staff, support, training, documentation, etc will probably be on par with the TCO of commercial software.

Constant improvements are a hallmark of open-source software. - Only if the support community stays active and develops the improvements your company needs and wants.

Open-source software might not stick around. - OK, not necessarily limited to open source software. Remember Turbo Pascal, Word Perfect, OS2, VisiCalc, Lotus 1-2-3, etc?

Support isn’t always reliable. - Supporters of open source may argue that an active community of millions worldwide can provide better support than the limited resources of one company.

Security becomes a major issue. - The argument can be made that an open source can detect and resolve vulnerabilities much quicker than a commercial software provider. History has also shown that software companies are often slow to acknowledge or communicate vulnerabilities or fix them in a timely manner.

Therefore my verdict would be that a company should have an open source strategy in line with their company's strategic objectives. What works for one business may not work for another. The strategy should not be based on cost savings, but rather on expected benefits from using open source software - or not. It should include resources required for support, documentation, training, and software development. The companies that get the most out of open source software are those that also contribute to its development and become part of the community. Open source is based on the concept of sharing. Expecting to only take out and benefit without contributing conflicts with this concept and won't be successful in the long run. Companies who's strategy does not include a focus on software development are better off recognizing that commercial off the shelf software will probably fit more with their strategy.

There is open Source software available where a professional company is providing the support and “enterprise features”

PostgreSQL and EnterpriseDB would be an example.

maybe this will be a business model for open source that we see more often in the future.

MVP
MVP

The licensing can be tricky with so many different open source license models.  We use software called blackduck I think it's called to scan through source and look for any open source so it can be identified and the licensing can be sorted out.

MVP
MVP

One aspect of open source software is that it may fill a particular niche that COTS (commercial off the shelf) solution is not cost effective.

Thus it may be a viable part of the solution.

Level 11

Thanks smttysmth02gt​, I know it is a never ending topic, and I don't imagine that will change anytime soon.  I also agree, that you can't really be an all or nothing shop, generally speaking you will have some aspect of enterprise tooling in your datacenter. 

Level 11

I haven't had any fail either, however, I haven't had many CIOs wanting to dive in head first either. 

Level 11

Thanks for reading!

Level 11

Thank you!

Level 11

Good point, do your research before going with any tool, open source or enterprise.

Level 11

Thanks for commenting alang​, you make valid points here. 

Level 8

Very good summary of the risk/reward of using Open Source.  My experience has come down on the side of Open Source for labs and other very cost-constrained environments or to prove out the "need" for certain functionality not in production tools, but if it is production, there needs to be a Vendor on the hook for support.

Level 9

Good article...Always try the open source tool before using it.

Level 16

We have had great success with tools like OpenDCIM for data center rack and patch panel inventory, then there is always wireshark that works great.

Level 12

thanks for the article

Level 9

tsadler_1-1608160005218.png

I don't want to rub salt in anyone's wounds, but on top of being an extremely false and misleading article, given recent developments, this is also some real r/agedlikemilk material.

Level 7

Wow, um, you guys might want to reevaluate your security model, given that your closed-source software delivered the payload for a massive breach of several government systems.

Level 7

Tá serto.

Level 7

I have to say as a SolarWinds customer that uses both Proprietary and Open Source software, this article hasn't aged well as the biggest open vulnerability on our network ended up being SolarWinds.

Level 7

The only dirty fork I'm seeing here is this article. Why is gnu/linux the must secure OS? Why do companies depend on it? How can the NSA get away with paying tech companies to keep vulnerabilities open (https://en.wikipedia.org/wiki/NOBUS and Dual_EC_DRBG)? Why would you rather trust a company that cares more about your money rather than your well-being? Are you saying that for-profit companies never go out of business or never chose to just leave their customers behind (Nest Reminds Customers That Ownership Isn't What It Used to Be | Electronic Frontier Foundation) How do you feel when companies use new technology to restrict users rather than free them (Human Rights and TPMs: Lessons from 22 Years of the U.S. DMCA)?

Read more about "clean" software here: (https://wiki.snowdrift.coop/about/free-libre-open and https://wiki.snowdrift.coop/about/why-flo).

Do you care about your security and privacy? I'm just catching you up to speed on the times here: Sunburst.

I had to clean up this disgusting kitchen. GNU/Linux, wireshark, ssh, bash, gpg, bitcoin, open cryptographic standards beat all! And from of the looks of things, you're more secure if you never purchased Orion!

Level 7

How's this working out for you SolarWinds?  When it turns out the largest supply-chain attack was on closed-source code?

 

Time to open source your code!

Level 7

Now, after the recent epic fail (when Solarwinds couldn't or wouldn't monitor its own file servers), do you still insist that proprietary code doesn't share all the sins of open one?

Looks like you avoid commenting on this subject on the Net. I wonder why? All of a sudden your viewpoints changed?

It would be funny to see your admitting that the greatest bungle Solarwinds got recently was all about nice, flawless closed-source pieces of software.