The appeal of open source is clear to most companies: getting software that you can use for free should improve the bottom line. But while there are plenty of incredibly useful pieces of open source software out there, IT professionals can’t adopt them without some previous consideration.
There are four key questions that you should ask before choosing to make an open source software package integral to the way your company operates.
1. What License is the Software Available Under?
All open source licenses are not created equal. There are some licenses that are perfectly compatible with a for-profit enterprise, but there are others that can force you to open source any internal software that ‘touches’ the open source components you’re dealing with.
While it’s difficult to categorically state which open source licenses are good or bad for business, some are clearly easier to work with:
- The MIT License
- The BSD License (including the 3-clause and 2-clause variations)
- The Apache License
In particular, the Apache license is generally considered one of the best options for software licensing, from the point of view of a company using that software.
2. What Documentation and Support is Available for the Software?
Actually getting a new piece of software up and running for a single team can be a difficult prospect, but if you need to deploy it for an entire company, you’re likely to need help. Because many open source projects have plenty of people coding but far fewer writing documentation, you’ve got to be confident that you have access to enough information to handle at least basic problems. Otherwise, you may very well wind up writing all of the documentation for a given piece of software yourself.
Knowing where you can get more robust support is also important. Some active open source communities are good about providing support to users through online forums, others are less so. A lack of online support forums may not be insurmountable — there may be a company or individual who can provide paid support. But you need to be aware of your options before making your final decision on a given software package.
3. How Active is the Open Source Community Around the Software?
Open source projects are developed by communities, rather than individuals. It’s rare that a single individual can keep an open source project going without help, making an active community a good indicator that development will continue on a given piece of software in the long run.
If you’re considering adopting a piece of open source software that doesn’t have an active group of developers backing it, be wary: updates will be few and far between, if they happen at all. In order to keep your systems up to date, you might have to write new code for the software you use — and that’s not always the best use of your time.
4. How Secure is the Software You Want to Use?
No piece of software is going to be fully protected from every possible security breach, but good software is secured from the most likely attacks. With open source projects, however, there can be variety in how communities handle security issues. That includes both the initial security posture that developers in the community take when writing code and how it responds to incidents, like breaches.
Take a close look at how security is handled throughout the community of any open source software. Since you will likely be able to go through and look at email threads or forums shared by the developers behind a piece of open source software, search for mentions of security. Go back and look at how they responded to past issues, as well.
Answering these questions can require a fair amount of work, but this research makes up the necessary due diligence required to be sure that a piece of open source software will not only be useful but safe for your company to use.