Continuing the theme from the previous post, here are some non-price based reasons why a user might prefer open source:

Ability to audit quality and security

Earlier in my career I was a developer of a popular industrial automation software product. A customer, Royal Dutch Shell used the product to control refineries, chemical plants, and pipelines. As a custom negotiated term of purchase, they had the right to audit source code and development processes. They conducted periodic unannounced visits by auditors. Audits would involve examination of source code, QA, and release engineering records, along with interviews of personnel.

In certain high risk businesses, audits are viewed as critical. Why? Look at something like the BP Deepwater Horizon oil spill of 2010. As of 2013, settlements, and trust fund payments by BP had cost the company $42.2B.

In some industries, liability risks can be enormous. Even if a supplier, such as a software vendor, is guilty of irresponsible behavior, a higher entity with “deep pockets” will end up as the backstop for liability.

Sure, vendors routinely profess “commitments to quality”, but history is littered with examples of companies that cut corners where they think it won’t be seen. Open source turns on the lights, to reduce the places where cockroaches can breed undetected. Royal Dutch Shell’s behavior is an example of a consumer that elects to “trust but verify”. 1

Don’t assume that the billion dollar liability club is confined to oil companies. It is easy to imagine multi-billion dollar costs associated with software failures in financial or even media companies. Witness the yet to be determined costs associated with Sony data breach.

Open source has an inherent transparency that makes verification and audit easier. For some users, this attribute can be a stronger factor than price in choosing open source.

The Snowden classified document releases focused media attention on efforts by nation states to inject “back doors” into commercial software.2 Whether these back doors are common, or not, the fear alone has led to distrust of software supplied across political borders.

If EMC is ever to be successful at selling software based products in China, or Huawei in the United States, open source might be the only way it will ever happen. 3

  1. Yes, as in this example, if you are a big customer, you might be able to negotiate audit rights in proprietary software. Open source avoids this added friction in the acquisition process. Also, in theory, open source draws review from many eyes, not just your own. The OpenSSL track record points out that the number of users that actually invest in auditing open source projects is likely small. Open source gives you the right, and ability, to audit, but you should never assume that others are performing an audit on your behalf. 
  2. link: NSA back doors in routers
  3. For hardware based products this probably requires open source to go all the way down into firmware, held on verifiable SD memory cards – along with locally based assembly and component sourcing. 

Some of the reasons consumers choose open source software over commercial closed source alternatives:

  • Price
  • Ability to audit quality and security
  • Can customize
  • Anybody can fix bugs
  • Access to the source can help with troubleshooting and document proper usage
  • You do not risk getting stranded if the vendor loses interest in the product or encounters solvency issues

Price as the basis of choosing open source

Vendors of commercial software, facing an open source competitor, have been known to offer the adage: “It’s only free if your time is worth nothing”1 – implying that use of open source is tantamount to declaring yourself worthless.

Is open source really free? Usually no, but …

All software has some cost of operation:

  • Unless the software is a virus, you have to install it.
  • Often you have to configure it.
  • Unless the version you install never has a bug fix, and never has an enhancement, you will engage in some form of maintenance.

From the user perspective, the question to ask is not “Is it free?” but “How does the non-zero cost compare to the non-zero cost of alternatives?”

There are examples of open source software that are cheaper, or the same cost as commercial substitutes. But there are also open source specimens that have huge learning curves and operational costs.

As the 24×7 support person for my family at large, I can attest that the Firefox browser is as “free” as a commercial alternative such as Internet Explorer. My mom or my dad can install it, and use it, without help. But that doesn’t mean I’d extrapolate this result to something like a non-commercial distribution of OpenStack.

Open source software with low cost of ownership tends to have these characteristics:

  • It’s popular (large base of users)
  • It’s been out for a long time, and iteratively improved during its lifetime

Popularity usually results in vigorous community driven expenditure on features, including ease of use and documentation, leading to lower cost of ownership.

Even if an open source software offering is relatively expensive to deploy and operate, sometimes the proper response from a user should be “So what”.

Users are not alike – and I submit that there is a distribution continuum between these 2 extremes:

  1. Users are willing to spend any amount of money to save time and labor cost.
  2. Users who are will to spend any amount of labor and time to save licensing cost.

In other words, for some number of users, the response to “Is it free?” is “So what, I don’t care”.

  • If you have a high margin, business, with no desire to manage a larger IT staff. Acquisition price might be a minor consideration.
  • If you are an education institution, with a near zero budget, and lots of cheap labor (=students), free licensing might be your only viable solution.

The next post in this series will discuss some of the other reasons a consumer might prefer open source software…

  1. Many vendors engage in the “it’s only free if your time is worth nothing” counter to open source, but rather than going negative on a competitor, I’ll point to an example from my own employer: link. For some, this could be a valid argument, but for others no.