Black Duck's latest open source survey shows that a majority of companies are now using open source. So what's stopping the rest? Here's a look at the reasons why businesses might choose not to use open source, or avoid partnering with companies that do.
The fact that open source doesn't work for everyone -- or that some people think it won't work for them, so they don't even give it a try -- does not mean open source is inherently flawed. It's certainly a highly effective way to build and acquire software in many situations.
Still, to understand open source fully, it's worth taking a look at its drawbacks, both perceived and actual. They include...
Open Source Isn't Free
In the late 1990s and early 2000s, Microsoft spent a lot of money trying to discredit Linux and other open source software as having a higher total cost of ownership (TOC) than proprietary products like Windows. Most Linux fans dismissed such claims as baseless FUD, which they arguably were. At scale, it's usually a lot cheaper to use Linux to run servers than Windows. Linux is cost-effective.
But being cost-effective does not make open source software free, and organizations that look to open source as a zero-cost software solution will be sorely disappointed. As with any software, you need either in-house expertise to deploy open source, or to contract with an organization that can provide that expertise. Both approaches are going to cost money.
Not being totally free of cost is not actually a drawback for open source. But it's something that can sully open source's image for companies that think it's going to be free, and discover it's not.
There is no reason why open source software cannot meet compliance needs in the realms of licensing, data privacy and so on. Open source groups like the Linux Foundation offer resources to help in this area.
That said, the fact that open source software in its raw form usually comes with no warranty or other official guarantee can make it more difficult to use in a business environment where compliance is a must. Plus, things can get complicated when your software stack includes dozens or hundreds of different pieces of open source code, all licensed in varying ways.
The easy solution is to purchase open source software from a company that guarantees the whole product, like Red Hat or Suse. But that might undercut the attractiveness of open source in the first place for some organizations, especially ones that want it free. So there is always going to be a tradeoff in this respect.
When you purchase commercial software, it usually comes with a guarantee of official support from the developers for a fixed period of time. Open source software that you acquire for free often does not.
This is not universally true, of course. For example, Canonical guarantees support for LTS releases of Ubuntu for extended periods of time even though Ubuntu is free. Plus, it's not a completely sure thing that any support guarantees you get from commercial software will be honored. A company could always go out of business, just as an open source project could go defunct.
Still, fewer open source products come with support or other longevity guarantees, and it is easier for a user to imagine a volunteer open source project going belly-up than a commercial software company. This, too, is a downside for people considering open source.
Security is a touchy issue for open source fans. On the one hand, the Eric Raymond mantra (which he calls "Linus' Law," even though Raymond invented the term, not Linus Torvalds) that "given enough eyeballs, all bugs are shallow" suggests that open code should be more secure because a lot of people can review it, which makes it easier to find security flaws.
On the other hand, there is the argument that proprietary programs whose code is closed cannot be as easily inspected by malicious hackers who are looking for security holes to exploit. In other words, closed-source software has the advantage of security by obscurity.
Deciding which development model, open or closed, is best for security is an argument that will never be won. There have been some embarrassing security fiascos for the open source community, like Heartbleed. But there have been plenty of similar ones for Windows, iOS and innumerable other closed-source platforms. (Blaster, anyone?)
For people considering whether to use open source, however, the evidence here is not what matters. Instead, the simple fact that proprietary software companies can make certain arguments to claim their code is more secure can sway users away from open source, regardless of the actual reality.
Software-as-a-Service (SaaS) platforms, which let organizations use software without having to run it themselves, are not the opposite of open source. They're in a different category altogether. The benefits and drawbacks of an open source solution are different in the SaaS realm than they are when you're talking traditional, local computing.
Some Saas platforms are based on open code, but SaaS providers rarely provide their source code to customers. As a result, organizations that want the convenience of SaaS solutions are likely to opt for software that is not open source.
SaaS alternatives are probably the biggest reason why companies choose not to deploy open source software today. SaaS's popularity is likely only to rise as organizations shift more and more resources to the cloud.