Mitigating Risk with Open Source

Showing results for 
Search instead for 
Did you mean: 

Mitigating Risk with Open Source

0 0 1,456

Obsolete Pages{{Obsolete}}

The official documentation is at:

Back to Open Source Book

While Microsoft and others spent years attacking open source as a security risk, the reality is that open source tends to minimize security risk by making security flaws easier to find and fix, but also reduces risk in a variety of other ways.  Through transparency of code and no-cost evaluation, open source also makes purchasing decisions less risky.

Let's look at how this works.

Retailers have long sought ways to minimize returns by allowing prospective buyers to evaluate products before actually purchasing them.  H&M allows me to try on the jeans I'm considering buying.  My local Volkswagen dealer lets me take a car for a test drive.  In the digital world, Apple's iTunes service provides 30-second previews of songs.

But these efforts pale in comparison to open-source software, which allows prospective buyers to download the software, inspect it inside and out, and then use it for months, years, or forever without paying.  It is the ultimate try-before-you-buy scheme, and ensures that those who purchase subscription services around it know what they're getting themselves into before they write the check.

This is significant for two reasons.  First, most enterprise software is purchased on faith, meaning that a customer licenses software from companies like IBM and Oracle generally without actually running the software.  In the proprietary software world, a great deal of time and money is put into the sales process, all intended to convey to the prospective customer that a vendor's software will meet its requirements...without actually demonstrating that it can. 

Compounding this problem, and the second reason that open source is significant to changing the game in software sales, proprietary software restricts the prospective buyer from 'looking under the hood' of the software to determine code quality.  If the automobile industry operated like the software industry, you would buy your car with the hood welded shut: any time you needed something fixed you would have return to the vendor for repairs.

Open source changes the relationship between buyers and sellers, putting buyers in control of the purchasing process by giving them information about and access to the vendor's software.  This forces vendors to compete in terms of quality of service and innovation, not the ability to produce dazzling slideshows that convince prospective buyers to pay.

In sum, open source de-risks purchasing decisions by enabling the prospective buyer to operate the software in advance of buying services for it. 

This is a welcome change, especially given how often IT projects fail.  As The Standish Group detailed in a 2008 research report, the bigger the IT project, the more likely it is to fail:


Given what is at stake, it's no wonder that more CIOs are turning to open source as a way to minimize risk in their IT investments by allowing them to prequalify potential software licensing contracts.  The only losers in this power shift are those vendors who persist in denying customers access to their software in advance of a purchasing decision.
Open Source Book